Kali Linux 2023.2 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.2. This release has various impressive updates. The changelog highlights over the last few weeks since March’s release of 2023.1 is: New VM image for Hyper-V - With “Enhanced Session Mode” out of the box Xfce audio stack update: enters...

Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git...

Ngrev - Tool For Reverse Engineering Of Angular Applications

Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...

OSINT-Search - Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting

OSINT-Search is a useful tool for digital forensics investigations or initial black-box pentest footprinting. OSINT-Search Description Script in Python that applies OSINT techniques by searching public data using email addresses, phone numbers, domains, IP addresses or URLs. Create an account at...

WPScan v2.9.4 - Black Box WordPress Vulnerability Scanner

WPScan is a black box WordPress vulnerability scanner. INSTALL WPScan comes pre-installed on the following Linux distributions: BackBox Linux Kali Linux Pentoo SamuraiWTF BlackArch On macOS WPScan is packaged by Homebrew as wpscan. Windows is not supported We suggest you use the official Docker...

Abaddon - Make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities

Red team operations involve miscellaneous skills, last several months and are politically sensitive; they require a lot of monitoring, consolidating and caution. Wavestone’s red team operations management software, Abaddon, has been designed to make red team operations faster, more repeatable,...

Tempomail - Generate A Custom Email Address In 1 Second And Receive Emails

tempomail is a standalone binary that allows you to create a temporary email address in 1 Second and receive emails. It uses 1secmail's API. No dependencies required! Installation From Binary Download the pre-built binaries for different platforms from the releases page. Extract them using tar,...

Blinder - A Python Library To Automate Time-Based Blind SQL Injection

Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development. Installation You can install Blinder using the following command: pip install blinder Or by downloading the source and importing it...

Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator

The fastest and cross-platform subdomain enumerator. What Findomain can do? It table gives you a idea why you should use findomain and what it can do for you. The domain used for the test was aol.com in the following BlackArch virtual machine: Host: KVM/QEMU Standard PC i440FX + PIIX, 1996...

ThreatIngestor - Extract And Aggregate Threat Intelligence

An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow with SQS, Beanstalk, and custom plugins. Overview ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources,...

Tails 4.0 - Live System to Preserve Your Privacy and Anonymity

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used fr...

Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server

Aura Botnet C2 Server The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained...

Metame - Metame Is A Metamorphic Code Engine For Arbitrary Executables

metame is a simple metamorphic code engine for arbitrary executables. From Wikipedia: Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software...

ZIP Shotgun - Utility Script To Test Zip File Upload Functionality (And Possible Extraction Of Zip Files) For Vulnerabilities

Utility script to test zip file upload functionality and possible extraction of zip files for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog - Compressed File Upload And Command Execution and from OWASP - Test Upload of Malicious Files This script will create...

[SterJo Wireless Passwords v.1.4] Utility for recovering your lost wireless passwords of your network

SterJo Wireless Password is FREE utility for recovering your lost wireless passwords of your network. As the number of devices using wireless network increases same as the need for more security, it often may happen your password containing letters, numbers and special characters to be forgotten ...

Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler

Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter. Getting Started Please follow these instructions to get a copy of Kage running on your local...

Naabu - A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply. Features Fast And Simple SYN/CONNECT probe...

vAPI - Vulnerable Adversely Programmed Interface Which Is Self-Hostable API That Mimics OWASP API Top 10 Scenarios Through Exercises

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises. Requirements PHP MySQL PostMan MITM Proxy Installation Docker docker-compose up -d Installation Manual Copying the Code cd git clone...

TIGMINT - OSINT (Open Source Intelligence) GUI Software Framework

An OSINT Open Source Intelligence software framework with an objective of making cyber investigations more convinient by implementing abstraction mechanisms to hide the background technical complexity also bundling different analysis techniques for social media Intelligence together providing a...

Gitls - Enumerate Git Repository URL From List Of URL / User / Org

Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url...

HikPwn - A Simple Scanner For Hikvision Devices

HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born out of curiosity while I was capturing and watching network traffic generated by some of Hikvision's software and devices. Setup instructions: git clone...

XXExploiter - Tool To Help Exploit XXE Vulnerabilities

I wrote this tool to help me testing XXE vulnerabilities. It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. IMPORTANT: This tool is still under development and although most of its features are already working, some may have not...

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS

Manul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS beta written in pure Python. Quick Start pip3 install psutil git clone https://github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" in/test python3 manul.py -i in -o out -n 4...

Pylane - An Python VM Injector With Debug Tools, Based On GDB

Pylane is a python vm injector with debug tools, based on gdb and ptrace. Pylane uses gdb to trace python process, inject and run some code in its python vm. Usage use inject command to inject a python script in an process: pylane inject use shell command to inject an interactive shell: pylane...

Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme for Gnome and Xfce Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now G...

LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error

It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the...

WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites Optional but highly recommended: RVM Ruby = 2.3 - Recommended: latest Ruby 2.5.0 to 2.5.3 can caus...

Goscan - Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...

Ophcrack - A Windows Password Cracker Based On Rainbow Tables

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. Features: Runs on Windows, Linux/Unix, Mac OS X, ... Cracks LM...

ADAPT - Tool That Performs Automated Penetration Testing For WebApps

ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs...

Twitter-Intelligence - Twitter Intelligence OSINT Project Performs Tracking And Analysis Of The Twitter

A project written in Python to twitter tracking and analysis without using Twitter API. Prerequisites This project is a Python 3.x application. The package dependencies are in the file requirements.txt. Run that command to install the dependencies. pip3 install -r requirements.txt Database SQLite...

CT-Exposer - An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs

Discover sub-domains by searching through Certificate Transparency logs. What is CT? Certificate Transparency CT is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities CA. TLS has a weakness that comes from the...

Etherblob-Explorer - Search And Extract Blob Files On The Ethereum Blockchain Network

Search and extract blob files on the Ethereum network using Etherscan.io API. Introduction EtherBlob Explorer is a tool intended for researchers, analysts, CTF players or anyone curious enough wanting to search for different kinds of files or any meaningful human-supplied data on the Ethereum...

Wynis - Audit Windows Security With Best Practice

Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDITCONF%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus...

Webkiller v2.0 - Tool Information Gathering

Tool Information Gathering Write With Python. PreView ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗ ██████╔╝████&9608 ;╔╝ ██║██║ ██║ █████╗ ██████╔╝ ██║███╗██║██╔══╝ ██╔══██╗██╔═██╗ ██║██║ ██║ ██╔══╝ ██╔══██╗...

get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN

Get teamviewer's ID and password from a remote computer in the LAN This program gets teamviewer's ID and password from a remote computer in the LAN. Most useful for postexploitation or sysadmins Tested on windows 7 and windows 10 x86 and x64 Prerequisites You must have valid credentials on the...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat

Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I'm realeasing all the code I developed during my research. The main idea is to help...

Cryptovenom - The Cryptography Swiss Army Knife

CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom? CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern...

Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview

up is the Ultimate Plumber , a tool for writing Linux pipes in a terminal-based UI interactively, with instant live preview of command results. The main goal of the Ultimate Plumber is to help interactively and incrementally explore textual data in Linux, by making it easier to quickly build...

SpiderFoot - The Most Complete OSINT Collection And Reconnaissance Tool

SpiderFoot is an open source intelligence OSINT automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person's name. SpiderFoot can be used offensively, i.e. as part of a...

Sptoolkit Rebirth - Phishing Education Toolkit

The spt rebirth project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and...

Villain - Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions

Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers other machines running Villain and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from...

TwiTi - Tool for extracting IOCs from tweet

TwiTi, a tool for extracting IOCs from tweets, can collect a large number of fresh, accurate IOCs. TwiTi does classifying whether a tweet contains IOCs or not. extracting IOCs from a tweet and also from links mentioned in a tweet. For more details please refer to our paper, "Twiti: Social Listeni...

Zelos - A Comprehensive Binary Emulation Platform

Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...

KawaiiDeauther - Jam All Wifi Clients/Routers

Kawaii Deauther is a pentest toolkit whose goal is to perform jam on WiFi clients/routers and spam many fake AP for testing purposes. Dependencies macchanger mdk3 nmcli Installation Dependencies will be automatically installed. $ git clone https://github.com/aryanrtm/KawaiiDeauther $ cd...

uniFuzzer - A Fuzzing Tool For Closed-Source Binaries Based On Unicorn And LibFuzzer

uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer. Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. 中文介绍 Features very little hack and easy to build can target any specified function or code snippet...

Revshellgen - Reverse Shell Generator Written In Python.

Standalone python script for generating reverse shells easily and automating the boring stuff like URL encoding the command and setting up a listener. Download git clone https://github.com/t0thkr1s/revshellgen Install The script has 2 dependencies: pyperclip colorama You can install these by...

VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector

Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting shell and checking it works like all the...