Eyad Kelleh (@KellehEyad)
Claude용 보안 테스트 툴킷을 소개하는 트윗입니다. SecLists 워드리스트, 인젝션 페이로드, 퍼징 패턴, 전문가 에이전트 등을 묶어 Claude Skills로 제공하며, 권한 있는 펜테스팅, CTF, 버그바운티에 바로 쓸 수 있고 슬래시 커맨드 지원까지 언급합니다.
@donvito Check out this awesome security testing toolkit for Claude! 🚀 It packs curated SecLists wordlists, injection payloads, fuzzing patterns, and expert agents into easy-to-use Claude Skills. Perfect for authorized pentesting, CTFs, and bug bounties—with slash commands like
Honestly, 50 tools should be more than enough.
Who really tests all 600+ tools in Kali or the 2,500+ in BlackArch?
I tried... but some BlackArch tools didn’t even run properly...
In BashCore and BashCoreX, every app works.
No duplicates. No junk. Just tools that actually run.
Yes, the ISOs are ~7GB,
but we’ve got Metasploit, Searchsploit, and especially SecLists (which weighs a ton) 🤷🏻♂️
#BashCore #BashCoreX #Debian #Pentesting #NoBloat #BlackArch #KaliLinux #SecLists #Metasploit
Anyone know if there is a version of the "rockyou" password list where each entry is already hashed with sha256? I'm attacking a toy hashing scheme for a #ctf and it would be useful to have it precomputed.
I'm running a script to compute it now but it would be nice if I could use someone else's hard work
sayzard
nickbearded
Sistema Antibullying
Flounder
postmodernUser-Agent wordlists from SecLists that are grouped by OS/platform? Some of these files only contain a single User-Agent (lol) because apparently LG adds a random string to their UAs. /cc @danielmiessler https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/User-Agents/operating-platform/The leaked files from the disclosure https://seclists.org/fulldisclosure/2024/Jun/7 have since been removed from https://developercommunity.visualstudio.com/t/Incorrect-code-generation-on-warbirded-b/10680249. Someone on Reddit (https://www.reddit.com/user/TapAppropriate1458/) posted a direct link to a download from azurewebsites.net that's been taken down now too. The #InternetArchive has the files still at:
https://web.archive.org/web/20240624211440/https://sendvsfeedback2-download.azurewebsites.net/api/fileBlob/file?name=B0cde770200a945109437927ba3fe4d67638537352993712632_ICE_REPRO.zip&tid=0cde770200a945109437927ba3fe4d67638537352993712632
Unfortunately I cannot verify whether those files/the link was the original file or a re-upload. But at least all files within `ICE REPRO.zip/Linker/linkrepro.zip' match the size (in bytes) of the originals as given in the listing on seclists.
The file download from there has the sha256 hash:
d4c1a74f81e5259596466027ebac9f7eb026931c7cef02e5c37d884bbbb7f96f ICE_REPRO.zip
---
In addition, the disclosure notes that the MS symbol server does (STILL ONLINE!) leak the PDB of warbird.dll if requested. A backup has been re-upped here: https://files.catbox.moe/8iz2qk.pdb
Again, the sha256 hash. This has been matched against the original served by the MS symbol server:
2e8b5e0c17b4a4693ed494444f347f22a2eed15bcade18a5ac25d370011f8aa5 warbird.dll.pdb
---
I provide those hashes just for people to be on the safe side while analyzing the files. Keep in mind that accessing those files may be illegal.
#MSRP #leak #SecLists #Microsoft #WarBird #PlayReady #DRM #PDB #Widevine #PlayFair #Piracy
Defense in depth -- the #Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers https://seclists.org/fulldisclosure/2024/Apr/28
@lattera
#SecLists has a secret-keywords wordlist.
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Variables/secret-keywords.txt
Are you allowed to be proud when your work is included in SecLists? 🥲
#SecLists #pentesting #RedTeam #BugBounty #wordlist #DNS #subdomains #hacking #recon
lj·rk
Sam' 🐧
jfk
n0kovo 🇩🇰
0xD 
