6011 matches found
Webscreenshot - A Simple Script To Screenshot A List Of Websites
A simple script to screenshot a list of websites, based on the url-to-image phantomjs script. Features Integrating url-to-image 'lazy-rendering' for AJAX resources Fully functional on Windows and Linux systems Cookie and custom HTTP header definition support Multiprocessing and killing of...
Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down...
Waybackurls - Fetch All The URLs That The Wayback Machine Knows About For A Domain
Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for .domain and output them on stdout. Usage example: ▶ cat domains.txt | waybackurls urls Install: ▶ go get github.com/tomnomnom/waybackurls Credit This tool was inspired by @mhmdiaa's waybackurls.py script. Thanks...
Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors
Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. Extended documentation: http://kiminewt.github.io/pyshark Python2 deprecation - This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy...
xShock - Shellshock Exploit
xShock ShellShock CVE-2014-6271 This tool exploits shellshock. Written by Hulya Karabag Version 1.0.0 Instagram: Capture the Root Screenshots...
EfiGuard - Disable PatchGuard And DSE At Boot Time
EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement DSE. Features Currently supports all EFI-compatible versions of Windows x64 ever released, from Vista SP1 to Server...
MaskPhish - Give A Mask To Phishing URL
MaskPhish is a simple script to hidephishing URL under a normal looking URLgoogle.com or facebook.com. Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws...
Watson - Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities
Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004 Server 2016 & 2019 Usage C:\ Watson.exe / / /\ \ \ | | \ / / / | / |/ | ' \ \ /\ / | |...
Remote-Method-Guesser - Tool For Java RMI Enumeration And Bruteforce Of Remote Methods
remote-method-guesser rmg is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations if...
Devploit v3.6 - Information Gathering Tool
Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit To run in Android you do not install file Run direct python2 Devploit Properties: DNS Lookup Whois...
OWASP ZAP 2.4.0 - Penetration Testing Tool for Testing Web Applications
ZAP is an OWASP Flagship project, and is currently the most active open source web application security tool. For a quick introduction to the new release see this video: Some of the most significant changes include: ‘Attack’ Mode A new ‘attack’ mode has been added that means that applications tha...
Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform
A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform. For Android platform: frida-android-hook For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS |...
Tor Browser Bundle 3.5
The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series. Packages are now available from the Tor download page as well as the Tor Package archive. For now, the Pluggable Transports-capable TBB is still a separate...
H8Mail - Email OSINT And Password Breach Hunting
Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...
Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go
Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just...
Evilgophish - Evilginx2 + Gophish
Combination of evilginx2 and GoPhish. Credits Before I begin, I would like to say that I am in no way bashing Kuba Gretzky and his work. I thank him personally for releasing evilginx2 to the public. In fact, without his work this work would not exist. I must also thank Jordan Wright for...
S3BucketList - Firefox Plugin The Lists Amazon S3 Buckets Found In Requests
S3BucketList is a Firefox plugin that records S3 Buckets found in requests. It is currently a work in progress and additional features will be added in the future. This plugin will also be ported to other browsers in the future. Stay tuned! Installation This plugin is already available in Firefox...
Kali NetHunter 3.0 - Android Mobile Penetration Testing Platform
What’s New in Kali NetHunter 3.0 NetHunter Android Application Rewrite The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter...
Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to...
CamRaptor - Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. Features Exploits vulnerabilities in most popular camera models such as Novo, CeNova and QSee. Optimized to exploit multiple cameras at one time from list with threading enabled...
jwt-cracker - Simple HS256 JWT Token Brute Force Cracker
Simple HS256 JWT token brute force cracker. Effective only to crack JWT tokens with weak secrets. Recommendation : Use strong long secrets or RS256 tokens. Install With npm: npm install --global jwt-cracker Usage From command line: jwt-cracker Where: token : the full HS256 JWT token string to cra...
Telegram Vulners Bot - Exploit Search Engine And Security Feed In Your Pocket
Vulners Bot is a Telegram interface for popular vulnerability database. It gives you availability of searching for exploits, tools, patches and many more using Telegram inline queries. But the most powerful feature is customizable security subscriptions feeds. You can select predefined themes or...
Osintgram - A OSINT Tool On Instagram
Osintgram is a OSINT tool on Instagram. Osintgram offers an interactive shell to perform analysis on Instagram account of any users by its nickname. You can get: - addrs Get all registered addressed by target photos - captions Get user's photos captions - comments Get total comments of target's...
OpenCTI - Open Cyber Threat Intelligence Platform
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. The structuration of the data is...
Doenerium - Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)
Fully Undetected Grabber Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc. Features Stealer Discord Token Discord Info - Username, Phone number, Email, Billing, Nitro Status & Backup Codes Discord Friends with rare badges Grabs crypto wallets Zcash Armory Bytecoin Jaxx Exodus Ethere...
MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers
A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Weapons OS | Type | Name | Description ---|---|---|--- All | Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security RMS - is a powerful web interface that helps you to manipulate Android and iOS Apps at...
Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)
rtl433 despite the name is a generic data receiver, mainly for the 433.92 MHz, 868 MHz SRD, 315 MHz, 345 MHz, and 915 MHz ISM bands. The official source code is in the https://github.com/merbanan/rtl433/ repository. For more documentation and related projects see the https://triq.org/ site. It...
struts-pwn - An exploit for Apache Struts CVE-2017-5638
An exploit for Apache Struts CVE-2017-5638 Usage Testing a single URL. python struts-pwn.py --url 'http://example.com/struts2-showcase/index.action' -c 'id' Testing a list of URLs. python struts-pwn.py --list 'urls.txt' -c 'id' Checking if the vulnerability exists against a single URL. python...
OpenCVE - CVE Alerting Platform
OpenCVE , formerly known as Saucs , is a platform used to locally import the list of CVEs and perform searches on it by vendors, products, CVSS, CWE.... Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE. How does...
EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...
Drozer v2.4.4 - The Leading Security Assessment Framework For Android
drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...
StegCracker - Steganography Brute-Force Utility To Uncover Hidden Data Inside Files
Steganography brute-force utility to uncover hidden data inside files. Usage Using stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path to a wordlist of passwords to try as it's second parameter. If this is not set it will default to the rockyou.txt passwo...
SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...
DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry
Uses CVE-2019-18988 to enumerate and decrypt TeamViewer credentials from Windows registry. Blogpost detailing the vulnerability: https://whynotsecurity.com/blog/teamviewer/ Usage .\DecryptTeamViewer.exe Download DecryptTeamViewer...
Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses
Rubeus is a C toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project CC BY-NC-SA 4.0 license and Vincent LE TOUX's MakeMeEnterpriseAdmin project GPL v3.0 license. Full credit goes to Benjamin and Vincent for working out the hard components of...
WebMap - Nmap Web Dashboard And Reporting
A Web Dashbord for Nmap XML Report Usage You should use this with docker, just by sending this command: $ mkdir /tmp/webmap $ docker run -d \ --name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap $ now you can run Nmap and save the XML Report on /tmp/webmap $ nmap -s...
jSQL Injection v0.77 - Java application for automatic SQL database injection
jSQL Injection is a lightweight application used to find database information from a distant server. It's is free , open source and cross-platform Windows, Linux, Mac OS X. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions lik...
Beanshooter - JMX Enumeration And Attacking Tool
Beanshooter is a command line tool written in Java , which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often...
Infection Monkey - An Automated Pentest Tool
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...
BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacke...
Shodan Dorks
Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates...
Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connected devices. The dorks are designed to help security researchers discover potential vulnerabilities and configuration issues in various types of devices such ...
faker.js - Generate Massive Amounts of Fake Data
Generate massive amounts of fake data in Node.js and the browser. Demo https://cdn.rawgit.com/Marak/faker.js/master/examples/browser/index.html Hosted API Microservice http://faker.hook.io Supports all Faker API Methods Full-Featured Microservice Hosted by hook.io curl...
[Instant PDF Password Remover] Free PDF Password & Restrictions Removal Tool
Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc. Often we receive password protected PDF documents in the form of mobile...
Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
Instagram hacks: Track unfollowers, Increase your followers, Download Stories, etc Features: Unfollow Tracker Increase Followers Download: Stories, Saved Content, Following/followers list, Profile Info Unfollow all your following Usage: git clone https://github.com/thelinuxchoice/inshackle cd...
XSS Payload List - Cross Site Scripting Vulnerability Payload List
Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user...
SMWYG-Show-Me-What-You-Got - Tool To Search 1.4 Billion Clear Text Credentials Which Was Dumped As Part Of BreachCompilation Leak
This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. Screenshot Above...
Penglab - Abuse Of Google Colab For Cracking Hashes
Abuse of Google Colab for fun and profit. What is it ? Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. See benchmarks below. It installs by default : Hashcat John Hydra SSH with ngrok And now, it can also : Launch an...
Mitaka - A Browser Extension For OSINT Search
Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text. E.g. example.com to example.com, testatexample.com to [email protected], hxxp://example.com to http://example.com, etc. Search / scan it on various engines. E.g. VirusTotal,...
Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM
Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...