6011 matches found
HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...
Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers
Automated Application Generation for Stack Overflow Types on Wireless Routers Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the...
Zydra - File Password Recovery Tool And Linux Shadow File Cracker
Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords. Supported Files RAR Files Legacy ZIP Files PDF Files Linux Shadow Files zydra can find all the user’s password in the linux shadow file one after the...
SALT - SLUB ALlocator Tracer For The Linux Kernel
Welcome to salt , a tool to reverse and learn kernel heap memory management. It can be useful to develop an exploit, to debug your own kernel code, and, more importantly, to play with the kernel heap allocations and learn its inner workings. This tool helps tracing allocations and the current sta...
Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...
WPScan v3.3.1 - Black Box WordPress Vulnerability Scanner
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...
Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security
The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Refer tohttps://madhuakula.com/kubernetes-goat for the guide. Show us some Please feel free to send us a PR and show some Upcoming Training's and Sessions DEFCON DEMO...
Redteam-Hardware-Toolkit - Red Team Hardware Toolkit
A collection of hardware s that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request. A Red Team should be formed with the intention of identifying and assessing vulnerabilities, testing assumptions,...
TEA - Ssh-Client Worm
A ssh-client worm made with tas framework. How it works? This is a fakessh-client that manipulates the tty input/output to execute arbitrary commands and upload itself through the ssh connection. To work properly, the remote machine needs: display the "Last login" message when login. dd and stty...
Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments
Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible. Installation This tool is...
Syhunt Community 6.7 - Web And Mobile Application Scanner
Syhunt Community is a web and now mobile application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed...
SQLiScanner - Automatic SQL Injection With Charles And Sqlmap API
Automatic SQL injection with Charles and sqlmapapi Dependencies Django PostgreSQL Celery sqlmap redis Supported platforms Linux osx Installation Preferably, you can download SQLiScanner by cloning the Git repository: git clone https://github.com/0xbug/SQLiScanner.git --depth 1 You can download...
Skiptracer - OSINT Webscaping Framework
Initial attack vectors for recon usually involve utilizing pay-for-data/API Recon-NG, or paying to utilize transforms Maltego to get data mining results. Skiptracer utilizes some basic python webscraping BeautifulSoup of PII paywall sites to compile passive information on a target on a ramen nood...
Tor Browser 8.0 - Everything you Need to Safely Browse the Internet
Tor Browser 8.0, is the first stable release based on Firefox 60 ESR, is now available from the Tor Browser Project page and also from distribution directory. This release is all about users first. Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term...
Namechk - Osint Tool Based On Namechk.Com For Checking Usernames On More Than 100 Websites, Forums And Social Networks
Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks. Use: Search available username: ./namechk.sh -au Search available username on specifics websites: ./namechk.sh -au -co Search available username list: ./namechk.sh -l -au Search used...
Ruler - A Tool To Abuse Exchange Services
Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules as described in: Silentbreak blog Silentbreak did a great job with this attack and it has served us well. The only downside has been that it...
[JBrute] Open Source Security tool to audit hashed passwords
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1....
Pyre-Check - Performant Type-Checking For Python
Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code. Pyre ships with Pysa , a security focused static analysis tool we've built on top of Py...
Oralyzer - Tool To Identify Open Redirection
Oralyzer, a simple python script, capable of identifying the open redirection vulnerability in a website. It does that by fuzzing the url i.e. provided as the input. Features Oralyzer can identify different types of Open Redirect Vulnerabilities : Header Based Javascript Based Meta Tag Based...
Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting. Weapons Type | Name | Description ---|---|--- Army-Knife/ALL | BurpSuite | the BurpSuite project Army-Knife/SCAN | jaeles | The Swiss Army knife for automated Web Application Testing Army-Knife/ALL | zaproxy | The...
Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...
SKA - Simple Karma Attack
SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP evil twin attack. When the target has connected to your WLAN you could active the HTTP redirection and perform a...
Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code
A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on...
Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing
NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...
Deep Explorer - Tool Which Purpose Is The Search Of Hidden Services In Tor Network, Using Ahmia Browser And Crawling The Links Obtained
Dependencies pip3 install -r requirements.txt also you should have Tor installed Usage python3 deepexplorer.py STRINGTOSEARCH NUMBEROFRESULTS TYPEOFCRAWL Examples: python3 deepexplorer.py "legal thing" 40 default legal will crawl if results obtained in browser do not reach 40, also the script wil...
Kamerka - Build Interactive Map Of Cameras From Shodan
Build an interactive map of cameras from Shodan. The script creates a map of Shodan cameras based on your address or coordinates. https://medium.com/@wojciech/%EA%93%98amerka-build-interactive-map-of-cameras-from-shodan-a0267849ec0a Requirements Shodan Geopy Foilum Colorama pip install -r...
Pentest-Machine - Automates Some Pentest Jobs Via Nmap Xml File
Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included. HT...
Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux
A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs: CVE-2017-5753 bounds check bypass Spectre Variant 1 Impact: Kernel & all software Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode...
Plecost v1.1.1 - Wordpress Finger Printer Tool
What's Plecost? Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. Why? There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge ...
pulledpork - Pulled Pork for Snort and Suricata Rule Management
PulledPork for Snort and Suricata rule management from Google code Features and Capabilities Automated downloading, parsing, state modification and rule modification for all of your snort rulesets. Checksum verification for all major rule downloads Automatic generation of updated sid-msg.map file...
Spraygen - Password List Generator For Password Spraying
Password list generator for password spraying - prebaked with goodies Version 1.4 Generates permutations of Months, Seasons, Years, Sports Teams NFL, NBA, MLB, NHL, Sports Scores, "Password", and even Iterable Keyspaces of a specified size. All permutations are generated with common attributes...
EternalBlueC - EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader
EternalBlue suite remade in C which includes: MS17-010 Exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector and DoublePulsar UploadDLL & Shellcode ms17vulnstatus.cpp - This program sends 4 SMB packets. 1 negociation packet and 3 requests. This program reads the NTSTATUS...
Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paper We present our approach and the findings of this work in the following research paper: KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware PDF Nilo Redini, Aravind...
LinuxCheck - Linux Information Collection Script
A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System...
Auto Re - IDA PRO Auto-Renaming Plugin With Tagging Support
IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG...
PFQ - Functional Network Framework For Multi-Core Architectures
PFQ is a functional framework designed for the Linux operating system built for efficient packets capture/transmission 10G, 40G and beyond, in-kernel functional processing, kernel-bypass and packets steering across groups of sockets/end-points. It is highly optimized for multi-core architecture, ...
UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc
The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...
Shed - .NET Runtime Inspector
Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject ...
SQLMap v1.2.11 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
XXRF Shots - Tool to Test SSRF Vulnerabilities
What is SSRF vulnerability? Server Side Request Forgery SSRF is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external...
Phishing-Frenzy - Ruby On Rails Phishing Framework
Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The project was started in 2013 by the founder Brandon "zeknox" McCann. Brandon identified inefficiencies in the way that many penetration testers were conducti...
Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative
ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP Return Oriented Programming Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be...
Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2...
Recon Simplified with Spyse
One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the...
Scripthunter - Tool To Find JavaScript Files On Websites
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpo...
Spyre - Simple YARA-based IOC Scanner
...a simple, self-contained modular host-based IOC scanner Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicators of compromise. Users need to bring...
EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions. Legal disclaimer: Usage of...
RTTM - Real Time Threat Monitoring Tool
Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM Real Time Threat Monitoring...
Unicorn-Bios - Basic BIOS Emulator For Unicorn Engine
Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios OPTIONS BOOTIMG Options: --help / -h: Displays help. --memory / -m: The amount of memory to allocate for the virtual machine in megabytes. Defaults to 64MB, minimu...
Sub.Sh - Online Subdomain Detect Script
OnlineSubdomain Detect Script. USAGE Script bash sub.sh webscantest.com ./sub.sh webscantest.com Curl curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s webscantest.com Subdomain Alive Check bash subalive.sh bing.com curl -s -L...