6011 matches found
SharpWeb - .NET 2.0 CLR Project To Retrieve Saved Browser Credentials From Google Chrome, Mozilla Firefox And Microsoft Internet Explorer/Edge
SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers. Usage Usage: .\SharpWeb.exe arg0 arg1 arg2...
aNmap - Android Network Mapper (Nmap for Android)
Nmap is one of the most improtant tools for every cracker white, grey black hat "hacker". Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But...
Darkdump - Search The Deep Web Straight From Your Terminal
Darkdump is a simple script written in Python3.9 in which it allows users to enter a search term query in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump wraps up the darksearch.io API. Installation 1. git clone https://github.com/josh0xA/darkdump 2...
SecurityRAT - Tool For Handling Security Requirements In Development
OWASP Security RAT Requirement Automation Tool is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developing based on this information, list of common securit...
Hcxdumptool - Small Tool To Capture Packets From Wlan Devices
Small tool to capture packets from wlan devices. After capturing, upload the "uncleaned" cap here https://wpa-sec.stanev.org/?submit to see if your ap or the client is vulnerable by using common wordlists. Convert the cap to hccapx and/or to WPA-PMKID-PBKDF2 hashline 16800 with hcxpcaptool hcxtoo...
OpenStego - Steganography Application (Data Hiding and Watermarking)
OpenStego is a steganography application that provides two functionalities: 1. Data Hiding: It can hide any data within a cover file e.g. images. 2. Watermarking: Watermarking files e.g. images with an invisible signature. It can be used to detect unauthorized file copying. Usage For GUI: java -j...
Enum4Linux-Ng - A Next Generation Version Of Enum4Linux (A Windows/Samba Enumeration Tool) With Additional Features Like JSON/YAML Export
enum4linux-ng.py is a rewrite of Mark Lowe's former Portcullis Labs now Cisco CX Security Labs enum4linux.pl, a tool for enumerating information from Windows and Samba systems, aimed for security professionals and CTF players. The tool is mainly a wrapper around the Samba tools nmblookup, net,...
Teler - Real-time HTTP Intrusion Detection
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. Features Real-time : Analyze logs and identify suspicious activity in real-time. Alerting : teler provides alerting when a threat is...
AES Finder - Utility To Find AES Keys In Running Processes
Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. Usage Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang: g++ -O3 -march=native -fomit-frame-pointer aes-finder.cpp -o aes-finder To search for keys in process...
Rustbuster - DirBuster For Rust
DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...
FTW - Framework For Testing WAFs
This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF. Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules...
Shodanploit - Shodan Command Line Interface Written In Python
Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service, SCADA systems, and more. Moreover, more specific searches are possible. As a result of the searc...
Watcher v1.5.8 - Web Security Testing Tool and Passive Vulnerability Scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
Powershell-Backdoor-Generator - Obfuscated Powershell Reverse Backdoor With Flipper Zero And USB Rubber Ducky Payloads
Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. usage: listen.py -h --ip-address IPADDRESS --port PORT --random --out OUT --verbose --delay...
EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections Kernel callbacks and ETW TI provider and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland...
Routopsy - A Toolkit Built To Attack Often Overlooked Networking Protocols
Routopsy is a toolkit built to attack often overlooked networking protocols. Routopsy currently supports attacks against Dynamic Routing Protocols DRP and First-Hop Redundancy Protocols FHRP. Most of the attacks currently implemented make use of a weaponised 'virtual router' as opposed to...
BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
Your private data is being traded and sold all over the internet as we speak. Tons of leaks come out on a daily basis which can make you feel powerless. The majority of user-passwords and other sensitive information have been posted somewhere on the internet/darknet for any prying eyes to see,...
SecurityNotFound - 404 Page Not Found Webshell
Clone me! Clone or download the project: git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound cd SecurityNotFound "Installation" The src/404.php file should be located on the target server. That server must have the ability to execute .php files. Here is an example of so...
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one o...
Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...
Nikto v2.1.6 - Web Server Scanner
Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...
Wpbullet - A Static Code Analysis For WordPress (And PHP)
A static code analysis for WordPress Plugins/Themes and PHP Installation Simply clone the repository, install requirements and run the script $ git clone https://github.com/webarx-security/wpbullet wpbullet $ cd wpbullet $ pip install -r requirements.txt $ python wpbullet.py Usage Available...
iCloudBrutter - AppleID Bruteforce
iCloudBrutter is a simple python 3.x script to perform basic bruteforce attack againts AppleID. Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter. Installation $ git clone...
Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code
Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code How it works? Self-XSS is a social engineering attack used to gain control of victims' web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors a...
TorghostNG - Make All Your Internet Traffic Anonymized Through Tor Network
TorghostNG is a tool that make all your internet traffic anonymized through Tor network. Rewritten from TorGhost with Python 3. TorghostNG was tested on: Kali Linux Manjaro ... Before you use TorghostNG For the goodness of Tor network, BitTorrent traffic will be blocked by iptables. Although you...
Maryam - Open-source intelligence (OSINT) Framework
Maryam is a full-featured open-source intelligenceOSINT framework written in Python. Complete with independent modules, built in functions, interactive help, and command completion, provides a command-line environment for used forensic and open-source intelligenceOSINT. Maryam is a completely...
FDsploit - File Inclusion And Directory Traversal Fuzzing, Enumeration & Exploitation Tool
A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. FDsploit menu: $ python fdsploit.py -h | | \ | ||| | | | | | -| . | | . | | | || |/|| ||||| ||...ver. 1.2 Author: Christoforos Petrou game0ver ! usage: fdsploit.py -u | -f -h -p -d -e 0,1,2 -t -b -x -c -v --params...
Airopy - Get Clients And Access Points
Get clients and access points. With Alfa cards this script works correctly. Dependencies To run this script first install requirements as follows: sudo pip3 install requirements.txt How to use In the examples I don't add 'sudo', but to execute them you need high privileges. To get help: python3...
Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory
mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...
Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config
Motivation There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the computers do their job!...
Charlotte - C++ Fully Undetected Shellcode Launcher
c++ fully undetected shellcode launcher ; releasing this to celebrate the birth of my newborn description 13/05/2021: 1. c++ shellcode launcher, fully undetected 0/26 as of 13th May 2021. 2. dynamic invoking of win32 api functions 3. XOR encryption of shellcode and function names 4. randomised XO...
Kraken - Cross-platform Yara Scanner Written In Go
Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections not for endpoint protection. Following are the core features: Scan running executables and memory of running process...
Userrecon-Py v2.0 - Username Recognition On Various Websites
Username recognition on various websites. Installation Withpip3 Linux sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git --upgrade userrecon-py --help Build from source Linux git clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-py sudo -H pip3 install -r...
NAXSI - An Open-Source, High Performance, Low Rules Maintenance WAF For NGINX
NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple and readable rules containing 99% of known patterns involved in website vulnerabilities. For...
Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis
Maltego CE is the community version of Maltego that is available for free after a quick online registration. Maltego CE includes most of the same functionality as the commercial version however it has some limitations. The main limitation with the community version is that the application cannot ...
Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)
Scrape/Parse Pastebin using GO and grammar expression PEG. Installation $ go get -u github.com/edoz90/pastego Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && earthquake, password && php ||...
Leaked? 2.0 - A Checking Tool For Hash Codes, Passwords And Emails Leaked
Leaked? is A Checking tool for Hash codes and Passwords and Emails leaked, uses leakz module from Aidan Holland, and leakz module uses API from Aurelius Wendelken. Leaked? can work in any OS if they have support Python 3 and 2. What's new? Check email leaked Update More friendly for users Support...
PacketWhisper - Stealthily Exfiltrate Data And Defeat Attribution Using DNS Queries And Text-Based Steganography
PacketWhisper - Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type e.g. executables, Office...
Hate_Crack - Automated Hash Cracking Techniques with HashCat
A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries https://hashcat.net/hashcat/ OSX Install https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/ mkdir -p hashcat/deps git clone...
hacklib - Pentesting, Port Scanning, and Logging in anywhere with Python
Toolkit for hacking enthusiasts using Python. hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. Installation To get hacklib, simply run in command line: pip install hacklib hacklib also has a user interface. To use it, you ca...
Squarephish - An advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. / | | | | | | | | | | | | | \ \ / | | | |/ | '/ \ /| ' | / | ' \ | | | || | | |...
Octopus - Open Source Pre-Operation C2 Server Based On Python And Powershell
Octopus is an open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red team operation, where rather than starting the engagement with your full operational arsenal and...
Saferwall - A Hackable Malware Sandbox For The 21St Century
Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generates an automated malware analysis report. Hunting platform to find new malwares...
Rbuster - Yet Another Dirbuster
yet another dirbuster Common Command line options -a - specify a user agent string to send in the request -c - use this to specify any cookies that you might need simulating auth. header. -f - force processing of a domain with wildcard results. -l - show the length of the response. -r - follow...
Ehtools - Framework Of Serious Wi-Fi Penetration Tools
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a...
RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace
Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...
Angr - A Powerful And User-Friendly Binary Analysis Platform
angr is a platform-agnostic binary analysis framework. It is brought to you by the Computer Security Lab at UC Santa Barbara, SEFCOM at Arizona State University, their associated CTF team, Shellphish, the open source community, and @rhelmot. What? angr is a suite of Python 3 libraries that let yo...
[TinySHell] Ported to SCTP
You may have seen, a while ago, my post on SCTP reverse shells. I realized quite quickly that I should definately do some more research in this direction, and hence ported one of my favourite Unix backdoors which uses a TCP connection to use a SCTP connection instead. This backdoor allows for a...
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...
GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data
This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...