4Nonimizer - A Tool For Anonymizing The Public IP Used To Browsing Internet, Managing The Connection To TOR Network And To Different VPNs Providers

It is a bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different top VPN providers OpenVPN, whether free or paid. By default, it includes several pre-configured VPN connections to different peers .ovpn files and download the...

Lazyrecon - Script To Automate Your Reconnaissance Process In An Organized Fashion

LazyRecon is a script written in Bash, it is intended to automate some tedious tasks of reconnaissance and information gathering. This tool allows you to gather some information that should help you identify what to do next and where to look. Usage ./lazyrecon.sh -d target.com Main Features Creat...

Storm-Breaker - Tool Social Engineering (Access Webcam, Microphone, OS Password Grabber And Location Finder) With Ngrok

Tool Social Engineering Access Webcam, Microphone, OS Password Grabber And Location Finder With Ngrok Features: Get Device Information Without Any Permissions Access Location SMARTPHONES Os Password Grabber WIN-10 Access Webcam Access Microphone Operating Systems Tested Kali Linux 2020 Installati...

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy tri pronounced like tri gger, vy pronounced like envy is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the softwar...

Slither - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...

Modded-Ubuntu - Run Ubuntu GUI On Your Termux With Much Features

Run Ubuntu GUI on your termux with much features. Features Fixed Audio Output Lightweight Requires at least 4GB Storage Katoolin3 tool for installing kali tools 2 Browsers Chromium & Mozilla Firefox Supports Bangla Fonts VLC Media Player Visual Studio Code Easy for Beginners Installation First...

[DroidSQLi] MySQL Injection tool for Android

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks. DroidSQLi supports the following injection techniques: - Time based injection - Blind injection - Error based injection - Normal injection...

Holehe - Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function

Holehe Online Version Summary Efficiently finding registered accounts from emails. Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others. Retrieves information using the forgotten password function. Does not alert the target email. Ru...

Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...

Evil-Droid - Framework to Create, Generate & Embed APK Payloads

Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms. Screenshot: Dependencies : 1 - metasploit-framework 2 - xterm 3 - Zenity 4 - Aapt 5 - Apktool 6 - Zipalign Download/Config/Usage: 1 - Download the tool from github git clone...

Pwndoc - Pentest Report Generator

PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilitie...

MOSINT - OSINT Tool For Emails

MOSINT is an OSINT Tool for emails. It helps you gather information about the target email.  Features: Verification Service Check if email exist Check social accounts with Socialscan Check data breaches need API Find related emails Find related phone numbers Find related domains Scan Pastebin...

Brute_Force - BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix

Install : pip install proxylist pip install mechanize Usage: BruteForce Gmail Attack python3 BruteForce.py -g [email protected] -l Filelist python3 BruteForce.py -g [email protected] -p PasswordSingle BruteForce Hotmail Attack python3 BruteForce.py -t [email protected] -l Filelist...

FATT - A Script For Extracting Network Metadata And Fingerprints From Pcap Files And Live Network Traffic

FATT is a script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files pcap or live network traffic. The main use-case is for monitoring honeypots, but you can also use it for other use cases such as network forensic analysis. fatt works on Linux, macOS...

FakeImageExploiter - Use a Fake image.jpg (hide known file extensions) to exploit targets

This module takes one existing image.jpg and one payload.ps1 input by user and builds a new payload agent.jpg.exe that if executed it will trigger the download of the 2 previous files stored into apache2 image.jpg + payload.ps1 and execute them. This module also changes the agent.exe Icon to matc...

BitCracker - BitLocker Password Cracking Tool (Windows Encryption Tool)

BitLocker is a full-disk encryption feature available in recent Windows versions Vista, 7, 8.1 and 10 Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authentication mode of BitLocker see picture below. Our attack has been tested on...

CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC

c 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes POC to check for CVE-2020-0796 / "SMBGhost" Expected outcome: Blue Screen Intended only for educational and testing in corporate environments. ZecOps takes no responsibility for the code, use at your own risk. Please contact...

PhoneSploit v1.2 - Using Open Adb Ports We Can Exploit A Andriod Device

Using open Adb ports we can exploit an Andriod device. you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge” To find out how to access a local device -- https://www.youtube.com/watch?v=OlhCAX1qBQo Recent News New Update v.1.2 Port...

Wordlistctl - Fetch, Install And Search Wordlist Archives From Websites And Torrent Peers

Script to fetch, install, update and search wordlist archives from websites offering wordlists with more than 1800 wordlists available. In the latest version of the Blackarch Linux it has been added to /usr/share/wordlists/ directory. Installation pacman -S wordlistctl Usage sepehrdad@blackarch-d...

Bad Ducky - Rubber Ducky Compatible Clone Based On CJMCU BadUSB HW

Bad Ducky is yet another Rubber Ducky clone. It is based on CJMCU BadUsb ATMEGA32u4 - Arduino Leonardo clone board with onboard card reader, which you can buy on ebay or aliexpress. My goal was to create something compatible with Rubber Ducky scripts, while having ability to easily choose which...

CVE-2022-22963 - PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 192.168.1.2:8080' -H...

QuasarRAT - Remote Administration Tool for Windows

Quasar is a fast and light-weight remote administration tool coded in C. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream IPv4 & IPv6 support Fast network serialization NetSerializer Compressed...

HT-WPS Breaker - High Touch WPS Breaker

High Touch WPS Breaker HT-WB is a small tool based on the bash script language, it can help you to extract the WPS pin of many vulnerable routers and get the password, in the last you want to notice that HT-WPS Breaker in its process is using these tools : "Piexiewps" "Reaver" "Bully" "Aircrack...

Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks

Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to ...

Darksplitz - Exploit Framework

This tools is continued from Nefix, DirsPy and Xmasspy project. Installation Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux. 1. $ git clone https://github.com/koboi137/darksplitz 2. $ cd darksplitz/ 3. $ sudo ./install.sh Features Extract mikrotik credenti...

Spring4Shell-POC - Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability CVE-2022-22965. Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about...

EvilPDF - Embedding Executable Files In PDF Documents

Read the license before using any part from this code : Hiding executable files in PDF documents Legal disclaimer: Usage of EvilPDF for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers...

Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!

Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license. This document is also available in Chinese. See README-Chinese.md Aren't the previous Bluetooth scanning tools scattered...

ANDRAX v4 DragonFly - Penetration Testing on Android

ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! The development of ANDRAX began on 08/09/2016 DD/MM/YYYY only fo...

SSHPry v2.0 - Spy and Control os SSH Connected client's TTY

This is a second release of SSHPry tool, with multiple features added. Control of target's TTY Built-In Keylogger Console-Level phishing Record & Replay previous sessions Demo Blogpost: http://www.korznikov.com/2017/09/sshpry-v2-spy-control-ssh-connected.html Twitter: @nopernik Howto ./sshpry2.py...

XML External Entity (XXE) Injection Payload List

An XML External Entity XXE attack sometimes called an XXE injection attack is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service DoS as well as access local and remote content and services. XXE can be...

Rafel-Rat - Android Rat Written In Java With WebPanel For Controlling Victims

Rafel is RemoteAccess Tool Used to Control Victims Using WebPanel With More Advance Features. Main Features Admin Permission Add App To White List Looks Like Browser Runs In Background Even App is ClosedMay not work on some Devices Accessibility Feature Support Android v5 - v10 No Port Forwarding...

Seth - Perform A MitM Attack And Extract Clear Text Credentials From RDP Connections

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...

DcRat - A Simple Remote Tool Written In C#

DcRat is a simple remote tool written in C Introduction Features TCP connection with certificate verification, stable and security Server IP port can be archived through link Multi-Server,multi-port support Plugin system through Dll, which has strong expansibility Super tiny client size about 405...

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

Script contains the fusion of 3 RCE vulnerabilities on ApacheStruts, it also has the ability to create server shells. SHELL php finished jsp process CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:' and 'redirectAction' Downloa...

PwnKit-Exploit - Proof Of Concept (PoC) CVE-2021-4034

Proof Of Concept PoC CVE-2021-4034 @c0br40x help to make this section in README!! Proof of Concept debian@debian:/PwnKit-Exploit$ make cc -Wall exploit.c -o exploit debian@debian:/PwnKit-Exploit$ whoami debian debian@debian:/PwnKit-Exploit$ ./exploit Current User before execute exploit...

BruteX v1.9 - Automatically Brute Force All Services Running On A Target

Automatically brute force all services running on a target Open ports Usernames Passwords INSTALL: ./install.sh USAGE: brutex target DOCKER: docker build -t brutex . docker run -it brutex target DEMO VIDEO: Download BruteX...

Fbchecker - Facebook Mass Account Checker

Facebook Mass Account Checker Simple Installation : apt install git apt install php git clone https://github.com/fdciabdul/fbchecker cd fbchecker php fbcheck.php Usage php fbcheck.php target.txt Download Fbchecker...

Maltrail - Malicious Traffic Detection System

Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name e.g...

PHPStan - PHP Static Analysis Tool (Discover Bugs In Your Code Without Running It!)

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line...

ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock

It's a simple tool for test vulnerability shellshock Autor: MrCl0wn Blog: http://blog.mrcl0wn.com GitHub: https://github.com/MrCl0wnLab Twitter: https://twitter.com/MrCl0wnLab Email: mrcl0wnlab@\gmail.com Shellshock software bug Shellshock, also known as Bashdoor, is a family of security bugs in...

TheFatRat v1.8 - Easy Tool For Generate Backdoor with Msfvenom

What is TheFatRat ?? An easy tool to generate backdoor with msfvenom a part from metasploit framework and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The...

OKadminFinder - Admin Panel Finder / Admin Login Page Finder

OKadminFinder: Easy way to findadmin panel of site. Requirements Linux sudo apt install tor sudo apt install python3-socks optional pip3 install --user -r requirements.txt Windows download tor expert bundle pip3 install -r requirements.txt Usage Preview Linux git clone...

IPED - Digital Forensic Tool - Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners

IPED is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. Introduction IPED - Digital Evidence Processor and Indexer translated from Portuguese is a tool implement...

PyPhisher - A Simple Python Tool for Phishing

If you are looking to make a phishing testing or demonstration you can check PyPhisher. This tool was created for the purpose of phishing during a penetration test. This tool is python based that provide user a way to send emails with a customized template that he design. you can have an html...

Webscreenshot - A Simple Script To Screenshot A List Of Websites

A simple script to screenshot a list of websites, based on the url-to-image phantomjs script. Features Integrating url-to-image 'lazy-rendering' for AJAX resources Fully functional on Windows and Linux systems Cookie and custom HTTP header definition support Multiprocessing and killing of...

HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)

Modern Phishing Tool With Advanced Functionality PHISHING | KEYLOGGER | INFORMATIONCOLLECTOR | ALLINONETOOL | SOCIALENGINEERING DEVELOPERS & CONTRIBUTORS 1. ANONUD4Y https://github.com/An0nUD4Y 2. USAMA ABDUL SATTAR https://github.com/usama7628674 3. sTiKyt https://github.com/sTiKyt 4. UNDEADSEC...

Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage...

Waybackurls - Fetch All The URLs That The Wayback Machine Knows About For A Domain

Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for .domain and output them on stdout. Usage example: ▶ cat domains.txt | waybackurls urls Install: ▶ go get github.com/tomnomnom/waybackurls Credit This tool was inspired by @mhmdiaa's waybackurls.py script. Thanks...