6011 matches found
autoPwn - Automate Repetitive Tasks For Fuzzing
Warning Completely re-writing this right now. Focus will be on interactive Linux apps that only take input from stdin for starters. Attempting to use Shellphish's Driller and Fuzzer functionality. autoPwn in it's current state will do this in limited form. Simply run autoPwn ./binary then select...
Nimcrypt2 - .NET, PE, And Raw Shellcode Packer/Loader Written In Nim
Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge...
MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)
This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy : Documentation Documentation is available at...
Exe2Image - A simple utility to convert EXE files to JPEG images and vice versa.
A simple utility to convert EXE files to PNG images and vice versa. Putty.exe converted to an image. Download Exe2Image...
Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
A cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool...
Hydra 9.0 - Fast and Flexible Network Login Hacker
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. THIS TOOL IS FOR LEG...
Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE
Nmap's XML result parse and NVD's CPE correlation to search CVE. You can use that to find public vulnerabilities in services... Nmap\s XML result parser and NVD's CPE correlation to search CVE Example: python vision2.py -f resultscan.xml -l 3 -o txt Coded by Mthbernades and CoolerVoid -...
Dnstwist - Domain Name Permutation Engine For Detecting Typo Squatting, Phishing And Corporate Espionage
See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is...
KITT-Lite - Python-Based Pentesting CLI Tool
The KITT Penetration Testing Framework was developed as an open source solution for pentesters and programmers alike to compile the tools they use with what they know into an open source project. With KITT, users are able to easily access a list of commonly used tools to their profession which ar...
RetDec - A Retargetable Machine-Code Decompiler Based On LLVM
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code Supported architectures:...
Acunetix Vulnerability Scanner Now With Network Security Scans
User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...
XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder
All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER Written by Hulya Karabag Instagram: Hulya Karabag Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYc0ykLdiofQcYKiTnhngvBcuOZsgiRAE-IGKdEx2Bi5o8Ca2ymOKEzKKa528oN9OuQRTbNhfk9CwWasvo5bW9b-GPwWiqjWP4g8R...
Phishing-Simulation - Aims To Increase Phishing Awareness By Providing An Intuitive Tutorial And Customized Assessment
Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment without any actual setup - no domain, no infrastructure, no actual email address to assess people's action on any given situation and gives ability to understand what is the...
Hashboy-Tool - A Hash Query Tool
Hashboy was redeveloped onhash-buster Author:Leiothrix How to install $git clone https://github.com/sf197/hashboy-tool $cd hashboy-tool $python3 hashboy.py How to use $ python3 hashboy.py / / / / / / / / / / / / / / / / / / / / // / / / // / // / // / // //,/// //.//, / // Author:Leiothrix...
AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
AndroL4b is an android security virtual machine based on ubuntu Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis. Tools APKStudio Cross-platform Qt5 based IDE for reverse-engineering...
Gotanda - Browser Web Extension For OSINT
Gotanda is OSINTOpen Source Intelligence Web Extension for Firefox/Chrome. This Web Extension could search OSINT information from some IOC in web page.IP,Domain,URL,SNS...etc This Repository partly the studying and JavaScript practice. Download link below. FireFox Chrome Usage Right click...
Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources
Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources. 09/2019 : 1.0Beta Information Gathring Tools 21 Web Hacking Tools15 Reverse Engineering Tools 15 Exploitation Tools 6 Pentesting & Security Assessment Findings Report Templates 6 Password Attack Tools 4 Shell Tool...
OSFClone - Open Source Utility To Create And Clone Forensic Disk Images
OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images quickly and independent of the installed operating system. In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format AFF , AFF is an open and...
Seeker - Find GeoLocation With High Accuracy
Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy. Other tools and services offer IP Geolocation which is not very accurate and does not give location of user. Generally if a user accepts location permsission, Accuracy of the informati...
SharpWebServer - HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality
A Red Team oriented simple HTTP & WebDAV server written in C with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references. Usage :: SharpWebServer ...
APT-Hunter - Threat Hunting Tool For Windows Event Logs Which Made By Purple Team Mindset To Provide Detect APT Movements Hidden In The Sea Of Windows Event Logs To Decrease The Time To Uncover Suspicious Activity
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure...
Cynet Free IR Tool Offering Empowers Responders to Know and Act Against Active Attacks
The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more relevant, making sound incident response a required capability in any organization’s security stack. To assist in this critical mission, Cynet i...
VBScan 0.1.8 - Black Box vBulletin Vulnerability Scanner
OWASP VBScan short for VBulletin Vulnerability Scanner is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project ...
WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
The Web Application FirewallFingerprinting Tool. — FromEnable Security How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
WHP - Microsoft Windows Hacking Pack
M$ Windows Hacking Pack =========== Tools here are from different sources. The repo is generally licensed with WTFPL, but some content may be not eg. sysinternals. "pes" means "PE Scambled". It's useful sometimes. Remote Exploits =========== Windows 2000 / XP SP1 MS05-039 Microsoft Plug and Play...
Mole - A Framework For Identifying And Exploiting Out-Of-Band Application Vulnerabilities
A framework for identifying and exploiting out-of-band OOB vulnerabilities. Installation & Setup Mole Install Python = 3.6 virtualenv -p /usr/bin/python3 venv source venv/bin/activate ./venv/bin/pip3 install -r requirements.txt git submodule update --init --recursive Set an API key in config.yml...
Xeexe - Undetectable And XOR Encrypting With Custom KEY (FUD Metasploit RAT)
Undetectable Reverse shell & Xor encrypting with custom KEYFUD Metasploit Rat bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,...PYTHON 3 Undetectable Reverse shell Metasploit Rat Xeexe is an FUD exploiting tool which compiles a malware with famous payload, and then the...
Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust
You are seeing a high-performant, coroutines-driven, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You can easily torify/proxify it using various platform-dependent utilities. Demonstration Advantages Coroutines-driven. Finshir uses...
dnscat2 - Create an Encrypted Command & Control (C&C) Channel over the DNS Protocol
dnscat2 is a DNS tunnel that WON'T make you sick and kill you! This tool is designed to create an encrypted command-and-control C&C channel over the DNS protocol, which is an effective tunnel out of almost every network. This README file should contain everything you need to get up and running! I...
Exploit Database - The official Exploit Database Repository
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other...
Scrcpy - Display And Control Your Android Device
pronounced "scr een c opy " Read in another language This application provides display and control of Android devices connected via USB or over TCP/IP. It does not require any root access. It works on GNU/Linux , Windows and macOS. It focuses on: lightness : native, displays only the device scree...
Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has...
Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Getting started Phonia installation cd...
LDAPDomainDump - Active Directory Information Dumper Via LDAP
Active Directory information dumper via LDAP Introduction In an Active Directory domain, a lot of interesting information can be retrieved via LDAP by any authenticated user or machine. This makes LDAP an interesting protocol for gathering information in the recon phase of a pentest of an interna...
Kaboom - Automatic Pentest
kaboom is a script that automates the penetration test. It performs several tasks for each phase of pentest: 1. Information gathering nmap-unicornscan TCP scan UDP scan 2. Vulnerability assessment nmap-nikto-dirb-searchsploit-msfconsole It tests several services: smb ssh snmp smtp ftp tftp ms-sql...
PowerTools - Collection Of PowerShell Projects With A Focus On Offensive Operations
Veil's PowerTools are a collection of PowerShell projects with a focus on offensive operations. This collection contains five projects: PowerUp PowerBreach PowerPick PewPewPew PowerView PowerUp PowerUp is a powershell tool to assist with local privilege escalation on Windows systems. It contains...
Karma_V2 - A Passive Open Source Intelligence (OSINT) Automated Reconnaissance (Framework)
𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is a Passive Open Source Intelligence OSINT Automated Reconnaissance framework 𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about...
Bn-Uefi-Helper - Helper Plugin For Analyzing UEFI Firmware
Helper plugin for analyzing UEFI firmware. This plugin contains the following features: Apply the correct prototype to the entry point function Fix segments so all segments are RWX and have the correct semantics This allows for global function pointers to be rendered correctly Apply types for cor...
Chameleon - Customizable Honeypots For Monitoring Network Traffic, Bots Activities And Username\Password Credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres And MySQL)
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and Postgres and MySQL Grafana Interface NMAP Scan Credentials Monitoring General Features Modular...
AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process
Attack Surface Mapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It...
Vulners Scanner - Vulnerability Scanner Based On Vulners.Com Audit API
PoC of a host-based vulnerability scanner, which uses vulners.com API. Detects operating system, collects installed packages and checks vulnerabilities in it. Supported OS Currently support collecting packages for these operating systems: Debian-based debian, kali, ubuntu Rhel-based redhat, cento...
RouterPassView v1.53 - Recover lost password from router backup file
Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed. The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless...
RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations
Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability for the Red Team in long term operations. Initial public release at BruCON 2018: Video: https://www.youtube.com/watch?v=OjtftdPts4g Presentation slides:...
WiFi-password-stealer - Simple Windows And Linux Keystroke Injection Tool That Exfiltrates Stored WiFi Data (SSID And Password)
Have you ever watched a film where a hacker would plug-in, seemingly ordinary, USB drive into a victim's computer and steal data from it? - A proper wet dream for some. Disclaimer : All content in this project is intended for security research purpose only. Introduction During the summer of 2022,...
Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords
A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes. Git Hound makes it easy to find exposed API keys on GitHub using pattern matching, targetted querying, and a scoring system. Usage echo "tillsongalloway.com" | python git-hound.py or...
WinPwn - Automation For Internal Windows Penetrationtest
In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensi...
iCULeak - Tool To Find And Extract Credentials From Phone Configuration Files Hosted On Cisco CUCM
Tool to find and extract credentials from phone configuration files in environments managed by Cisco's CUCM Call Manager. When using Cisco's CUCM Call Manager, phone configuration files are stored on a TFTP server. These phone configuration files quite frequently contain sensitive data, including...
Dnsdmpstr - Unofficial API & Client For Dnsdumpster.Com And Hackertarget.Com
Unofficial API & Client for DNS Dumpster and HackerTarget.com IP tools. https://dnsdumpster.com/ https://hackertarget.com/ip-tools/ Installation git clone https://github.com/zeropwn/dnsdmpstr cd dnsdmpstr pip3 install -r requirements.txt chmod +x ddump.py Usage As a command-line utility...
Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)
Cat-Nip Automated BasicPentest Tool this tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic. Usage Guide Download / Clone Cat-Nip git clone https://github.com/baguswiratmaadi/catnip Go Inside Cat-Nip Dir cd...
SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...