A systematic prompt injection pentesting tool capable of prompt leaking, SQLi, RCE, and more.

CI-Friendly static linter with SAST, semantic analysis for GitHub Actions written in Go

"Babbly" is a penetration testing support tool featuring Artificial Incompetence. Instead of relying on AI, it achieves intuitive dialogue-based operation through natural language processing and voice recognition. Supporting eyes-free and hands-free operation, security tests can be efficiently performed alongside other tasks since they can be executed through voice commands alone without checking the screen. With its human-like conversational interface, it's easy for beginners to use and offers high flexibility. In an era dominated by AI, Babbly deliberately adopts Artificial Incompetence to propose a new approach that balances approachability with practicality.

When it comes to quickly analyzing log data in restricted environments (secure or isolated environments), or when there aren't enough resources or time to set up platforms like Elasticsearch/Kibana or Splunk, command-line tools can do a lot. However, I wanted a tool that allows even non-experts to analyze logs quickly and easily. This tool (concept) is a log analysis viewer application that requires no installation and is easy to use in a browser. Users can load log files on the spot and search, filter, and visualize log data in real time. It requires no complex setup and operates within restricted environments, making it suitable for use in secure settings. As it's immediately usable even in resource-limited environments, users without technical knowledge can intuitively perform log analysis.

In the field of cybersecurity, the quick detection and response to phishing attacks is a critical challenge. This tool is a browser extension developed to support phishing hunters. It automatically detects potential threats by comparing accessed websites with a pre-prepared list of Indicators of Compromise (IoC) and detection rules. This allows users to quickly identify if a site was created using a reported phishing kit or determine if it was developed by a specific threat actor.The main features include support for IoCs in IoK, Yara, and Sigma formats, and the ability to match specific keywords and favicon hashes. If there's a match with an IoC, a notification is shown in the browser, and a detection log is automatically generated. Additionally, it supports automatic screenshot capture of the accessed site, improving the accuracy of phishing site detection and enabling rapid response. Through this tool, we aim to provide a convenient tool that helps streamline phishing hunting activities.

"The Reverse RDAP Tool (for IP)" is a tool designed to store and enable reverse lookup of RDAP (Registration Data Access Protocol) information, which contains registration data for internet resources like IP addresses and domains. This tool specializes in IP addresses, allowing users to quickly identify which organization is utilizing a specific network range.

In RAG (Retrieval-Augmented Generation) systems that utilize LLMs, there is an increased risk of prompt injection due to incorporating user inputs from external information sources into system prompts. One countermeasure against such prompt injection is strengthening the robustness of system prompts. Existing tools allow for automated testing of prompt injections to evaluate safety; however, there is a lack of methods to assess whether robust measures have been properly implemented in system prompts and to suggest improvements for those prompts. Prompt Hardener is a tool that evaluates whether measures like tagging user input and securely wrapping system instructions are correctly implemented in system prompts for RAG systems, using LLM-based evaluation. Additionally, this tool provides suggestions for improving system prompts based on these robustness measures, helping RAG system developers to build safer and more robust prompts.

ZANSIN is envisioned as a GROUNDBREAKING cybersecurity training tool designed to equip users against the ever-escalating complexity of cyber threats. It achieves this by providing learners with a platform to engage in simulated cyberattack scenarios, supervised and designed by experienced pentesters. This comprehensive approach allows learners to actively apply security measures, perform system modifications, and handle incident responses to counteract the attacks. Engaging in this hands-on practice within realistic environments enhances their server security skills and provides practical experience in identifying and mitigating cybersecurity risks. ZANSIN's flexible design accommodates diverse skill levels and learning styles, making it a comprehensive and evolving platform for cybersecurity education.

Sasanka is a security-enhancing plugin for the widely-used OSS API gateway, Kong API Gateway, as open-source software under the Apache 2.0 license. Developed in Lua, this plugin inspects request content during communication relay and can block attack requests, log events, and more based on its functions. Some functionalities were developed using the OWASP API Security Top 10 2019 as benchmarks.

We already have great encryption technology but everyone is worried about messaging apps that store message contents and share the data with law enforcement. I want to create a way to make any unsecure messaging app secure using privately managed keys and OCR.

This tool leverages chat platforms like Mattermost. Users can converse with (or give instructions to) a bot to conduct reconnaissance activities for penetration testing, vulnerability assessments, and authentication attempts. For instance, if one wishes to scan a target, they can instruct by saying, 'Scan [IP address].' Upon receiving this command, BOCCHI will execute an nmap scan and then import the results into Faraday.
Actual operations are conducted through interactions with the bot (BOCCHI) on the chat platform, making it user-friendly for those who may not be comfortable with keyboard commands or command-line inputs. Moreover, with the current generation predominantly using flick input on smartphones, installing Mattermost on a smartphone allows for operations via flick input.
Using Mattermost facilitates effective communication with BOCCHI amidst conversations with other team members. This bridges the gap between those proficient in command operations and those who aren't, enhancing team collaboration.
BOCCHI stands out as a novel form of penetration testing tool.

PromptMap is a Prompt Injection attacks testing tool.
This tool performs fully automated Prompt Injection attack tests against them to assess the robustness of generative AI and generative AI-integrated apps. This tool is intended to be used by developers for security testing.

PromptMap supports the following attack tests.

* Direct Prompt Injection/Jailbreak
PromptMap injects malicious prompts into a generative AI and evaluates whether the generative AI generates malicious contents or leaks generative AI's training data.

* Prompt Leaking
PromptMap injects malicious prompts into generative AI-integrated applications and evaluates whether the generative AI-integrated applications leak the prompt templates implemented by the apps.

* P2SQL Injection
PromptMap injects malicious prompts into generative AI-integrated applications and evaluates to steal, modify, or delete information from the database connected to the generative AI-integrated applications.

Prompt Injection attacks have different principles from those used in existing attack methods, and it is difficult to evaluate their robustness using existing security testing methods.

Therefore, PromptMap supports a wide variety of Prompt Injection attacks and enables fully automated execution, contributing to security testing for developers of generative AI and generative AI-integrated applications.

This tool automatically analyzes the external public assets of companies that have been listed on ransomware leak sites to determine what assets are present and whether there are assets that are particularly vulnerable to attack.

When conducting penetration testing, the OS called Kali Linux is often used. This OS contains a plethora of useful tools, and penetration testers utilize these tools extensively during their tests. However, for beginners in penetration testing, those who are not adept at computer operations, or those who are interested but find it challenging to handle the tools, this can pose a significant barrier.
To address these challenges and make penetration testing more accessible, allowing users to understand the flow and facilitate smoother onboarding and training, we created KaliPAKU. This tool is equipped with a mechanism called the 'Tenkey Numbering System,' which allows users to operate commonly used tools in Kali Linux, such as 'Kali-tools-top10,' using just numeric combinations. As a result, users can perform basic operations through numeric input from the tenkey without having to become proficient in handling the tools. Furthermore, since it operates via tenkey input, even those who find keyboard operations challenging due to injuries or disabilities, as well as older individuals unfamiliar with computers or even children, can conduct penetration tests and learn the process.

By introducing this tool, it's possible to train individuals to conduct basic penetration tests in an extremely short period.

With the recent advancements in communication technology, the encryption of communication content has become commonplace. As a result, it's becoming more challenging for ISPs and research institutions to detect malicious traffic.
This tool proposes a new approach, applying the information obtained from the advertising industry's ad networks and analysis techniques to network security.
Based on the advertising data, which analyzes user behavior and interests in detail, we predict the usual network usage patterns of users and detect abnormal access and malicious traffic in real-time.

A C2 framework with the following features:
The client operates based on Python, allowing it to evade detection by antivirus and EDR solutions.
While Windows does not come with Python installed by default, the client has a feature for silent installation of Python.
The C2 server is set up on Google Colab, ensuring a high reputation for the communication endpoint, making it less likely to be detected by network security products. Additionally, the communication endpoint URL changes frequently, providing strong resistance to blacklisting.

This tool utilizes Dynamic Binary Instrumentation (DBI) to capture events that occur during the execution of a binary, and presents them as a timeline.

A benchmarker for hardening competition.

Discussion of what is needed and feasible to prevent people playing online games from being involved in cyber-attacks.

Even with the implementation of EDR (Endpoint Detection and Response) solutions like CrowdStrike, there are methods of attack that remain undetected, leading to a grand misconception among corporate security personnel. They assume that by deploying asset management software (such as LanScopeCAT or Skysea), endpoint security is sufficiently covered. This often results in a complacent attitude towards security measures, with the mistaken belief that 'it's being handled, it's done.'

When it comes to cyber-attack incidents, it's important to understand why asset management software fails to capture comprehensive logs and why it doesn't detect certain activities. In contrast, we need to evaluate how effectively EDR solutions can log activities and trigger alerts. Even the most reliable EDRs that can detect significant security risks might not alert on certain tactics. In such cases, it becomes necessary to analyze logs from on-premises Active Directory or to use IDR (Intrusion Detection and Response) products.

Moreover, even with EDR and IDR solutions in place, there is a reality that files transmitted externally cannot be specifically identified, and when it comes to explaining to external stakeholders what the leaked information was, these systems do not provide conclusive evidence.

This situation, which can be observed across various tactics, tools, and environments, will be exemplified using detections by M365 Defender. The first step is to explain in detail how asset management software fails to capture sufficient logs for security incident assessment. This will help structure an understanding that current endpoint security measures are not as robust as presumed. The limitations of detection with EDR will also be addressed.