6011 matches found
MobSF (Mobile Security Framework) - Mobile (Android/iOS) Automated Pen-Testing Framework
Mobile Security Framework MobSF is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test...
[bWAPP bee-box] Linux VMware virtual machine pre-installed with bWAPP
bee-box is a custom Linux VMware virtual machine pre-installed with bWAPP. bee-box gives you several ways to hack and deface the bWAPP website. It's even possible to hack the bee-box to get root access... With bee-box you have the opportunity to explore all bWAPP vulnerabilities! This project is...
Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
Win python script to inject Macro and DDE code into Excel and Word documents reverse shell Features: Inject malicious Macro on formats: docm, dotm, xlsm, xltm Inject malicious DDE code on formats: doc, docx, dot, xls, xlsx, xlt, xltx Python2/Python3 Compatible Tested: Win10 MS Office 14.0...
Hontel - Telnet Honeypot
HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu environment, though it could be easily adapted to run inside any Linux environment. Documentation:...
Gitrecon - OSINT Tool To Get Information From A Github Profile And Find GitHub User'S Email Addresses Leaked On Commits
OSINT tool to get information from a github profile and find GitHub user's email addresses leaked on commits. How does this work? GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their...
Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security
Complete Automated pentest framework for Servers, Application Layer to Web Security Interface Software have 62 Options with full automation and can be use for web security swiss knife Tishna Tishna is Web Server Security Penetration Software for Ultimate Security Analaysis Kali, Parrot OS, Black...
ReconPi - Set Up Your Raspberry Pi To Perform Basic Recon Scans
ReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi. Start using that Raspberry Pi -- I know you all have one laying around somewhere ; Installation Check the updated blogpost here for a complete guide on how to set up your own...
EVABS - Extremely Vulnerable Android Labs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...
CocoaDebug - iOS Debugging Tool
iOS Debugging Tool Shake to hide or show the black bubble. support both device and simulator Long press the black bubble to show UIDebuggingInformationOverlay. Apple's Private API, support iOS 10/11/12 Application memory usage and FPS. List all print and NSLog messages which have been written by...
Vulscan - Advanced vulnerability scanning with Nmap NSE
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Installation Please install the files...
Pemcracker - Tool To Crack Encrypted PEM Files
This tool is inspired by pemcrack by Robert Graham. The purpose is to attempt to recover the password for encrypted PEM files while utilizing all the CPU cores. It still uses high level OpenSSL calls in order to guess the password. As an optimization, instead of continually checking against the P...
DNSTake - A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain subdomain.example.com or domain has its authoritative nameserver set to a provider e.g. AWS Route 53, Akamai, Microsoft Azure, etc. but th...
Dent - A Framework For Creating COM-based Bypasses Utilizing Vulnerabilities In Microsoft's WDAPT Sensors
More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This framework generates code to exploit vulnerabilties in Microsoft Defender Advanced Threat Protection's Attack Surface Reduction ASR rules to execute...
Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C
Lulzbuster is a very fast and smart web directory and file enumeration tool written in C. Usage $ lulzbuster -H / / / / / / / / / / / / / / / / / / / / / / / / / / // / / / // // / // // / / //,// //./,///// --== by nullsecurity.net ==-- usage lulzbuster -s opts | target options -s - start...
Impulse - Impulse Denial-of-service ToolKit
Modern Denial-of-service ToolKit Main window Methods: Method | Target | Description ---|---|--- SMS | +PHONE | SMS & CALL FLOOD NTP | IP:PORT | NTP amplification is a type of Distributed Denial of Service DDoS attack in which the attacker exploits publically-accessible Network Time Protocol NTP...
Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...
Rpi-Hunter - Automate Discovering And Dropping Payloads On LAN Raspberry Pi's Via SSH
Automate discovering and dropping payloads on LAN Raspberry Pi's via ssh. rpi-hunter is useful when there are multiple Raspberry Pi's on your LAN with default or known credentials, in order to automate sending commands/payloads to them. GUIDE: Installation 1. Install dependencies: sudo pip instal...
SharpStrike - A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems
SharpStrike is a post-exploitation tool written in C that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with in the --show-commands command. Introduction...
Search-That-Hash - Searches Hash APIs To Crack Your Hash Quickly, If Hash Is Not Found Automatically Pipes Into HashCat
The Fastest Hash Cracking System pip3 install search-that-hash && sth Tired of going to every website to crack your hash? Search-That-Hash automates this process in less than 2 seconds. Search-That-Hash searches the most popular hash cracking sites and automatically inputs your hashs for cracking...
OpenEDR - Open EDR Public Repository
We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to public, where products and services can be provisioned and managed together. EDR is our starting point. OpenEDR is a full blown EDR capability. It is one of the most sophisticated, effective EDR co...
PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage
Many usefull offensive CSharp Projects wraped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new...
Locator - Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)
Geolocator, Ip Tracker, Device Info by URL Serveo and Ngrok. It uses tinyurl to obfuscate the Serveo link. Legal disclaimer: Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws...
Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint
Vulners Scanner is developed by Vulners Team, the founders and maintainers of one of the world largest security databases. It implements technology of passive vulnerability scanning based on software version fingerprint. Is it legal? Absolutely. The application does not perform any malicious...
FFM (Freedom Fighting Mode) - Open Source Hacking Harness
FFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. The idea of the tool was derived from a 2007 conference from @thegrugq. It was presented at SSTIC 2018 and the accompanying slide deck is available at this url. If you're not familiar with th...
ProtOSINT - A Python Script That Helps You Investigate Protonmail Accounts And ProtonVPN IP Addresses
ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you in your OSINT investigation on Proton service for educational purposes only. ProtOSINT is separated in 3 sub-modules: 1 Test the validity of one protonmail...
DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. Purpose This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and som...
SUID3NUM - A Script Which Utilizes Python'S Built-In Modules To Find SUID Bins, Separate Default Bins From Custom Bins, Cross-Match Those With Bins In GTFO Bin's Repository & Auto-Exploit Those
A standalone python script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! Description A standalone script supporting both python2 & python3 to find out...
SubOver - A Powerful Subdomain Takeover Tool
Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect...
ArchAssault - Arch Linux ISO for Penetration Testers
The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source. While our Arch Linux...
Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains
Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover. Turbolist3r queries public DNS servers for each discovered subdomain. If the subdoma...
Adaudit - Powershell Script To Do Domain Auditing Automation
PowerShell Script to perform a quick AD audit | | \ | | | || | | | | | | | | | . | | | |||/ ||||||| by phillips321 If you have any decent powershell one liners that could be used in the script please let me know. I'm trying to keep this script as a single file with no requirements on external too...
BLUESPAWN - Windows Based Active Defense Tool To Empower Blue Teams
BLUESPAWN helps blue teams monitor Windows systems in real-time against active attackers by detecting anomalous activity Why we made BLUESPAWN We've created and open-sourced this for a number of reasons which include the following: Move Faster : We wanted tooling specifically designed to quickly...
FastIR Collector - Windows Incident Response Tool
This tool collects different artefacts on live Windows and records the results in csv files. With the analyses of this artefacts, an early compromission can be detected. Requirements pywin32 python WMI python psutil python yaml construct distorm3 hexdump pytz Execution ./fastIRx64.py -h for help...
BSQLinjector - Blind SQL Injection Exploitation Tool
BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application. Options: --file Mandatory - File containing valid HTTP request and SQL injection point SQLINJECT...
Gargamel - A Forensic Evidence Acquirer
A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type cargo build --release Debug build can be compiled using cargo build Compiled executable is located at target/release/gargamel.exe or...
Vulnx v1.9 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress, Joomla, Drupal, Prestashop...)
Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting each and...
Stegify - Go Tool For LSB Steganography, Capable Of Hiding Any File Within An Image
stegify is a simple command line tool capable of fully transparent hiding any file within an image. This technique is known as LSB Least Significant Bit steganography. Demonstration Carrier Data Results The Result file contains the Data file hidden in it. And as you can see it is fully transparen...
HackBar - HackBar Plugin For Burpsuite
HackBar - HackBar Plugin For Burpsuite V1.0. Requirements Burpsuite Java How to Install Download Jar 'https://github.com/d3vilbug/HackBar/releases/tag/1.0' and add in burpsuite Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Upcoming Features/Modules Ctrl + H shortcut WAF bypass SQLi...
APKDeepLens - Android Security Insights In Full Spectrum
APKDeepLens is a Python based tool designed to scan Android applications APK files for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the securit...
WARCannon - High Speed/Low Cost CommonCrawl RegExp In Node.js
WARCannon was built to simplify and cheapify the process of 'grepping the internet'. With WARCannon, you can: Build and test regex patterns against real Common Crawl data Easily load Common Crawl datasets for parallel processing Scale compute capabilities to asynchronously crunch through WARCs at...
PwnXSS - Vulnerability XSS Scanner Exploit
A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSS chmod 755 -R PwnXSS cd PwnXSS python3 pwnxss.py --help Usage Basic usage: python3 pwnxss.py -u...
Shodanwave - Explore & Obtain Information from Netwave IP Camera
Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online but not only that. Hack network cameras around the world, Very fun! What does the tool to? Look, a...
Detux - The Multiplatform Linux Sandbox
Detux is a sandbox developed to do traffic analysis of the Linux malwares and capture the IOCs by doing so. QEMU hypervisor is used to emulate Linux Debian for various CPU architectures. The following CPUs are currently supported: x86 x86-64 ARM MIPS MIPSEL Use the Live version now:...
[Firefox Password Remover] Firefox Website Login Password Removal Tool
Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox. You can either remove selected ones or all of the stored passwords from the Firefox sign-on database. One of the unique feature of this tool is that it allows you to remove the website...
Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly
Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...
Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows
Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...
Top 20 Most Popular Hacking Tools in 2019
As last year, this year we made a ranking with the most popular tools between January and December 2019. Topics of the tools focus on OSINT, Information Gathering, Android Hacking Tools, Automation Tools, Phishing, among others. Without going into further details, we have prepared a useful list o...
Gosec - Golang Security Checker
Inspects source code for security problems by scanning the Go AST. Install CI Installation binary will be $GOPATH/bin/gosec curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $GOPATH/bin vX.Y.Z or install it into ./bin/ curl -sfL...
Btlejack - Bluetooth Low Energy Swiss-army Knife
Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices...
WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)
WiFiBroot is built to provide clients all-in-one facility for cracking WiFi WPA/WPA2 networks. It heavily depends on scapy , a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireles...