SpiderLabs

Repositories

• ModSecurity

  ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…

  nginx apache waf apache2 modsecurity
  C++ Apache-2.0 1,011 3,706 172 25 Updated Jul 24, 2020

• ModSecurity-nginx

  ModSecurity v3 Nginx Connector

  nginx waf modsecurity modsecurity-nginx nginx-connector libmodsecurity
  Perl Apache-2.0 156 672 15 3 Updated Jul 24, 2020

• cve_server

  Simple REST-style web service for the CVE searching

  ruby api database api-server api-rest cve cpe
  Ruby Apache-2.0 35 76 6 6 Updated Jul 2, 2020

• microphisher Archived

  µphisher spear phishing tool (reference implementation)
  Ruby GPL-3.0 17 32 0 0 Updated Jun 26, 2020

• owasp-modsecurity-crs Archived

  OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
  Perl Apache-2.0 651 2,168 39 (2 issues need help) 10 Updated Jun 16, 2020

• Responder

  Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
  Python GPL-3.0 1,115 3,250 34 11 Updated Jun 15, 2020

• OWASP-CRS-Documentation

  Documentation for the OWASP CRS project
  Python Apache-2.0 19 39 2 5 Updated May 22, 2020

• IOCs-IDPS

  This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)
  17 50 0 0 Updated Apr 30, 2020

• ModSecurity-apache

  ModSecurity v3 Apache Connector

  apache waf apache2 modsecurity libmodsecurity
  Perl Apache-2.0 38 57 14 2 Updated Apr 22, 2020

• Misc

  A repository for miscellaneous files shared by SpiderLabs
  2 1 0 0 Updated Jan 20, 2020

• HostHunter

  HostHunter a recon tool for discovering hostnames using OSINT techniques.

  open-source osint tool hacking python3 penetration-testing ip
  Python MIT 76 312 0 1 Updated Jan 13, 2020

• SCShell

  Forked from Mr-Un1k0d3r/SCShell

  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  Python 113 94 0 0 Updated Nov 20, 2019

• secrules-language-tests

  Set of test cases that can be used to test custom implementations of the SecRules language (ModSecurity rules format).
  Perl 11 10 1 0 Updated Oct 24, 2019

• jboss-autopwn

  A JBoss script for obtaining remote shell access
  Shell GPL-3.0 63 165 0 1 Updated Sep 23, 2019

• ikeforce
  Python 54 190 7 3 Updated Sep 18, 2019

• net-tns

  Net::TNS, a Ruby library for connecting to Oracle databases.
  Ruby Apache-2.0 18 30 3 0 Updated May 7, 2019

• Nmap-Tools

  SpiderLabs shared Nmap Tools
  Lua 85 214 1 4 Updated Mar 17, 2019

• advisories-poc
  C 11 14 1 0 Updated Mar 5, 2019

• modsec-sdbm-util

  Utility to manipulate SDBM files used by ModSecurity. With that utility it is possible to _shrink_ SDBM databases. It is also possible to list the SDBM contents with filters such as: expired or invalid items only.
  C Apache-2.0 16 18 1 0 Updated Feb 28, 2019

• scavenger

  scavenger : is a multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as "interesting" files containing sensitive information.
  Python GPL-3.0 41 181 3 0 Updated Dec 6, 2018

• MCIR

  The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.
  PHP GPL-3.0 147 398 0 1 Updated Nov 29, 2018

• deblaze

  Performs method enumeration and interrogation against flash remoting end points.
  Python GPL-3.0 19 33 0 4 Updated Nov 20, 2018

• DoHC2

  DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH).
  C# 82 353 2 (1 issue needs help) 0 Updated Nov 12, 2018

• SharpCompile

  SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…
  C# 57 248 0 0 Updated Nov 10, 2018

• Airachnid-Burp-Extension

  A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
  Java GPL-3.0 35 109 0 1 Updated Nov 1, 2018

• ModSecurity-Python-bindings

  Python bindings for libModSecurity (aka ModSecurity v3)
  Python 12 19 3 1 Updated Sep 18, 2018

• Firework

  Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.
  Python 9 45 0 0 Updated Aug 30, 2018

• OWASP-CRS-regressions

  Regression tests for OWASP CRS v3
  Python Apache-2.0 11 16 7 1 Updated Jun 14, 2018

• Scripts

  Various Scripts
  0 0 0 0 Updated May 17, 2018

• ModSecurity-log-utilities

  Set of CLI tools to transform ModSecurity logs into a meaningful information, given a context.
  Python Apache-2.0 13 29 1 0 Updated May 3, 2018