6011 matches found
Detect It Easy - Program For Determining Types Of Files For Windows, Linux And MacOS
Detect It Easy, or abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS. Many programs of the kind PEID, PE tools allow to use third-party signatures. Unfortunately,...
Kubolt - Utility For Scanning Public Kubernetes Clusters
Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet: // getRun...
Sh00T - A Testing Environment for Manual Security Testers
A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...
Datasploit - An OSINT Framework To Perform Various Recon Techniques On Companies, People, Phone Number, Bitcoin Addresses, Etc., Aggregate All The Raw Data, And Give Data In Multiple Formats
Overview of the tool: Performs OSINT on a domain/email/username/phone and find out information from different sources. Correlate and collaborate the results, show them in a consolidated manner. Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. relat...
SimpleEmailSpoofer - A simple Python CLI to Spoof Emails (SPF/DMARC checking)
A few Python programs designed to help penetration testers with email spoofing. SimpleEmailSpoofer.py A program that spoofs emails. Currently in development spoofcheck.py A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that...
WireBug - A Toolset For Voice-over-IP Penetration Testing
WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to use. The tools are build for single using too, so every tool is its own python or bash program. Installation Install the dependencies in requirements.txt and the python dependencies in...
BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents
A Burp Suite extension to help pentesters to generate a random user-agent. This extension has been developed by M'hamed @m4ll0k Outaadi. Installation Download a jar file in release or compile the java code: $ git clone https://github.com/m4ll0k/BurpSuite-RandomUserAgent.git random-useragents $ cd...
ArmourBird CSF - Container Security Framework
ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two...
Flightsim - A Utility To Generate Malicious Network Traffic And Evaluate Controls
flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic...
DOGE - Darknet Osint Graph Explorer
DOGE Darknet Osint Graph Explorer Still in dev, works right. You should use this in addtion to Darknet OSINT Transform Pay attention here Query prototype: SELECT DISTINCT customcolumnname AS input, anothercustomname AS output FROM sometable, obviously you can add other options as WHERE, ORDER BY,...
Fsociety Hacking Tools Pack - A Penetration Testing Framework
A Penetration Testing Framework , you will have evry script that a hacker needs Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE InformationGathering : Nmap Setoolkit Port Scannin...
Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library...
Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails
Automated web security made simple Quarantyne is a reverse-proxy that protects web applications and APIs from fraudulent behavior, misuse, bots and cyber-attacks in real-time. Requirements Java 8 Presentation Quarantyne is a reverse-proxy written in java. It fronts a web application or API and...
identYwaf - Blind WAF Identification Tool
identYwaf is an identification tool that can recognize web protection type i.e. WAF based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive non-destructive payloads, where those are used only to trigger the web protection system in...
CertCrunchy - Just A Silly Recon Tool That Uses Data From SSL Certificates To Find Potential Host Names
It just a silly python script that either retrieves SSL Certificate based data from online sources, currently https://crt.sh/, https://certdb.com/, https://sslmate.com/certspotter/ and https://censys.io or given a IP range it will attempt to extract host information from SSL Certificates. If you...
RetDec - A Retargetable Machine-Code Decompiler
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32b...
Exploit Linux 3.4+ Local Root (CONFIG_X86_X32=y)
OSVDB-ID: 2014-0038 Author: rebel Published: 2014-02-02 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec...
Moukthar - Android Remote Administration Tool
Remote adminitration tool for android Features Permissions bypass android 12 below https://youtube.com/shorts/-w8H0lkFxb0 Keylogger https://youtube.com/shorts/Ll9dNrkjFOA Notifications listener SMS listener Phone call recording Image capturing and screenshots Video recording Persistence Read &...
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance"Reconnaissance phase. And in...
Iox - Tool For Port Forward &Amp; Intranet Proxy
Tool for port forward & intranet proxy, just like lcx/ew, but better Why write? lcx and ew are awesome, but can be improved. when I first used them, I can't remember these complicated parameters for a long time, such as tran, slave, rcsocks, sssocks.... The work mode is clear, why do they design...
PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...
Katana - A Python Tool For Google Hacking
Katana-ds ds for dorkscanner is a simple python tool that automates Google Hacking/Dorking and support Tor It becomes more powerful in combination with GHDB Installation : Use the package manager pip to install requirements cd Katana python3 pip install -r requirments python3 katana-ds.py Tested...
Dolos Cloak - Automated 802.1X Bypass
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack. The tool is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking...
TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
TROMMEL sifts through embedded device files to identify potential vulnerable indicators. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shell scripts w...
Bscan - An Asynchronous Target Enumeration Tool
Synopsis bscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure...
[Cookie Cadger] v.0.9
An auditing tool for Wi-Fi or wired Ethernet connections Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests. Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which i...
ExecuteAssembly - Load/Inject .NET Assemblies
ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host spawnto process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI,...
Runtime Mobile Security (RMS) - A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime
Runtime Mobile Security RMS , powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime. You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scrip...
Polyshell - A Bash/Batch/PowerShell Polyglot!
PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell i.e. a polyglot. This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payloads. PolyShell is also specifically designed to ...
Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework
Automate the automation START git clone https://github.com/rebellionil/rebel-framework.git cd rebel-framework bash setup.sh bash rebel.sh MODULES SCREENSHOTS DEMOS !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsE...
RedGhost - Linux Post Exploitation Framework Designed To Gain Persistence And Reconnaissance And Leave No Trace
Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl Crontab Function to create cron job that downloads and runs payload eve...
Auto-Root-Exploit - Auto Root Exploit Tool
Auto Root Exploit Tool Author : Nilotpal Biswas Facebook : https://www.facebook.com/nilotpal.biswas.73 Twitter : https://twitter.com/nilotpalhacker USAGE : for kernel version 2.6 all bash autoroot.sh 2 for kernel version 3 all bash autoroot.sh 3 for kernel version 4 all bash autoroot.sh 4 for...
Prowler - Tool for AWS Security Assessment, Auditing And Hardening
Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 Features It covers hardening and security best practices for all AWS regions related to: Identity and Access Management 24 checks Logging...
WinPmem - The Multi-Platform Memory Acquisition Tool
The WinPmem memory acquisition driver and userspace WinPmem has been the default open source memory acquisition driver for windows for a long time. It used to live in the Rekall project, but has recently been separated into its own repository. Copyright This code was originally developed within...
PowerSploit - A PowerShell Post-Exploitation Framework
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution Execute code on a target machine. Invoke-DllInjection Injects a Dll into the...
[Netsparker v3.2] Web Application Security Scanner
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...
Scour - AWS Exploitation Framework
Scour is a modern module based AWS exploitation framework written in golang, designed for red team testing and blue team analysis. Scour contains modern techniques that can be used to attack environments or build detections for defense. Features Command Completion Dynamic resource listing Command...
Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines
Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...
XMLRPC Bruteforcer - An XMLRPC Brute Forcer Targeting Wordpress
An XMLRPC brute forcer targeting Wordpress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3...
Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!
Remove short passwords & duplicates, change lowercase to uppercase & reverse, combine wordlists! Manual & explaination -d --dict Specifies the file you want to modify. This is the only parameter / argument that is not optional. -o --out The output filename optional. Default is out.txt. -s --short...
Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services
A command line security audit tool for Amazon Web Services About Cloud Security Audit is a command line tool that scans for vulnerabilities in your AWS Account. In easy way you will be able to identify unsecure parts of your infrastructure and prepare your AWS account for security audit...
Joy - A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring
Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture pcap files, using a flow-oriented model similar to that of IPFIX or Netflow, and then representing these data features in JSON. It also contains analysis tools that can be...
Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains
Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not...
Tcpreplay - Pcap Editing And Replay Tools For *NIX And Windows
Tcpreplay is a suite of GPLv3 licensed utilities for UNIX and Win32 under Cygwin operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4...
Nmap Bootstrap XSL - A Nmap XSL Implementation With Bootstrap
A Nmap XSL implementation with Bootstrap. How to use Add the nmap-bootstrap.xsl as stylesheet to your Nmap scan. For example: nmap -sS -T4 -A -sC -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl scanme.nmap.org scanme2.nmap.org Open...
Dr0p1t-Framework - A Framework That Creates An Advanced FUD Dropper With Some Tricks
Have you ever heard about trojan droppers ? you can read about them from here . Dr0p1t let you create dropper like any tool but this time FUD with some tricks ; Features Works with Windows and Linux Adding malware after downloading it to startup Adding malware after downloading it to task schedul...
RiskAssessmentFramework - Static Application Security Testing
The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework's Static...
nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration
nmapAutomator A script that you can run in the background! Summary The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing. This will ensure two things: 1 Automate nmap scans. 2 Always have so...
Tylium - Primary Data Pipelines For Intrusion Detection, Security Analytics And Threat Hunting
These files contain configuration for producing EDR endpoint detection and response data in addition to standard system logs. These configurations enable the production of these data streams using F/OSS free and / or open source tooling. The F/OSS tools consist of Auditd for Linux; Sysmon for...
SecurityRAT - Tool For Handling Security Requirements In Development
OWASP Security RAT Requirement Automation Tool is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developing based on this information, list of common securit...