141 matches found
Social Media Enumeration & Correlation Tool: Social Mapper
Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s...
Automating Penetration Testing Tasks: ODIN
ODIN Observe, Detect, and Investigate Networks is a Python tool for automating intelligence gathering, testing and reporting. ODIN is still in active development. ODIN is designed to be run on Linux. About 90% of it will absolutely work on Windows or MacOS with Python 3 and a copy of urlcrazy, bu...
Sublist3r v1.0 - Fast subdomains enumeration tool for penetration testers
Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask...
CMSsc4n - Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop
Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop. Use python cmssc4n.py -h / | / |/ | | || | | | | \ / | | || | | | | |/| |\ / |/ | | ' \ | || | | | \ \ | | | | | | || ||/|/| || || || Tool to scan if a domain is a CMS Wordpress , Drupal, Joomla,...
Exploit for CVE-2017-8570
Introduction By Temesgen Yibeltal [email protected] Bas...
Wreckuests - Tool to run DDoS atacks with HTTP-flood
Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It's written in pure Python and uses proxy-servers as "bots". OF COURSE, this script is not universal and you can't just drop Pentagon/NSA/whatever website with one mouse click. Each attack is unique, and for ea...
Fast Subdomains Enumeration Tool: Sublist3r
Fast Subdomains Enumeration Tool Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search...
SpeedPhishing Framework: SPF
This presentation will start by quickly exploring some of the common phishing attack tools and techniques. During the presentation, audience participation will be encouraged in the form of providing examples and personal experience in what phishing techniques people have used and what would be...
Cupp - Common User Passwords Profiler
The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the passwo...
Army Research Lab Releases Dshell Forensics Framework
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The...
Monitor Networks for Rogue DHCP servers – DHCPSnoop
Monitor Networks for Rogue DHCP servers DHCPSnoop will listen on a network interface for DHCP replies from it’s own DHCP requests and any other requests it can see during the runtime. It will then verify the DHCP response parameters that are returned against the settings in it’s configuration fil...
Exploit for Improper Access Control in Elasticsearch
ElasticSearch search Remote Code Execution CVE-2014-3120 =====...
Tilt - Terminal Ip Lookup Tool
Tilt: Terminal ip lookup tool, is an easy and simple open source tool implemented in Python for ip/host passive reconnaissance. It's very handy for first reconnaissance approach and for host data retrieval. Features Host to IP conversion IP to Host conversion DNS to IPs GeoIP Translation Extensiv...
[Peepdf] PDF Analysis and Creation/Modification Tool
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...
[wig] WebApp Information Gatherer (Identify CMS)
wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of whi...
[SECURITY] Fedora 18 Update: fedora-business-cards-1-0.1.beta1.fc18
fedora-business-cards is a tool written in Python to generate business cards for Fedora Project contributors...
[Pyew v2.2] A Python tool for static malware analysis
Pyew is a command line python tool to analyse malware. It does have support for hexadecimal viewing, disassembly Intel 16, 32 and 64 bits, PE and ELF file formats it performs code analysis and let you write scripts using an API to perform many types of analysis, follows direct call/jmp instructio...
Damn Small SQLi Scanner (DSSS) v0.1b - 100 Lines Python Code
Damn Small SQLi Scanner DSSS v0.1b - 100 Lines Python Code SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application like queries. The vulnerability is present when user input is either incorrectly filtered for string...
CVE-2008-4108
Tools/faqwiz/move-faqwiz.sh aka the generic FAQ wizard moving tool in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directo...
DD-WRT - Site Survey SSID Script Injection
DD-WRT - Site Survey SSID Script Injection source: https://www.securityfocus.com/bid/30573/info DD-WRT is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied data to the 'Site Survey' section of the administrative web interface. Attackers can exploit th...