6011 matches found
ipChecker - Check If A IP Is From Tor Or Is A Malicious Proxy
Tool to check if a given IP is a node tor or an open proxy. Why? Sometimes all your throttles are not enough to stop brute force attacks or any kind of massive attacks, so it can help you to drop, some attackers who use tor or open proxies. How it works The ipChecker has some plugins which scrap...
Stacer - Linux System Optimizer and Monitoring
Linux System Optimizer And Monitoring. Required Packages curl systemd Debian x64 1. Download stacer1.0.8amd64.deb from the Stacer releases page. 2. Run sudo dpkg -i stacer.deb on the downloaded package. 3. Launch Stacer using the installed stacer command. Fedora x64 1. Download stacer1.0.8x64.rpm...
Hershell - Simple TCP reverse shell written in Go
Simple TCP reverse shell written in Go . It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...
One-Lin3r - Gives you one-liners that aids in penetration testing operations
One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser: Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper: Give it an...
SNMPwn - An SNMPv3 User Enumerator and Attack tool
SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with "Unknown user name" when an...
Qubes OS - A Security-Oriented Operating System
Qubes OS is a security-oriented operating system OS. The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software FOSS. This means that everyone is free to use, copy,...
dnscrypt-autoinstall - Automatic installation and configuration of DNSCrypt
A script for installing and automatically configuring DNSCrypt on Linux-based systems. Description DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually...
Fake Sandbox Processes (FSP) - Tool to simulate fake processes of analysis sandbox/VM software
This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script made by @x0rz in the orig directory. You can also download my slightly optimized script in the main directory. The file is named fsp.ps1...
pcc - PHP Secure Configuration Checker
Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on CLI. Author This software was written by Ben Fuhrmannek, SektionEins GmbH, in an effort to automate php.ini checks and spend more time on cheerful tasks. Idea one single file for ea...
LeakManager - A Tool To Help You Manage Your Leaks
A Tool To Help You Manage Your Leaks Install sudo apt-get install mongodb-org screen pip3 install -r requeriments.txt Usage screen -S leakManager hug -f index.py -p 1337 OR gunicorn index:hugwsgi -b 0.0.0.0:1337 OR uwsgi --http 0.0.0.0:1337 --wsgi-file index.py --callable hugwsgi ctrl + a + d...
DorkNet - Selenium Powered Python Script To Automate Searching For Vulnerable Web Apps
Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save the...
pbscan - Faster And More Efficient Stateless SYN Scanner And Banner Grabber
polarbearscan is an attempt to do faster and more efficient banner grabbing and port scanning. It combines two different ideas which hopefully will make it somewhat worthy of your attention and time. The first of these ideas is to use stateless SYN scanning using cryptographically protected cooki...
Nili - Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing
Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing. Prerequisites Python - Python Programming Language Scapy - Interactive Packet Manipulation Program Netzob - Protocol Reverse Engineering, Modeling and Fuzzing Installing Here is some Instructions for...
WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...
morphHTA - Morphing Cobalt Strike PowerShell Evil HTA Generator
morphHTA is a Morphing Cobalt Strike PowerShell Evil HTA Generator Usage : usage: morph-hta.py -h --in --out --maxstrlen --maxvarlen --maxnumsplit optional arguments: -h, --help show this help message and exit --in File to input Cobalt Strike PowerShell HTA --out File to output the morphed HTA to...
AVET - AntiVirus Evasion Tool
AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. In version 1.1 lot of stuff was introduced, for a complete overview have a look at the CHANGELOG file. Now 64bit payloads can also be used, for...
QuickSand.io - Tool For Scanning Streams Within Office Documents Plus Xor DB Attack
QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or...
RogueSploit - Powerfull social engeering Wi-Fi trap!
RogueSploit is an open source automated script made to create a Fake Acces Point, with dhcpd server, dns spoofing, host redirection, browserautopwn1 or autopwn2 or beef+mitmf. TO DO LIST: Add BeEF;DONE Add MITMF;DONE Add BDFProxy; Add SeToolkit; Add Hostapd as fake ap; Add some features; What you...
Halcyon - IDE for Nmap Script (NSE) Development
Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...
BARF - A multiplatform open source Binary Analysis and Reverse engineering Framework
The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that...
ShellcodeCompiler - Shellcode C/C++ Compiler for Windows
Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way. Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret...
XSSER - From XSS to RCE
From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...
Sandcat Browser 5.3 - PenTest Oriented Web Browser
Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...
Faraday v2.1 - Collaborative Penetration Test and Vulnerability Management Platform
Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...
Hydra 8.3 - Network Logon Cracker
A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...
Panopticon - A Libre Cross-Platform Disassembler
Panopticon is a cross platform disassembler for reverse engineering written in Rust. Panopticon has functions for disassembling, analysing decompiling and patching binaries for various platforms and instruction sets. Panopticon comes with GUI for browsing control flow graphs, displaying analysis...
HellRaiser - Vulnerability Scanner
Install Install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04 Install redis-server and nmap. sudo apt-get update sudo apt-get install redis-server nmap Clone HellRaiser repository, change to hellraiser web app directory and run bundle install. git clone...
BrowserBackdoor - Secure JavaScript WebSocket Backdoor and a Ruby Command-Line Listener
BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener. BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system. The JavaScri...
BurpSuiteJSBeautifier - Burp Suite JavaScript Beautifier
Most of the websites compress their resources such as JS files in order to increase the loading speed. However, security testing and debugging a compressed resource is not an easy task. This is a Burp Suite open source extension which makes it possible to beautify most of the resources properly...
Lynis 2.2.0 - Security Auditing Tool for Unix/Linux Systems
Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans. Supported operating system...
Climber - Check UNIX/Linux Systems For Privilege Escalation
Automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation. Dependencies python = 2.7 python-crypto python-mako python-paramiko Note Climber needs Exscript, a Python module and a template processor for automating network connections over...
Toxy - Hackable Http Proxy To Simulate Server Failure Scenarios And Network Conditions
Toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions , built for node.js / io.js . It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency...
AutoBrowser - Create Report and Screenshots of HTTP/s Based Ports on the Network
AutoBrowser is a tool written in python for penetration testers. The purpose of this tool is to create report and screenshots of http/s based ports on the network. It analyze Nmap Report or scan with Nmap, Check the results with http/s request on each host using headless web browser, Grab a...
SQLassie - Effective Database Security
SQLassie is a free MySQL database firewall that prevents SQL injection attacks at runtime. SQLassie uses Bayesian classifiers to determine the likelihood of a query being an attack. This approach produces fewer false positives than other similar approaches. Security SQLassie prevents injection...
BackBox Linux 4.2 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable...
Packet Sender - The UDP and TCP Network Test Utility
Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. It is available free no ads / no bundleware for Windows , Mac , and Linux. It can be used for both commercial and personal use license. It's designed to be very easy to use while still providing enough...
Netsparker 4 - Easier to Use, More Automation and Much More Web Security Checks
Netsparker Web Application Security Scanner version 4. The main highlight of this new version is the new fully automated Form Authentication mechanism; it does not require you to record anything, supports 2 factor authentication and other authentication mechanisms that require a one time code to...
Exploit Pack - Open Source Security Project for Penetration Testing and Exploit Development
Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the...
Tribler - Download Torrents using Tor-inspired onion routing
Tribler is a research project of Delft University of Technology. Tribler was created over nine years ago as a new open source Peer-to-Peer file sharing program. During this time over one million users have installed it successfully and three generations of Ph.D. students tested their algorithms i...
Mobius - Forensic Framework written in Python/GTK
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool. Release 0.5.20 published This release...
DomainHostingView v1.61 - Show domain hosting information
DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company ...
Password Security Scanner - Check the security/strength of your passwords on Windows
This utility scans the passwords stored by popular Windows applications Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more... and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number...
Hash Compare - File Integrity Comparison Tool
Hash Compare is the FREE File Hash comparison tool. It performs Hash based Integrity Comparison using any of the the popular hash algorthms such as MD5 , SHA1 or SHA256. To make the task easier and quicker, it also supports the 'File Drag & Drop' feature. That means you can just drag & drop one o...
WhoIsConnectedSniffer - Detect who is connected to your network without scanning
WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver WinpCap or MS network monitor and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect...
Hexorbase - Multiple Database Management and Audit Tool
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL...
Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target URL, IP, or HASH or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com,...
YASAT - Yet Another Stupid Audit Tool
YASAT Yet Another Stupid Audit Tool is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies only sed, grep and cut Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking...
Hydra Network Logon Cracker 8.0 - Very fast network logon cracker which support many different services
A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...
HonSSH - Log all SSH communications between a client and server
HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them. Features Captures all connection attempts to a text file. When an attacker sends a password guess, HonSSH can automatically replace their attem...
Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring NSM and general digital forensics. PassiveDNS sniffes traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers...