6011 matches found
URLextractor - Information Gathering and Website Reconnaissance
Informationgathering & website reconnaissance Usage: ./extractor http://www.hackthissite.org/ Tips: Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g "INFO" -r "ALERT" Tldextract: is used by dnsenumeration function pip insta...
0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S
0d1n is a tool for automating customized attacks against web applications. You can do: Brute force login and passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test to find SQL Injection and XSS vulnerabilities Options to load ANTI-CSRF token each reque...
Lazygit - Simple Terminal UI For Git Commands
A simple terminal UI for git commands, written in Go with the gocui library. Are YOU tired of typing every git command directly into the terminal, but you're too stubborn to use Sourcetree because you'll never forgive Atlassian for making Jira? This is the app for you! Installation Homebrew brew...
Splunk Attack Range - A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk
The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server,...
Fsmon - Monitor Filesystem On iOS / OS X / Android / FirefoxOS / Linux
FileSystem Monitor utility that runs on Linux, Android, iOS and OSX. Brought to you by Sergi Àlvarez at Nowsecure and distributed under the MIT license. Contact: [email protected] Usage The tool retrieves file system events from a specific directory and shows them in colorful format or in...
[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks
Ghost Phisher is an application of security which comes built-in with a fake DNS server ,DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS,...
Laurel - Transform Linux Audit Logs For SIEM Usage
LAUREL is an event post-processing plugin for auditd8 to improve its usability in modern security monitoring setups. Why? TLDR: Instead of audit events that look like this… type=EXECVE msg=audit1626611363.720:348501: argc=3 a0="perl" a1="-e"...
NimHollow - Nim Implementation Of Process Hollowing Using Syscalls (PoC)
Playing around with the Process Hollowing technique using Nim. Features: Direct syscalls for triggering Windows Native API functions with NimlineWhispers. Shellcode encryption/decryption with AES in CTR mode. Simple sandbox detection methods from the OSEP course by @offensive-security. AMSI...
ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
Reverse Encrypted AES 256-bit Shell over TCP - usingPowerShell SecureString. Attacker C2-Server Listener: PS .\ReverseTCP.ps1 Target Client: CMD ECHO...
Hackuna - The First Mobile App to Track Hackers
Cryptors, a cyber security company, invented a mobile app called HACKUNA Anti-Hack that can block and detect these WiFi hackers. The exciting part here is, you can also track the hackers within the area. It will give you all the details you need to find the hacker within the area or to report it ...
BoNeSi - The DDoS Botnet Simulator
BoNeSi , the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks. What traffic can be generated? BoNeSi generates ICMP, UDP and TCP HTTP flooding attacks from a defined botnet size different IP...
TwitWork - Monitor Twitter Stream
Monitor twitter stream. TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one or more keywords or on an @ based on twitter tracking Demo This is a demo of export data on keyword "Coronavirius"...
CyberRange - The Open-Source AWS Cyber Range
This CyberRange project represents the first open-source Cyber Range blueprint in the world. This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. This project contains...
Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools . Features in tools Name | Release |...
Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues. PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of rig...
Zeebsploit - Web Scanner / Exploitation / Information Gathering
zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...
Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+
Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+. For more information, visit Tyton's website. Detected Attacks Hidden Modules Syscall Table Hooking Network Protocol Hooking Netfilter Hooking Zeroed Process Inodes Process Fops Hooking Interrupt Descriptor Table Hooking Additional Features...
Htcap - web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes
htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused mainly on the crawling process and uses external tools to discover vulnerabilities. It'...
API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
APIs For OSINT This is a Collection of APIs that will be useful for automating various tasks in OSINT. Thank you for following me! https://cybdetective.com IOT/IP Search engines Name | Link | Description | Price ---|---|---|--- Shodan | https://developer.shodan.io | Search engine for Internet...
MeterPwrShell - Automated Tool That Generate The Perfect Powershell Payload
Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE...
ADB-Toolkit - Tool for testing your Android device
ADB-Toolkit is a BASH Script with 28 options and an METASPLOIT Section which has 6 options which is made to do easypenetration testing in Android Device. You can do preety much any thing with this script and test your android device is it safe or not. This script is made with the help of ADB...
Elpscrk - An Intelligent Common User-Password Profiler Based On Permutations And Statistics
An Intelligent common user-password profiler that's named after the same tool in Mr.Robot series S01E01 In simple words, elpscrk will ask you about all info you know about your target then will try to generate every possible password the target could think of, it all depends on the information yo...
Kube-Alien - Tool To Launches Attack on K8s Cluster from Within
This tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it. After running the kube-alien pod it tries to takeover cluster's nodes by adding your public key to node's /root/.ssh/authorizedkeys file by...
DefectDojo - Application Vulnerability Correlation And Security Orchestration Application
DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one...
Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida
A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code. Checkout the website for features, api and examples CHANGELOG...
Lfi-Space - LFI Scan Tool
Written by TMRSWRR Version 1.0.0 All in one tools for LFI VULN FINDER -LFI DORK FINDER Instagram: TMRSWRR Screenshots How to use Read Me LFI Space is a robust and efficient tool designed to detectLocal File Inclusion LFI vulnerabilities in web applications. This tool simplifies the process of...
HRShell - An Advanced HTTPS/HTTP Reverse Shell Built With Flask
HRShell: An advanced HTTPSReverse Shell built with Flask HRShell is an HTTPS/HTTP reverse shell built with flask. It's compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS, Kali Linux 2019.3 macOS Mojave Windows 7/10 Features It's stealthy TLS support Either usin...
Tourmaline - Telegram Bot Framework For Crystal
Telegram Bot and hopefully soon Client API framework for Crystal. Based heavily off of Telegraf this Crystal implementation allows your Telegram bot to be written in a language that's both beautiful and fast. Benchmarks coming soon. If you want to extend your bot by using NLP, see my other librar...
Arkhota - A Web Brute Forcer For Android
What? Arkhota is a web HTTP/S brute forcer for Android. Why? A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations...
Sish - HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH
An open source serveo/ngrok alternative. Deploy Builds are made automatically for each commit to the repo and are pushed to Dockerhub. Builds are tagged using a commit sha, branch name, tag, latest if released on main. You can find a list here. Each release builds separate sish binaries that can ...
Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have...
Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum
A defense tool - detect web shells in local directories via md5sum Features Fast speed Lightweight Big database Tabled output Usages Install git clone https://github.com/ManhNho/shellsum.git chmod 755 -R shellsum/ cd shellsum/ pip install -r requirements.txt Run python shellsum.py ToDo Smooth...
bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
This script will try to find: the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ... an old server which still running the same inactive and unmaintained website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an...
KillerBee - IEEE 802.15.4/ZigBee Security Research Toolkit
This is KillerBee - Framework and Tools for Attacking ZigBee and IEEE 802.15.4 networks. REQUIREMENTS KillerBee is developed and tested on Linux systems. OS X usage is possible but not supported. We have striven to use a minimum number of software dependencies, however, it is necessary to install...
Invoke-TheHash - PowerShell Pass The Hash Utils
Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side. Requirements Minimum PowerShell 2.0 Import Import-Module...
Nanodump - A Crappy LSASS Dumper With No ASCII Art
A flexible tool that creates a minidump of the LSASS process. 1. Features It uses syscalls with SysWhispers2 for most operations. Syscalls are called from an ntdll address to bypass some syscall detections. It sets the syscall callback hook to NULL. Windows APIs are called using dynamic invoke...
PasteMonitor - Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match
Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match. Description The PasteMonitor tool allows you to perform two main actions for educational purposes only: Download daily new public pastes Average number of pastes per day: 1000-3000 filetyp...
OWASP Juice Shop - An Intentionally Insecure Webapp For Security Trainings Written Entirely In Javascript
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. For a detailed introduction, full list of features and architecture overview please visit the official project page:...
Malicious-Pdf - Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links. Usage pytho...
SniperPhish - The Web-Email Spear Phishing Toolkit
SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of...
Reposcanner - Python Script To Scan Git Repos For Interesting Strings
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required python-git on Debian. Usage ./reposcanner -r Options: optional arguments: -h, --help sho...
Adamantium-Thief - Decrypt Chromium Based Browsers Passwords, Cookies, Credit Cards, History, Bookmarks
Get chromium browsers: passwords, credit cards, history, cookies, bookmarks. Chrome 80 is supported! Examples: Getpasswords from browsers: Stealer.exe PASSWORDS Get credit cards from browsers: Stealer.exe CREDITCARDS Get history from browsers: Stealer.exe HISTORY Get bookmarks from browsers:...
Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources
Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open-source web-based reconnaissance quickly and thoroughly. Recon-ng has a look and feels similar to the Metasploit Framework, reducing the learning curve for leveraging the...
NetSet - Operational Security Utility And Automator
Operational Security utility and automator. NetSet is designed to automate a number of operations that will help the user with securing their network traffic. It also provides an easy way to gather proxies and run utilities through Tor. All the utilities installed and used by NetSet will be...
GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions. Features: Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications...
sRDI - Shellcode Implementation Of Reflective DLL Injection
sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...
[zANTI] The Power of Backtrack on your Android
Android Network Toolkit also known as zANTI is the most comprehensive and refined pentest tool for android by Zimperium. Zimperium is founded by white hat hacker Itzhack ‘Zuk’ Avraham and also have Kevin Mitnick on there team! They also had recently held the Pentester’s WorldCup. zAnti still come...
PowerShellArmoury - A PowerShell Armoury For Security Guys And Girls
The PowerShell Armoury is meant for pentesters, "insert-color-here"-teamers and everyone else who uses a variety of PowerShell tools during their engagements. It allows you to download and store all of your favourite PowerShell scripts in a single, encrypted file. You do not have to hassle with...
tsharkVM - Tshark + ELK Analytics Virtual Machine
This project builds virtual machine which can be used for analytics of tshark -T ek ndjson output. The virtual appliance is built using vagrant, which builds Debian 10 with pre-installed and pre-configured ELK stack. After the VM is up, the process is simple: decoded pcaps tshark -T ek output /...
Admin-Scanner - This Tool Is Design To Find Admin Panel Of Any Website By Using Custom Wordlist Or Default Wordlist Easily
WebsiteAdmin Panel Finder How To Install Linux/pc sudo apt install python3 sudo apt install python3-pip sudo apt install git git clone https://github.com/alienwhatever/Admin-Scanner.git cd Admin-Scanner How to Install Termux/Android pkg update && pkg upgrade pkg install python3 pkg install git gi...