Metadata-Attacker - A Tool To Generate Media Files With Malicious Metadata

With this small suite of open source pentesting tools you're able to create an image .jpg, audio .mp3 or video .mp4 file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data...

ir-rescue - A Windows Batch Script To Comprehensively Collect Host Forensic Data

ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script e.g. , prefetch files. It is intended for incident response use a...

[SterJo Startup Patrol v.1.3] Disable software that delayed the boot time

Often may happen your PC to run a little slower than usual. Don't worry, it is nothing serious. You’ve probably installed some software that delayed the boot time. SterJo Startup Patrol allows you to view those files and disable them. This way you can optimize the Windows startup time but be...

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...

CATSploit - An Automated Penetration Testing Tool Using Cyber Attack Techniques Scoring

CATSploit is an automated penetration testing tool using Cyber Attack Techniques Scoring CATS method that can be used without pentester. Currently, pentesters implicitly made the selection of suitable attack techniques for target systems to be attacked. CATSploit uses system configuration...

Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...

Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks

An automated web hacking framework for web applications Detailed insight about Vajra can be found at https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an automated web hacking framework to automate boring recon tasks and same...

Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go

Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic request/responses with correct domain name into burp...

DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The...

Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia pronounced as shown here helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to...

DNCI - Dot Net Code Injector

DNCI allows the injection of .Net code .exe or .dll remotely in unmanaged processes in windows. 1. Project Structure The project is structured in: DNCI.Injector.Library - Injection library. Contains all injection components and logic; DNCI.Injector.Runner - Command line utility for injection;...

FOCA - Tool To Find Metadata And Hidden Information In The Documents

FOCA Fingerprinting Organizations with Collected Archives FOCA is a tool used mainly to findmetadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with th...

Twint - An Advanced Twitter Scraping And OSINT Tool

Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics...

Reverie - Automated Pentest Tools Designed For Parrot Linux

Automated Pentest Tools Designed For Parrot Linux. this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic. Usage Guide Download / Clone git clone https://github.com/baguswiratmaadi/reverie Go Insi...

Xori - An Automation-Ready Disassembly And Static Analysis Library For PE32, 32+ And Shellcode

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. Acknowledgements: Xori wouldn't exist without inspiration and ideas from the open source community. We are indebted to the work of the Capstone engine and...

Decker - Declarative Penetration Testing Orchestration Framework

Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 the same config language as Terraform to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community...

ZIP File Raider - Burp Extension For ZIP File Payload Testing

ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression...

WinSpy - A Windows Reverse Shell Backdoor Creator With An Automatic IP Poisener

WinSpy: Windows Reverse Shell Backdoor Creator With ip poisener. Dependencies 1 - metasploit-framework 2 - xterm 3 - apache2 4 - whiptail Installation sudo apt-get install git git clone https://github.com/TunisianEagles/winspy.git cd winspy chmod +x setup.sh ./setup.sh chmod +x winspy.sh...

Gobuster - Directory/File & DNS Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just worked on the command line. 3. ... somethi...

PcapViz - Visualize Network Topologies and Collect Graph Statistics Based on PCAP Files

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

[BlackArch] Linux Distribution with 600 Security Tools

BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers and security researchers. The repository contains 630 tools. You can install tools individually or in groups. BlackArch is compatible with existing Arch installs. Tool List: Name | Version | Description | Homepage...

uEmu - Tiny Cute Emulator Plugin For IDA Based On Unicorn.

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine. Supports following architectures out of the box: x86 , x64 , ARM , ARM64 , MIPS , MIPS64 What is it GOOD for? Emulate bare metal code bootloaders, embedded firmware etc Emulate standalone functions What is it BAD for? Emulate...

SSRFuzz - A Tool To Find Server Side Request Forgery Vulnerabilities, With CRLF Chaining Capabilities

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why? I wanted to write a tool in Golang for concurrency I wanted to fuzz parameters for SSRF vulnerablities, as well as fuzz both paths and parameters for CRLF injections I was inspired by...

Stegbrute - Fast Steganography Bruteforce Tool Written In Rust Useful For CTF's

stegbrute is a fast steganography brute force tool written in Rust using also threads to achieve a faster execution Dependencies Stegbrute cannot run without steghide!, to install steghide run : apt-get install -y steghide if you are not in a debian distribution you can download it from steghide...

Bpytop - Linux/OSX/FreeBSD Resource Monitor

Resource monitor that shows usage and stats for processor, memory, disks, network and processes. Python port of bashtop. Features Easy to use, with a game inspired menu system. Full mouse support, all buttons with a highlighted key is clickable and mouse scroll works in process list and menu boxe...

Xencrypt - A PowerShell Script Anti-Virus Evasion Tool

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based...

Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals

Bluewall is a firewall framework designed for offensive and defensive cyber professionals. This framework allows Cybersecurity professionals to quickly setup their environment while staying within their scope. Credit Inspired by Andrew Benson's hostfw iptable generation script. Features Bluewall...

Mosca - Manual Search Tool To Find Bugs Like A Grep Unix Command

Mosca Manual analysis tool to find bugs like a grep unix command, Version 0.05 because is not dynamic... uses static code to search... don't confuse with academic views hahaha don't have graph here or CFG... is a simple "grep" egg modules is a config to find to vulnerabilities you can use at C,...

Frida-Extract - Frida.re Based RunPE (And MapViewOfSection) Extraction Tool

FridaExtract is a Frida.re based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : NOTE: Frida now also supports extraction of injected PE files using the...

Aircrack-ng 1.2 RC 2 - WEP and WPA-PSK keys cracking program

Here is the second release candidate. Along with a LOT of fixes, it improves the support for the Airodump-ng scan visualizer. Airmon-zc is mature and is now renamed to Airmon-ng. Also, Airtun-ng is now able to encrypt and decrypt WPA on top of WEP. Another big change is recent version of GPSd now...

[WAppEx v2.0] Web Application Exploitation Tool

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it...

CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner

Exploitation and scanning tool specifically designed for Jenkins versions -p -f or python CVE-2024-23897.py -i -f Parameters: - -t or --target: Specify the target IPs. Supports single IP, IP range, comma-separated list, or CIDR block. - -i or --input-file: Path to input file containing hosts in...

Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST Static Analysis Security Testing capabilities: Multiple languages support: C/C++, C, Go, HTML, Java, Kotlin, JavaScript,...

Bughound - Static Code Analysis Tool Based On Elasticsearch

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code. Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards ...

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

Emba - An Analyzer For Linux-based Firmware Of Embedded Devices

emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify and focus on the interesting areas of a huge firmware image. Although emba is optimized for offline firmware images, it can test both, live systems and extract...

Scant3R - Web Security Scanner

ScanT3r - Web Security Scanner / / / / / \ / / / / / / / / / / // // / / / / / / / / ///,// /// /// Coded By : Khaled Nassar @knassar702 Detect This vulnerabilities Remote Code Execution Linux XSS Reflected Template Injection Jinja2 ERB Java Twig Freemarker SQlInjection ScreenShot: GIF...

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...

IotShark - Monitoring And Analyzing IoT Traffic

IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily, setting up a man in the middle attack with proper configurations can take up quite a bit of time, and may seem dauntingly impossible for those with little to no...

SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Iptables Essentials - Common Firewall Rules And Commands

Tools to help you configure Iptables Shorewall - advanced gateway/firewall configuration tool for GNU/Linux. Firewalld - provides a dynamically managed firewall. UFW - default firewall configuration tool for Ubuntu. FireHOL - offer simple and powerful configuration for all Linux firewall and...

Robber - Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...

ParanoicScan - Vulnerability Scanner

Old Options Google & Bing Scanner that also scan : XSS SQL GET / POST SQL GET SQL GET + Admin Directory listing MSSQL Jet Database Oracle LFI RFI Full Source Discloure HTTP Information SQLi Scanner Bypass Admin Exploit FSD Manager Paths Finder IP Locate Crack MD5 Panel Finder Console Fixes +...

[IPv6 Disable Tool] Command-line Software to Enable or Disable IPv6 on Windows

IPv6 Disable is the free command-line tool to quickly Enable or Disable IPv6 Internet Protocol version 6 on your Windows system. It automatically checks for the current status of IPv6 and then enable/disable it accordingly. It is simple & easy to use tool. Also being a command-line based tool mak...

WAES - Auto Enums Websites And Dumps Files As Result

Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...

mXtract v1.2 - Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Screenshots Scan wi...

LAPSToolkit - Tool To Audit And Attack LAPS Environments

Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsoft's Local Administrator Password Solution LAPS. It includes finding groups specifically delegated by sysadmins, finding users with "All Extended Rights" that can vi...

Acunetix Web Application Vulnerability Report 2019

Acunetix compiles an annual web application vulnerability report. The purpose of this report is to provide security experts and interested parties with an analysis of data on vulnerabilities gathered over the previous year. The 2019 report contains the results and analysis of vulnerabilities,...

Secret Keeper - Python Script To Encrypt & Decrypt Files With A Given Key

Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard AES. CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. Features Secret Keeper has the ability to generate a random...

WiFi-Pumpkin - Framework For Rogue Wi-Fi Access Point Attack

WiFi-Pumpkin is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snooping on the traffic. can be used to capture of credentials of unsuspecting users by either snooping the communication by phishing...