Jekyll 1

.github/workflows/generator-generic-ossf-slsa3-publish.yml

@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you generate SLSA provenance file for your project.
+# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA generic generator
+on:
+  workflow_dispatch:
+  release:
+    types: [created]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      digests: ${{ steps.hash.outputs.digests }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      # ========================================================
+      #
+      # Step 1: Build your artifacts.
+      #
+      # ========================================================
+      - name: Build artifacts
+        run: |
+            # These are some amazing artifacts.
+            echo "artifact1" > artifact1
+            echo "artifact2" > artifact2
+
+      # ========================================================
+      #
+      # Step 2: Add a step to generate the provenance subjects
+      #         as shown below. Update the sha256 sum arguments
+      #         to include all binaries that you generate
+      #         provenance for.
+      #
+      # ========================================================
+      - name: Generate subject for provenance
+        id: hash
+        run: |
+          set -euo pipefail
+
+          # List the artifacts the provenance will refer to.
+          files=$(ls artifact*)
+          # Generate the subjects (base64 encoded).
+          echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
+
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read   # To read the workflow path.
+      id-token: write # To sign the provenance.
+      contents: write # To add assets to a release.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
+    with:
+      base64-subjects: "${{ needs.build.outputs.digests }}"
+      upload-assets: true # Optional: Upload to a new release

.github/workflows/jekyll-docker.yml

@@ -0,0 +1,20 @@
+name: Jekyll site CI
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build the site in the jekyll/builder container
+      run: |
+        docker run \
+        -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \
+        jekyll/builder:latest /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --future"

README.md

@@ -1,56 +1,150 @@
-# Web Browser Based File Encryption / Decryption
+<div align="center">
+  <img alt="logo_hack_tools" src="https://i.postimg.cc/GtLdZ2rZ/noun-Panama-hat-1454601.png" />
+  <h1>Welcome to HackTools 🛠</h1>
+  <p>
+    <img alt="Version" src="https://img.shields.io/badge/version-0.4.0-blue.svg?cacheSeconds=2592000&style=for-the-badge" />
+    <a href="https://addons.mozilla.org/en-US/firefox/addon/hacktools" target="_blank">
+      <img alt="mozilla" src="https://img.shields.io/badge/Firefox-FF7139?style=for-the-badge&logo=Firefox-Browser&logoColor=white" />
+    </a>
+    <a href="https://chrome.google.com/webstore/detail/hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi?hl=en" target="_blank">
+      <img alt="chrome-extension" src="https://img.shields.io/badge/Google%20Chrome-4285F4?style=for-the-badge&logo=GoogleChrome&logoColor=white" />
+    </a>
+    <a href="https://github.com/LasCC/Hack-Tools/issues/88" target="_blank">
+      <img alt="safari-extension" src="https://img.shields.io/badge/Safari-000000?style=for-the-badge&logo=Safari&logoColor=white" />
+    </a>
+    <img alt="Downloads" src="https://img.shields.io/github/downloads/LasCC/Hack-Tools/total.svg?style=for-the-badge" />
+    <a href="https://inventory.raw.pm/" target="_blank">
+      <img alt="RawSecInventory" src="https://inventory.raw.pm/img/badges/Rawsec-inventoried-FF5050_for-the-badge.svg" />
+    <a/>
+  </p>
+  <p align="center">
+    <a href="#the-all-in-one-red-team-browser-extension-for-web-pentesters"><b>Introduction</b></a>
+    &nbsp;&nbsp;&mdash;&nbsp;&nbsp;
+    <a href="#preview"><b>Preview</b></a>
+    &nbsp;&nbsp;&mdash;&nbsp;&nbsp;
+    <a href="#install-the-extension"><b>Install</b></a>
+    &nbsp;&nbsp;&mdash;&nbsp;&nbsp;
+    <a href="#build-from-source-code"><b>Build</b></a>
+    &nbsp;&nbsp;&mdash;&nbsp;&nbsp;
+    <a href="#show-your-support"><b>Support</b></a>
+  </p>
+</div>
+
+### The all-in-one Red Team browser extension for **Web Pentesters**
+
+HackTools, is a web extension facilitating your **web application penetration tests**, it includes **cheat sheets** as well as all the **tools** used during a test such as XSS payloads, Reverse shells and much more.
+
+With the extension you **no longer need to search for payloads in different websites** or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in **pop up mode** or in a whole tab in the **Devtools** part of the browser with F12.
+
+### Current functions
+
+- Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
+- Shell Spawning (TTY Shell Spawning)
+- MSF Venom Builder
+- XSS Payloads
+- Basic SQLi payloads
+- Local file inclusion payloads (LFI)
+- Data Encoding
+- Obfuscated Files or Information
+- Hash Generator (MD5, SHA1, SHA256, SHA512, SM3)
+- Useful Linux commands (Port Forwarding, SUID)
+- RSS Feed (Exploit DB, Cisco Security Advisories, CXSECURITY)
+- CVE Search Engine
+- Various method of data exfiltration and download from a remote machine
+
+## Preview
+
+<div align='center'>
+  <img alt="preview_1" src="./src/assets/img/preview.gif?raw=true" />
+</div>
+
+<div align='center'>
+  <img alt="preview_2" src="https://i.imgur.com/74AJxmX.png" />
+</div>
+
+<div align='center'>
+  <img alt="preview_3" src="https://i.imgur.com/syUdtLS.png" />
+</div>
+
+<div align='center'>
+  <img alt="preview_4" src="https://i.imgur.com/sGiP3CZ.png" />
+</div>
+
+<div align='center'>
+  <img alt="preview_5" src="https://i.imgur.com/63xoeVN.png" />
+</div>
+
+
+# Install the extension
+
+<h2> 
+  <img src="https://raw.githubusercontent.com/edent/SuperTinyIcons/master/images/svg/chromium.svg" alt="chromium_icon" title='Chromium' width="25" height="25" style="float:left;" />
+  Chromium based browser
+</h2>
 
-Use your web browser to encrypt and decrypt files.
+You can download the **latest build** [here.](https://github.com/LasCC/Hack-Tools/releases)
 
-## Usage
+Or, you can download the extension on the **chrome web store** [here.](https://chrome.google.com/webstore/detail/hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi)
 
-Download [web-browser-based-file-encryption-decryption.html](https://github.com/meixler/web-browser-based-file-encryption-decryption/blob/master/web-browser-based-file-encryption-decryption.html), then open the .html document in your web browser.  Or, simply point your web browser to the .html document hosted [here](https://www.meixler-tech.com/web-browser-based-file-encryption-decryption.html).
+Otherwise, you can build the project yourself from the source code
 
-Then, use the web page rendered in your browser to encrypt a file using a password.  Use the same password later to decrypt the file.  IMPORTANT: The same password that was used to encrypt the file must be used to decrypt the file later. If you loose or forget the password, it cannot be recovered!
+<h2> 
+  <img src="https://raw.githubusercontent.com/edent/SuperTinyIcons/master/images/svg/firefox.svg" alt="firefox_icon" title='Firefox' width="25" height="25" style="float:left;" /> 
+  Mozilla Firefox
+</h2>
 
-## Operation and privacy
+You can download **HackTools** on the Firefox browser add-ons [here.](https://addons.mozilla.org/en-US/firefox/addon/hacktools/)
 
-The page uses javascript running within your web browser to encrypt and decrypt files client-side, in-browser. The page makes no network connections during this process, to ensure that your files and password do not leave your web browser during the process. This can be independently verified by reviewing the source code for the page, or by monitoring your web browser's [networking activity](https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor) during operation of the page. The page can also be downloaded and run locally on your system offline. 
+<h2> 
+  <img src="https://raw.githubusercontent.com/edent/SuperTinyIcons/master/images/svg/safari.svg" alt="safari_icon" title='Safari' width="25" height="25" style="float:left;" /> 
+  Instructions to build for Safari
+</h2>
 
-## Cryptography
+Create a safari web extension project using the command below. *This is to be run once.*
 
-All client-side cryptography is implemented using the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API). Files are encrypted using AES-CBC 256-bit symmetric encryption. The encryption key is derived from the password and a random salt using PBKDF2 derivation with 10000 iterations of SHA256 hashing.
+```bash
+xcrun safari-web-extension-coverter [path_to_dist_folder]
+```
 
+Follow the instructions to create the project the default language should be Swift.
 
-## Compatibility with openssl
+- Build project.
+- Open Safari and enable unsigned extensions; Develop -> Allow Unsigned Extensions.
+- Open Safari -> Preferences -> Extensions and enable Hack-Tools
+- Click on the extension icon and switch to full screen mode.
 
-The encryption used by the page is compatible with [openssl](https://www.openssl.org/docs/man1.1.1/man1/openssl-enc.html).
+*Instructions provided by [jayluxferro](https://github.com/LasCC/Hack-Tools/issues/88)*
 
-Files encrypted using the page can be decrypted using openssl using the following command:
-
-    openssl aes-256-cbc -d -salt -pbkdf2 -iter 10000 -in encryptedfilename -out plaintextfilename
+### Build from source code
 
-Files encrypted using the following openssl command can be decrypted using the page:
+```bash
+git clone https://github.com/LasCC/Hack-Tools.git
+cd Hack-Tools
+npm install && npm run build
+```
 
-    openssl aes-256-cbc -e -salt -pbkdf2 -iter 10000 -in plaintextfilename -out encryptedfilename
+Once the build is done correctly, webpack will create a new folder called **dist**
 
-## Running the page offline
+After that you need to go to the **extension** tab on your chrome based navigator and turn on the **developer mode**
 
-The web page is self-contained. The page does not require any supporting files; all javascript and css for the page is contained in the source code of the page. 
-To run the page locally on your system offline, simply save the page to your system as a .html file, then open the file from your system in your web browser (optionally with networking disabled).
+<img alt="extension_tutorial" src="https://i.imgur.com/ZHwUTfk.png" />
 
-## Verifying the integrity of the page
+Then click on the **load unpacked** button in the top left corner
 
-The expected SHA256 checksum hash of the .html file containing the page is:
+<img alt="extension_tutorial" src="https://i.imgur.com/TLDjLyO.png" />
 
-    c7398059dffd25fa8a9d81c570250887fba61dc4eafcfca42f9081196389ed05
+Once you clicked on the button you just need to select the **dist folder** and that's it ! 🎉
 
-If loading the page from a web server, you can verify that the checksum hash of the .html file downloaded from the web server matches the expected checksum hash using the [Page Integrity browser extension](https://www.pageintegrity.net/).
-If running the page offline, it is recommended that you verify that the checksum hash of the .html file matches the expected checksum hash before opening the file in your web browser.
+<img alt="extension_tutorial" src="https://i.imgur.com/fH894v8.png" />
 
-## Contributing
+## Authors
 
-Pull requests are welcome.
+👤 <a href="http://github.com/LasCC" alt="Github_account_Ludovic_COULON">**Ludovic COULON**<a/> & <a href="http://github.com/rb-x" alt="Github_account_Riadh_BOUCHAHOUA">**Riadh BOUCHAHOUA**<a/>
 
-## License
+## Show your support
 
-This project is licensed under the [GPL-3.0](https://www.gnu.org/licenses/gpl-3.0.en.html) open source license.
+You can give a ⭐️ if this project helped you !
 
-## Contact
+Note that this project is maintained, developed and made available for **free**, you can offer us a coffee, it will be very **encouraging and greatly appreciated** 😊
 
-Please [contact MTI](https://www.meixler-tech.com/contact.php) for any questions or comments concerning this project.
+<a href="https://www.paypal.me/hacktoolsEXT" target="_blank"><img src="https://img.shields.io/badge/PayPal-00457C?style=for-the-badge&logo=paypal&logoColor=white" alt="Paypal" style="height: 30px !important;width: auto !important"></a>