98 matches found
JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens
jwttool.py is a toolkit for validating, forging and cracking JWTs JSON Web Tokens. Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/k...
TLS-Scanner - The TLS-Scanner Module From TLS-Attacker
TLS-Scanner is a tool created by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations. Please note: TLS-Scanner is a research tool intended for TLS developers, pentesters, administrator...
Pure Blood - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter
A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter Menu Web Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Pa...
LeakScraper - An Efficient Set Of Tools To Process And Visualize Huge Text Files Containing Credentials
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. These tools are designed to help pentesters/redteamers doing OSINT, credentials gathering and credentials stuffing attacks. Installation First things first : have a workingmongodb server. The...
Search and Dump System Configuration: otseca
The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...
Penetration Testers Framework: PTF
The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all o...
Mimic - A Tool For Covert Execution In Linux
mimic is a tool for covert execution on Linux x8664. What is "covert execution"? Covert execution is the art of hiding a process. In this case, mimic hides the process in plain sight. mimic can launch any program and make it look like any other program. Any user can use it. It does not require...
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Allok soft WMV to AVI MPEG DVD WMV Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Talented Pentesters Hut Vulnerable Software: Allok WMV to...
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow Exploit
Exploit for windows platform in category local exploits SWAMI KARUPASAMI THUNAI Exploit Title: Allok soft WMV to AVI MPEG DVD WMV Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions...
Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy
Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...
Archery - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...
M3UAScan - A Scanner for M3UA protocol to detect Sigtran supporting nodes
A Scanner for M3UA protocol to detect Sigtran supporting nodes M3UA stands for MTP Level 3 MTP3 User Adaptation Layer as defined by the IETF SIGTRAN working group in RFC 4666 .M3UA enables the SS7 protocol's User Parts e.g. ISUP, SCCP and TUP to run over IP instead of telephony equipment like ISD...
raven - Linkedin Information Gathering Tool
raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Please do not use this program to do stupid things. The author does not keep any responsability of what damage has been done by this program...
Linkedin Information Gathering Tool: raven
raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Usage of this is application is pretty simple. It requires at least three parameters. The first one is the company name , the second one is the count...
AntiVirus Evasion Tool: AVET
AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. What & Why: when running an exe file made with msfpayload & co, the exe file will often be recognized by the antivirus software avet is a antivirus...
Test your barcode scanners: MalQR
Test your barcode scanners MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse...
DIY Web Proxy: proxenet
proxenet is a multi-threaded proxy which allows you to manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy . proxenet supports heaps of languages and more can be added easily. proxenet is a C-based...
Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites
Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...
Nosql Exploitation Framework
The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...
Parrot Security OS - Friendly OS designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...