6011 matches found
Munin - Online Hash Checker For Virustotal And Other Services
Munin is a online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based on the script "VT-Checker", which has been maintained in the LOKI repository...
JNDI-Injection-Exploit - A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability
JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server. Using this tool allows you get JNDI links, you ca...
HandleKatz - PIC Lsass Dumper Using Cloned Handles
This tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of cloned handles to Lsass in order to create an obfuscated memory dump of the same. It compiles down to an executable living fully in its text segment. Thus, the extracted .text segment of the PE file ...
DirDar - A Tool That Searches For (403-Forbidden) Directories To Break It And Get Dir Listing On It
bypass forbidden directories - find and identify dir listing - you can use it as directory brute-forcer as well Compatabily This tool is compatible with all kind of operating systems as long as you have GO compiler installed Install You can use this command if you have Go installed and configured...
Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach
Pwned is a simple command-line python script to check if you have a password that has been compromised in a data breach. This script uses haveibeenpwned API to check whether your passwords were leaked during one of the many breaches of online services. This API uses k-Anonymity model that allows ...
FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation
Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverage...
Conpot - An Open Industrial Control Honeypot
Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems Documentation The build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ...
Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease
An incredibly fast proxy checker & IP rotator with ease. Features Proxy IP rotator : Rotates your IP address for every specific request. Proxy checker : Check your proxy IP which is still alive. All HTTP/S methods are supported. HTTP & SOCKSv5 proxy protocols apply. All parameters & URIs are...
Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers
BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post...
HackPorts - Mac OS X Penetration Testing Framework and Tools
HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without...
WDExtract - Extract Windows Defender Database From Vdm Files And Unpack It
ExtractWindows Defender database from vdm files and unpack it This program distributed as-is, without any warranty; No official support, if you like this tool, feel free to contribute. Features Unpack VDM containers of Windows Defender/Microsoft Security Essentials; Decrypt VDM container embedded...
Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
Imago is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you will be able to compare them easily. Imago allows to extract...
Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...
Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
Reptile - LKM Linux Rootkit
Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the demonstration codes. Features Give root to unprivileged users Hide files and directories Hide files contents Hide processes Hide himself Boot persistence Heaven's door - A ICMP/UDP port-knockin...
EMAGNET - Tool For Find Leaked Databases With 97.1% Accurate To Grab Mail + Password Together From Pastebin Leaks
Emagnet is a very powerful tool for it's purpose wich is to capture email addresses and passwords from leaked databases uploaded on pastebin. It's almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin's techs or the uploads...
Radare2 - UNIX-like Reverse Engineering Framework And Command-Line Toolset
r2 is a rewrite from scratch of radare. It provies a set of libraries, tools and plugins to ease reverse engineering tasks. The radare project started as a simple command-line hexadecimal editor focused on forensics, over time more features were added to support a scriptable command-line low leve...
Beebug - A Tool For Checking Exploitability
beebug is a tool that can be used to verify if a program crash could be exploitable. This tool was presented the first time at r2con 2018 in Barcelona. Some implemented functionality are: Stack overflow on libc Crash on Program Counter Crash on branch Crash on write memory Heap vulnerabilities Re...
Thief Raccoon - Login Phishing Tool
Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...
Kerbrute - A Tool To Perform Kerberos Pre-Auth Bruteforcing
A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication Grab the latest binaries from the releases page to get started. Background This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal...
PasteHunter - Scanning Pastebin With Yara Rules
PasteHunter is a python3 application that is designed to query a collection of sites that host publicly pasted data. For all the pasts it finds it scans the raw contents against a series of Yara rules looking for information that can be used by an organisation or a researcher. For setup...
XSSCon - Simple XSS Scanner Tool
Powerfull Simple XSS Scanner made with python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/menkrep1337/XSSCon cd XSSCon python3 xsscon.py --help Usage Basic usage: python3 xsscon.py -u...
PowerShdll - Run PowerShell with rundll32 (Bypass software restrictions)
Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. dll mode: Usage: rundll32 PowerShdll,main rundll32 PowerShdll,main -f Run the script passed as argument rundll32 PowerShdll,main -w Start an interactive console in a new window rundll32...
PAnalizer - Pornography Analizer And Face Searching
PAnalizer is a forensic tool, you can search pornographic images in a specific directory, this is util in Pedestrian Detection. Also, you can search a specific person in the image set, is necessary give to the application a few pictures of the person of interest. Download PAnalizer...
Hash-Identifier - Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords
Software to identify the different types of hashes used to encrypt data and especially passwords. Encryption formats supported: ADLER-32 CRC-32 CRC-32B CRC-16 CRC-16-CCITT DESUnix FCS-16 GHash-32-3 GHash-32-5 GOST R 34.11-94 Haval-160 Haval-192 110080 ,Haval-224 114080 ,Haval-256 Lineage II C4...
Lazybee - Wordlist Generator Tool for Termux
Lazybee tool is a python based script from which you can generate random wordlist for brutefocre attacks. This tool has a unique features like wordlist generating time calculation and direct .txt saving in current directory. This tool works on both rooted Android device and Non-rooted Android...
Metabigor - Command Line Search Engines Without Any API Key
Command line Search Engine without any API key. What is Metabigor? Metabigor allows you do query from command line to awesome Search Engines like Shodan, Censys, Fofa, etc without any API key. But Why Metabigor? Don't use your API key so you don't have to worry about litmit of API quotation. Do...
Malice - VirusTotal Wanna Be (Now With 100% More Hipster)
Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. Try It Out DEMO: demo.malice.io username : malice password : ecilam Requirements Hardware 16GB disk space 4GB RAM Software Docker Getting...
Shellver - Reverse Shell Cheat Sheet Tool
Reverse Shell Cheat Sheet Tool Install Note Clone the repository: git clone https://github.com/0xR0/shellver.git Then go inside: cd shellver/ Then install it: python setup.py -i run shellver -h or "shellver bash or perl python php ruby netcat xterm shell all".format or Example shellver python...
Python-Rootkit - Python Remote Administration Tool (RAT) To Gain Meterpreter Session
This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse httpsMetasploit connection to your listening machine. ViRu5 life cycle Bypass all anti-virus. Inject a malicious powershell script into memory...
Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or...
Getwin - FUD Win32 Payload Generator And Listener
FUD Win32 payload generator and listener Legal disclaimer: Usage of GetWin for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse ...
ReconT - Reconnaisance / Footprinting / Information Disclosure
Recon-Tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from. Features Information Security Headers WAF Detector Banner Grabbing Phone Number Credit Card Number Email US Social Security Number Url Crawl Dom Paramter Url Internal Dynamic...
NoSQLMap v0.6 - Automated NoSQL Database Pwnage
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...
Lazy-RDP - Script For AutomRDPatic Scanning And Brute-Force
Script For AutomRDPatic Scanning And Brute-Force. Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. The script is tuned for Kali linux 2.0, Kali linux 2016...
Orbit v2.0 - Blockchain Transactions Investigation Tool
Introduction Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections. Note: Orbit only runs on Python 3.2 and above. Usage Let's start by crawling...
aSYNcrone - A SYN Flood DDoS Tool
aSYNcrone is a C language based, mulltifunction SYN Flood DDoS Weapon. Disable the destination system by sending a SYN packet intensively to the destination. aSYNcrone's POWER!!! USAGE git clone https://github.com/fatih4842/aSYNcrone.git cd aSYNcrone gcc aSYNcrone.c -o aSYNcrone -lpthread...
XSStrike v3.1.4 - Most Advanced XSS Detection Suite
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...
BlackArch Linux v2014.10.07 - Lightweight expansion to Arch Linux for pentesters and security researchers
BlackArch Linux ISOs including more than 1000 tools and lot's of improvements. Also, armv6h and armv7h repositories are filled with more than 1050 tools. A short ChangeLog: - tool fix: beef - fixed pam issues - added services and login.defs file - removed kde/openbox and i3-debug menu items...
Dsiem - Security Event Correlation Engine For ELK Stack
Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...
Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)
Heartbleed Vulnerability Scanner is a multiprotocol HTTP, IMAP, SMTP, POP CVE-2014-0160 scanning and automatic exploitation tool written with python. For scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system...
WinFiHack - A Windows Wifi Brute Forcing Utility Which Is An Extremely Old Method But Still Works Without The Requirement Of External Dependencies
WinFiHack is a recreational attempt by me to rewrite my previous project Brute-Hacking-Framework's main wifi hacking script that uses netsh and native Windows scripts to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external...
Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)
An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detectio...
Facebash - Facebook Brute Forcer In Shellscript Using TOR
Facebook Brute Forcer in shellscript using TOR IG: @thelinuxchoice Legal disclaimer: Usage of Facebash for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not...
fuxploider - File Upload Vulnerability Scanner And Exploitation Tool
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file o...
pyGPOAbuse - Partial Python Implementation Of SharpGPOAbuse
Python partial implementation of SharpGPOAbuse by@pkb1s This tool can be used when a controlled account can modify an existing GPO that applies to one or more users & computers. It will create an immediate scheduled task as SYSTEM on the remote computer for computer GPO, or as logged in user for...
GraphQLmap - A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. Install $ git clone https://github.com/swisskyrepo/GraphQLmap $ python graphqlmap.py / | | | / | | | | | | | | | | | | | | | '/ | ' | ' | | | | | | ' \ / | ' \ | || | | | | | | | | | | || | || | | | | |...
Dow Jones Hammer - Protect The Cloud With The Power Of The cloud(AWS)
Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities e.g. JIRA, Slack to provide quick feedback to engineers and...
Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...
Interactsh - An OOB Interaction Gathering Server And Client Library
Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction support CLI Client / Web Dashboard support AES encryption with zero logging...