Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down...

xShock - Shellshock Exploit

xShock ShellShock CVE-2014-6271 This tool exploits shellshock. Written by Hulya Karabag Version 1.0.0 Instagram: Capture the Root Screenshots...

Devploit v3.6 - Information Gathering Tool

Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit To run in Android you do not install file Run direct python2 Devploit Properties: DNS Lookup Whois...

MaskPhish - Give A Mask To Phishing URL

MaskPhish is a simple script to hidephishing URL under a normal looking URLgoogle.com or facebook.com. Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws...

Remote-Method-Guesser - Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser rmg is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations if...

OWASP ZAP 2.4.0 - Penetration Testing Tool for Testing Web Applications

ZAP is an OWASP Flagship project, and is currently the most active open source web application security tool. For a quick introduction to the new release see this video: Some of the most significant changes include: ‘Attack’ Mode A new ‘attack’ mode has been added that means that applications tha...

Tor Browser Bundle 3.5

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series. Packages are now available from the Tor download page as well as the Tor Package archive. For now, the Pluggable Transports-capable TBB is still a separate...

Watson - Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities

Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004 Server 2016 & 2019 Usage C:\ Watson.exe / / /\ \ \ | | \ / / / | / |/ | ' \ \ /\ / | |...

Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.  For Android platform: frida-android-hook  For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS |...

H8Mail - Email OSINT And Password Breach Hunting

Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...

S3BucketList - Firefox Plugin The Lists Amazon S3 Buckets Found In Requests

S3BucketList is a Firefox plugin that records S3 Buckets found in requests. It is currently a work in progress and additional features will be added in the future. This plugin will also be ported to other browsers in the future. Stay tuned! Installation This plugin is already available in Firefox...

EfiGuard - Disable PatchGuard And DSE At Boot Time

EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement DSE. Features Currently supports all EFI-compatible versions of Windows x64 ever released, from Vista SP1 to Server...

Kali NetHunter 3.0 - Android Mobile Penetration Testing Platform

What’s New in Kali NetHunter 3.0 NetHunter Android Application Rewrite The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter...

Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically

Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to...

CamRaptor - Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. Features Exploits vulnerabilities in most popular camera models such as Novo, CeNova and QSee. Optimized to exploit multiple cameras at one time from list with threading enabled...

Telegram Vulners Bot - Exploit Search Engine And Security Feed In Your Pocket

Vulners Bot is a Telegram interface for popular vulnerability database. It gives you availability of searching for exploits, tools, patches and many more using Telegram inline queries. But the most powerful feature is customizable security subscriptions feeds. You can select predefined themes or...

jwt-cracker - Simple HS256 JWT Token Brute Force Cracker

Simple HS256 JWT token brute force cracker. Effective only to crack JWT tokens with weak secrets. Recommendation : Use strong long secrets or RS256 tokens. Install With npm: npm install --global jwt-cracker Usage From command line: jwt-cracker Where: token : the full HS256 JWT token string to cra...

Evilgophish - Evilginx2 + Gophish

Combination of evilginx2 and GoPhish. Credits Before I begin, I would like to say that I am in no way bashing Kuba Gretzky and his work. I thank him personally for releasing evilginx2 to the public. In fact, without his work this work would not exist. I must also thank Jordan Wright for...

Doenerium - Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.)

Fully Undetected Grabber Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc. Features Stealer Discord Token Discord Info - Username, Phone number, Email, Billing, Nitro Status & Backup Codes Discord Friends with rare badges Grabs crypto wallets Zcash Armory Bytecoin Jaxx Exodus Ethere...

MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Weapons OS | Type | Name | Description ---|---|---|--- All | Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security RMS - is a powerful web interface that helps you to manipulate Android and iOS Apps at...

Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just...

OpenCTI - Open Cyber Threat Intelligence Platform

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. The structuration of the data is...

Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)

rtl433 despite the name is a generic data receiver, mainly for the 433.92 MHz, 868 MHz SRD, 315 MHz, 345 MHz, and 915 MHz ISM bands. The official source code is in the https://github.com/merbanan/rtl433/ repository. For more documentation and related projects see the https://triq.org/ site. It...

OpenCVE - CVE Alerting Platform

OpenCVE , formerly known as Saucs , is a platform used to locally import the list of CVEs and perform searches on it by vendors, products, CVSS, CWE.... Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE. How does...

struts-pwn - An exploit for Apache Struts CVE-2017-5638

An exploit for Apache Struts CVE-2017-5638 Usage Testing a single URL. python struts-pwn.py --url 'http://example.com/struts2-showcase/index.action' -c 'id' Testing a list of URLs. python struts-pwn.py --list 'urls.txt' -c 'id' Checking if the vulnerability exists against a single URL. python...

Osintgram - A OSINT Tool On Instagram

Osintgram is a OSINT tool on Instagram. Osintgram offers an interactive shell to perform analysis on Instagram account of any users by its nickname. You can get: - addrs Get all registered addressed by target photos - captions Get user's photos captions - comments Get total comments of target's...

Drozer v2.4.4 - The Leading Security Assessment Framework For Android

drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...

DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry

Uses CVE-2019-18988 to enumerate and decrypt TeamViewer credentials from Windows registry. Blogpost detailing the vulnerability: https://whynotsecurity.com/blog/teamviewer/ Usage .\DecryptTeamViewer.exe Download DecryptTeamViewer...

StegCracker - Steganography Brute-Force Utility To Uncover Hidden Data Inside Files

Steganography brute-force utility to uncover hidden data inside files. Usage Using stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path to a wordlist of passwords to try as it's second parameter. If this is not set it will default to the rockyou.txt passwo...

Ttyd - Share Your Terminal Over The Web

ttyd is a simple command-line tool for sharing terminal over the web, inspired by GoTTY. Features Built on top of Libwebsockets with C for speed Fully-featured terminal based on Xterm.js with CJK and IME support Graphical ZMODEM integration with lrzsz support SSL support based on OpenSSL Run any...

Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses

Rubeus is a C toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project CC BY-NC-SA 4.0 license and Vincent LE TOUX's MakeMeEnterpriseAdmin project GPL v3.0 license. Full credit goes to Benjamin and Vincent for working out the hard components of...

WebMap - Nmap Web Dashboard And Reporting

A Web Dashbord for Nmap XML Report Usage You should use this with docker, just by sending this command: $ mkdir /tmp/webmap $ docker run -d \ --name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap $ now you can run Nmap and save the XML Report on /tmp/webmap $ nmap -s...

Beanshooter - JMX Enumeration And Attacking Tool

Beanshooter is a command line tool written in Java , which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often...

Infection Monkey - An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...

BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacke...

jSQL Injection v0.77 - Java application for automatic SQL database injection

jSQL Injection is a lightweight application used to find database information from a distant server. It's is free , open source and cross-platform Windows, Linux, Mac OS X. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions lik...

SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool

SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...

faker.js - Generate Massive Amounts of Fake Data

Generate massive amounts of fake data in Node.js and the browser. Demo https://cdn.rawgit.com/Marak/faker.js/master/examples/browser/index.html Hosted API Microservice http://faker.hook.io Supports all Faker API Methods Full-Featured Microservice Hosted by hook.io curl...

Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. Extended documentation: http://kiminewt.github.io/pyshark Python2 deprecation - This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy...

[Instant PDF Password Remover] Free PDF Password & Restrictions Removal Tool

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc. Often we receive password protected PDF documents in the form of mobile...

Inshackle - Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc

Instagram hacks: Track unfollowers, Increase your followers, Download Stories, etc Features: Unfollow Tracker Increase Followers Download: Stories, Saved Content, Following/followers list, Profile Info Unfollow all your following Usage: git clone https://github.com/thelinuxchoice/inshackle cd...

SMWYG-Show-Me-What-You-Got - Tool To Search 1.4 Billion Clear Text Credentials Which Was Dumped As Part Of BreachCompilation Leak

This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. Screenshot Above...

Shodan Dorks

Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates...

Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices

This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connected devices. The dorks are designed to help security researchers discover potential vulnerabilities and configuration issues in various types of devices such ...

Penglab - Abuse Of Google Colab For Cracking Hashes

Abuse of Google Colab for fun and profit. What is it ? Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. See benchmarks below. It installs by default : Hashcat John Hydra SSH with ngrok And now, it can also : Launch an...

XSS Payload List - Cross Site Scripting Vulnerability Payload List

Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user...

ISF - Industrial Control System Exploitation Framework

ISFIndustrial Exploitation Framework is a exploitation framework based on Python, it's similar to metasploit framework. ISF is based on open source project routersploit. Read this in other languages:English, 简体中文, ICS Protocol Clients Name | Path | Description ---|---|--- modbustcpclient |...

Getdroid - FUD Android Payload And Listener

FUD Android Payload And Listener Read the license before using any part from this code Malicious Android apk generator Reverse Shell Legal disclaimer: Usage of GetDroid for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local,...

Mitaka - A Browser Extension For OSINT Search

Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text. E.g. example.com to example.com, testatexample.com to [email protected], hxxp://example.com to http://example.com, etc. Search / scan it on various engines. E.g. VirusTotal,...

Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture PCAP files and Zeek formerly Bro logs. These artifacts can be uploaded via a simple browser-based interface or...