6011 matches found
[dotDefender] Web Application Security
dotDefender is the market-leading software Web Application Firewall WAF. dotDefender boasts enterprise-class security, advanced integration capabilities, easy maintenance and low total cost of ownership TCO. dotDefender is the perfect choice for protecting your web site and web applications today...
RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace
Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...
Commando VM - The First of Its Kind Windows Offensive Distribution
Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Instructions 1. Create and configure a new Windows Virtual Machine...
MSFPC - MSFvenom Payload Creator
MSFvenom Payload Creator MSFPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MSFPC...
Garud - An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used - You must need to install...
Hmmcookies - Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)
Grab cookies from Firefox, Chrome, Opera using a shortcut file bypass UAC Legal disclaimer: Usage of HMMCOOKIES for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability an...
PHP Security Check List
PHP: Hypertext Preprocessor is a web-based, server-side, multi-use, general-purpose, scripting and programming language that can be embedded in HTML. The PHP development, which was first created by Rasmus Lerdorf in 1995, is now being run by the PHP community. The PHP programming language is stil...
mitm-router - Man-in-the-middle Wireless Access Point Inside a Docker Container
Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd, dnsmasq, and mitmproxy to create a open honeypot wireless network named "Public". For added fun, change the network name to "xfinitywifi" to autoconnect anyone w...
Vulnerablecode - A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability...
EasySploit - Metasploit Automation (EASIER And FASTER Than EVER)
EasySploit v3.1 Linux - Metasploit automation EASIER and FASTER than EVER Options: 1 Windows -- test.exe payload and listener 2 Android -- test.apk payload and listener 3 Linux -- test.py payload and listener 4 MacOS -- test.jar payload and listener 5 Web -- test.php payload and listener 6 Scan...
Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System
Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...
BlackArch Linux v2019.09.01 - Penetration Testing Distribution
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 2336 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 150 new tools added...
TwitterShadowBan - Twitter Shadowban Tests
One-page web app, testing Twitter users for conventional and QFD shadowbans. Setup Browser compatibility needs transpiling. Nothing fancy, just the usual babel magic. git clone https://github.com/shadowban-eu/TwitterShadowBanV2 && cd TwitterShadowBanV2 npm install Since we are using a php backend...
CMSeeK v1.1.2 - CMS Detection And Exploitation Suite - Scan WordPress, Joomla, Drupal And Over 170 Other CMSs
What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.1.2 19-05-2019 - Version 1.1.1...
Evillimiter - Limits Bandwidth Of Devices On The Same Network
A tool to limit the bandwidth upload/download of devices connected to your network without physical or administrative access. evillimiter employs ARP spoofing and traffic shaping to throttle the bandwidth of hosts on the network. This is explained in detail below. Requirements Linux distribution...
Modlishka - An Open Source Phishing Tool With 2FA Authentication
Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level with minimal effort required from your side. Enjoy :- Features Some of the most important 'Modlishka' features : Support for majority of 2FA authentication schemes by design. No website...
Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...
CloudMapper - Tool To Analyze Your Amazon Web Services (AWS) Environments
CloudMapper helps you analyze your Amazon Web Services AWS environments. The original purpose was to generate network diagrams and display them in your browser. It now contains more functionality. Demo:https://duo-labs.github.io/cloudmapper/ Intro...
yawast - The YAWAST Antecedent Web Application Security Toolkit
YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL - Versions and cipher suites supported; common issues. Information Disclosure - Checks for common information...
AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet
PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...
Saycheese - Grab Target'S Webcam Shots By Link
Take webcam shots from target just sending a malicious link. How it works? The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia. The MediaDevices.getUserMedia method prompts the user for...
Scallion - GPU-based Onion Addresses Hash Generator
Scallion lets you create vanity GPG keys and .onion addresses for Tor's hidden services using OpenCL. Scallion runs on Mono tested in Arch Linux and .NET 3.5+ tested on Windows 7 and Server 2008. Scallion is currently in beta stage and under active development. Nevertheless, we feel that it is...
Ghostfuscator - The Python Password-Protected Obfuscator Using AES Encryption
Obfuscate python scripts making them password-protected using AES Encryption Usage Just execute the script, and follow the menu. Info Once an script is obfuscated, when running it a password asking prompt will appear, after submiting the correct password, the script will execute decrypting it's...
Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform
Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming,Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to...
CredsLeaker v3 - Tool to Display A Powershell Credentials Box
This script used to display a powershell credentials box asked the user for credentials. However, That was highly noticeable. Now it's time to utilize Windows Security popup! As before, The box cannot be closed only by killing the process will keeps checking the credentials against the DC. When...
Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy in many situations. Graph theory algorithms...
Aircrack-ng 1.3 - Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...
Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages
Shellerator is a simple command-line tool aimed to help pentesters quickly generate one-liner reverse/bind shells in multiple languages Bash, Powershell, Java, Python.... This project is inspired by Print-My-Shell. I just rewrote it and added some options and glitter to it. The lists ofreverse an...
Drltrace - A Library Calls Tracer For Windows And Linux Applications
Drltrace is a dynamic API calls tracer for Windows and Linux applications designed primarily for malware analysis. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. The release build can be downloaded here. Usage The usage of drltrace is very simple. A user needs to...
Nmap-API - Uses Python3.10, Debian, python-Nmap, And Flask Framework To Create A Nmap API That Can Do Scans With A Good Speed Online And Is Easy To Deploy
Uses python3.10, Debian, python-Nmap, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating. API Reference Get all items GET...
Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-hunter : kube-hunter is available as a...
Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell
Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...
Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module
A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan module. Usage hacker@blackarch $ sshprank -H --== sshprank by nullsecurity.net ==-- usage sshprank opts | modes -h - single host to crack. multiple ports can be seperated by comma, e.g.: 22,2022,22222 default...
Remot3d - An Simple Exploit for PHP Language
It's easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program. Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwd Screenshots List ...
Collection Of Free Computer Forensic Tools
Disk tools and data capture Name | From | Description ---|---|--- DumpIt | MoonSols | Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive. EnCase Forensic Imager | Guidance Software | Create EnCase evidence files and EnCase logical evidence files...
Solitude - A Privacy Analysis Tool That Enables Anyone To Conduct Their Own Privacy Investigations
Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating user privacy within an app accessible for everyone. Important Note Prior to installing Solitude it...
RITA - Real Intelligence Threat Analytics
RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection : Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs o...
Traxss - Automated XSS Vulnerability Scanner
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a previe...
Qvm-Create-Windows-Qube - Spin Up New Windows Qubes Quickly, Effortlessly And Securely
qvm-create-windows-qube is a tool for quickly and conveniently installing fresh new Windows qubes with Qubes Windows Tools QWT drivers automatically. It officially supports Windows 7, 8.1 and 10 as well as Windows Server 2008 R2, 2012 R2, 2016 and 2019. The project emphasizes correctness, securit...
IPFinder CLI - The Official Command Line Client For IPFinder
The Official Command Line Client For IPFinder: Supports Single IP Address, asn, ranges, firewall as Input Supports Bulk Exports Results to Screen or to An Output File Supports IPv4 and IPv6 Supports ASN number , RANGES , Firewall Getting Started singing up for a free account at...
AutoSource - Automated Source Code Review Framework Integrated With SonarQube
AutoSource is an automated source code review framework integrated with SonarQube which is capable of performing static code analysis/reviews. It can be used for effectively finding the vulnerabilities at very early stage of the SDLCSoftware Development Life Cycle. The user can scan the code by...
XCat - Tool that aides in the exploitation of blind XPath injection vulnerabilities
XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...
Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)
Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting each and...
DECAF - Short for Dynamic Executable Code Analysis Framework
DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead SPEC CPU2006 when no suspicious tainted input exists. Even...
Terminus - A Terminal For A More Modern Age
Terminus is a highly configurable terminal emulator for Windows, macOS and Linux Theming and color schemes Fully configurable shortcuts Split panes Remembers your tabs PowerShell and PS Core, WSL, Git-Bash, Cygwin, Cmder and CMD support Integrated SSH client and connection manager Full Unicode...
Cheat Engine - A Development Environment Focused On Modding
Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preferencee.g: Find that 100hp is too easy, try playing a game with a max of 1 HP, but also contains other usefull tools to help...
Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform
Here’s the main new features and improvements in Faraday v3.5: New vulnerability form We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier. The new form brings you tabs to make it smaller and group different fields. Custom fields Add...
RouterSploit v3.4.0 - Exploitation Framework For Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
PEDA - Python Exploit Development Assistance For GDB
PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...
Nginx Log Check - Nginx Log Security Analysis Script
Nginx Log Security Analysis Script Features Statistics Top 20 Address SQL injection analysis Scanner alert analysis Exploit detection Sensitive path access File contains attack Webshell Find URLs with response length Top 20 Looking for rare script file access Find script file for 302 redirect Usa...