6011 matches found
Goscan - Interactive Network Scanner
GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...
Ophcrack - A Windows Password Cracker Based On Rainbow Tables
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. Features: Runs on Windows, Linux/Unix, Mac OS X, ... Cracks LM...
[SterJo Wireless Passwords v.1.4] Utility for recovering your lost wireless passwords of your network
SterJo Wireless Password is FREE utility for recovering your lost wireless passwords of your network. As the number of devices using wireless network increases same as the need for more security, it often may happen your password containing letters, numbers and special characters to be forgotten ...
uEmu - Tiny Cute Emulator Plugin For IDA Based On Unicorn.
uEmu is a tiny cute emulator plugin for IDA based on unicorn engine. Supports following architectures out of the box: x86 , x64 , ARM , ARM64 , MIPS , MIPS64 What is it GOOD for? Emulate bare metal code bootloaders, embedded firmware etc Emulate standalone functions What is it BAD for? Emulate...
HikPwn - A Simple Scanner For Hikvision Devices
HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born out of curiosity while I was capturing and watching network traffic generated by some of Hikvision's software and devices. Setup instructions: git clone...
Webkiller v2.0 - Tool Information Gathering
Tool Information Gathering Write With Python. PreView ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗ ██████╔╝████&9608 ;╔╝ ██║██║ ██║ █████╗ ██████╔╝ ██║███╗██║██╔══╝ ██╔══██╗██╔═██╗ ██║██║ ██║ ██╔══╝ ██╔══██╗...
XXExploiter - Tool To Help Exploit XXE Vulnerabilities
I wrote this tool to help me testing XXE vulnerabilities. It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. IMPORTANT: This tool is still under development and although most of its features are already working, some may have not...
Blinder - A Python Library To Automate Time-Based Blind SQL Injection
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development. Installation You can install Blinder using the following command: pip install blinder Or by downloading the source and importing it...
Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server
Aura Botnet C2 Server The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained...
LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error
It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the...
Twint - An Advanced Twitter Scraping And OSINT Tool
Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics...
WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites Optional but highly recommended: RVM Ruby = 2.3 - Recommended: latest Ruby 2.5.0 to 2.5.3 can caus...
ADAPT - Tool That Performs Automated Penetration Testing For WebApps
ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs...
ZIP Shotgun - Utility Script To Test Zip File Upload Functionality (And Possible Extraction Of Zip Files) For Vulnerabilities
Utility script to test zip file upload functionality and possible extraction of zip files for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog - Compressed File Upload And Command Execution and from OWASP - Test Upload of Malicious Files This script will create...
Twitter-Intelligence - Twitter Intelligence OSINT Project Performs Tracking And Analysis Of The Twitter
A project written in Python to twitter tracking and analysis without using Twitter API. Prerequisites This project is a Python 3.x application. The package dependencies are in the file requirements.txt. Run that command to install the dependencies. pip3 install -r requirements.txt Database SQLite...
WiFi-Pumpkin - Framework For Rogue Wi-Fi Access Point Attack
WiFi-Pumpkin is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snooping on the traffic. can be used to capture of credentials of unsuspecting users by either snooping the communication by phishing...
Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
Frogy 2.0 is an automated external reconnaissance and Attack Surface Management ASM toolkit designed to map out an organization's entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with...
CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner
Exploitation and scanning tool specifically designed for Jenkins versions -p -f or python CVE-2024-23897.py -i -f Parameters: - -t or --target: Specify the target IPs. Supports single IP, IP range, comma-separated list, or CIDR block. - -i or --input-file: Path to input file containing hosts in...
TIGMINT - OSINT (Open Source Intelligence) GUI Software Framework
An OSINT Open Source Intelligence software framework with an objective of making cyber investigations more convinient by implementing abstraction mechanisms to hide the background technical complexity also bundling different analysis techniques for social media Intelligence together providing a...
Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks
An automated web hacking framework for web applications Detailed insight about Vajra can be found at https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an automated web hacking framework to automate boring recon tasks and same...
SSRFuzz - A Tool To Find Server Side Request Forgery Vulnerabilities, With CRLF Chaining Capabilities
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why? I wanted to write a tool in Golang for concurrency I wanted to fuzz parameters for SSRF vulnerablities, as well as fuzz both paths and parameters for CRLF injections I was inspired by...
Zelos - A Comprehensive Binary Emulation Platform
Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...
AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I'm realeasing all the code I developed during my research. The main idea is to help...
Revshellgen - Reverse Shell Generator Written In Python.
Standalone python script for generating reverse shells easily and automating the boring stuff like URL encoding the command and setting up a listener. Download git clone https://github.com/t0thkr1s/revshellgen Install The script has 2 dependencies: pyperclip colorama You can install these by...
SpiderFoot - The Most Complete OSINT Collection And Reconnaissance Tool
SpiderFoot is an open source intelligence OSINT automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person's name. SpiderFoot can be used offensively, i.e. as part of a...
ZIP File Raider - Burp Extension For ZIP File Payload Testing
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression...
CT-Exposer - An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs
Discover sub-domains by searching through Certificate Transparency logs. What is CT? Certificate Transparency CT is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities CA. TLS has a weakness that comes from the...
WiFi-Pumpkin v0.8.1 - Framework for Rogue Wi-Fi Access Point Attack
Framework for Rogue Wi-Fi Access Point Attack Description WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5 Python 2.7 git clone...
SPF - SpeedPhish Framework
SPF SpeedPhish Framework is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises. Requirements: dnspython twisted PhantomJS Usage: usage: spf.py -h -f -C --all --test -e -g -s --simulate -w -W -d -c --ip -v -y optional arguments: -h, --hel...
[WAppEx v2.0] Web Application Exploitation Tool
WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it...
Villain - Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers other machines running Villain and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from...
SQLRecon - A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation
A C MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight...
Etherblob-Explorer - Search And Extract Blob Files On The Ethereum Blockchain Network
Search and extract blob files on the Ethereum network using Etherscan.io API. Introduction EtherBlob Explorer is a tool intended for researchers, analysts, CTF players or anyone curious enough wanting to search for different kinds of files or any meaningful human-supplied data on the Ethereum...
Bpytop - Linux/OSX/FreeBSD Resource Monitor
Resource monitor that shows usage and stats for processor, memory, disks, network and processes. Python port of bashtop. Features Easy to use, with a game inspired menu system. Full mouse support, all buttons with a highlighted key is clickable and mouse scroll works in process list and menu boxe...
Xencrypt - A PowerShell Script Anti-Virus Evasion Tool
Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based...
get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN
Get teamviewer's ID and password from a remote computer in the LAN This program gets teamviewer's ID and password from a remote computer in the LAN. Most useful for postexploitation or sysadmins Tested on windows 7 and windows 10 x86 and x64 Prerequisites You must have valid credentials on the...
FOCA - Tool To Find Metadata And Hidden Information In The Documents
FOCA Fingerprinting Organizations with Collected Archives FOCA is a tool used mainly to findmetadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with th...
uniFuzzer - A Fuzzing Tool For Closed-Source Binaries Based On Unicorn And LibFuzzer
uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer. Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. 中文介绍 Features very little hack and easy to build can target any specified function or code snippet...
VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector
Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting shell and checking it works like all the...
Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview
up is the Ultimate Plumber , a tool for writing Linux pipes in a terminal-based UI interactively, with instant live preview of command results. The main goal of the Ultimate Plumber is to help interactively and incrementally explore textual data in Linux, by making it easier to quickly build...
Evilginx2 v2.2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide...
Telebix - An Application That Communicates With A Bot On The Telegram To Receive Commands And Send Information From An Infrastructure Monitored By Zabbix
Telebix is an application that communicates with a Bot on the Telegram to receive commands and send information from an infrastructure monitored by Zabbix, which also sends messages in real time if any problems occur in the infrastructure, it is totally written in Python with Shell Script and has...
Sptoolkit Rebirth - Phishing Education Toolkit
The spt rebirth project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and...
[SterJo Startup Patrol v.1.3] Disable software that delayed the boot time
Often may happen your PC to run a little slower than usual. Don't worry, it is nothing serious. You’ve probably installed some software that delayed the boot time. SterJo Startup Patrol allows you to view those files and disable them. This way you can optimize the Windows startup time but be...
Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...
Emba - An Analyzer For Linux-based Firmware Of Embedded Devices
emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify and focus on the interesting areas of a huge firmware image. Although emba is optimized for offline firmware images, it can test both, live systems and extract...
Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go
Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic request/responses with correct domain name into burp...
AutoGadgetFS - USB Testing Made Easy
What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to condu...
Scant3R - Web Security Scanner
ScanT3r - Web Security Scanner / / / / / \ / / / / / / / / / / // // / / / / / / / / ///,// /// /// Coded By : Khaled Nassar @knassar702 Detect This vulnerabilities Remote Code Execution Linux XSS Reflected Template Injection Jinja2 ERB Java Twig Freemarker SQlInjection ScreenShot: GIF...
Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response
This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden...