IIS-Raid - A Native Backdoor Module For Microsoft IIS (Internet Information Services)

IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker. Documentation When installed, IIS-Raid will process every request and method, check if the X-Password header exists and compare it against the...

Acunetix Vulnerability Scanner Version For Linux

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost-effective and secure, Linux is the server operating system of choice for many large organizations including Facebook, Twitter, and Google. Acunetix is...

Faraday v2.6 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time , letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

pyrasite - Inject code into running Python processes

Tools for injecting arbitrary code into running Python processes. Requirements gdb version 7.3+ or RHEL5+ On OS X you will need to have a codesigned gdb - see https://sourceware.org/gdb/wiki/BuildingOnDarwin if you get errors while running with --verbose which mention codesigning. Compatiblity...

Morpheus - Automated Ettercap TCP/IP Hijacking Tool

Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host... workflow: 1º - attacker - arp poison local lan...

Auto-Elevate - Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation

This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method 41 ICMLuaUtil UAC bypass from...

WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls

A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...

SnitchDNS - Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...

PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...

HackingTool - ALL IN ONE Hacking Tool For Hackers

This project still in BETA so you may face problems, Please open an issue so i'll fix them..!! Hackingtool Menu AnonSurf Information Gathering Password Attack Wireless Attack SQL Injection Tools Phishing Attack Web Attack Tool Post exploitation Forensic Tools Payload Creator Router Exploit Wifi...

Jeopardize - A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains

Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates typosquatting, homograph etc., analyzes them and assigns a risk score to them. After then, it sends...

dnsFookup - DNS Rebinding Toolkit

DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...

IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt

The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP:...

TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager

Simple way to disable/rename buttons from a task manager. Installation git clone https://github.com/Mrakovic-ORG/TaskManager-Button-Disabler cd TaskManager-Button-Disabler\TaskManager Button Disabler dotnet build Features Rename kill proccess button Disable kill proccess button Works in TaskMgr,...

FockCache - Minimalized Test Cache Poisoning

FockCache - Minimalized Test Cache Poisoning Detail For Cache Poisoning : https://portswigger.net/research/practical-web-cache-poisoning FockCache FockCache tries to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. After successful result, it gives you ...

B2R2 - Collection Of Useful Algorithms, Functions, And Tools For Binary Analysis

B2R2 is a collection of useful algorithms, functions, and tools for binary analysis , written purely in F in .NET lingo, it is purely managed code. B2R2 has been named after R2-D2, a famous fictional robot appeared in the Star Wars. In fact, B2R2's original name was B2-R2 , but we decided to use...

Grapl - Graph Platform For Detection And Response

Grapl is a Graph Platform for Detection and Response. For a more in depth overview of Grapl, read this. In short, Grapl will take raw logs, convert them into graphs, and merge those graphs into a Master Graph. It will then orchestrate the execution of your attack signatures and provide tools for...

Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)

Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. Installation macOS brew cask install sampler or curl -Lo /usr/local/bin/sampler https://github.com/sqshq/sampler/releases/download/v1.0.1/sampler-1.0.1-darwin-amd64 chmod +x...

W13Scan - Passive Security Scanner

W13scan is a proxy-based web scanner that runs on Linux/Windows/Mac systems. Begin Demo Pure Python and Python version = 3 Can you use star to encourage the author ？ Install pip3 install w13scan Usage help w13scan -h running w13scan -s 127.0.0.1:7778 HTTPS Support If you want w13scan to support...

Machinae v1.4.8 - Security Intelligence Collector

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes, and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae...

nodeCrypto - Ransomware Written In NodeJs

Ransomware written in NodeJs. Install and run git clone https://github.com/atmoner/nodeCrypto.git cd nodeCrypto && npm install You must edit first variable in index.js Once your configuration is complete, you can start the ransomware. node index.js The files at the root of the web server will...

KisMac - Open Source Wireless Stumbling And Security Tool For Mac OS X

KisMAC is a free, open source wireless stumbling and security tool for Mac OS X. Whats new: Mac OS 10.9 - 10.12 64-bit only ARC 64-bit only New GUI Modern Objective-c syntax Rewrote most part of deprecated methods Remove debug info from release How Build: git clone...

EvilURL v2.0 - An Unicode Domain Phishing Generator for IDN Homograph Attack

Generate unicode evil domains for IDN Homograph Attack and detect them. PREREQUISITES python 3.x for evilurl3.py TESTED ON:Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/EvilURL.git RUNNING cd EvilURL python3 evilurl.py CHANGELOG Full script updated to Python 3.x Python...

SSLsplit - transparent SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...

Exploit Linux 3.4+ Arbitrary write with CONFIG_X86_X32

CVE: 2014-0038 Author: saelo Published: 2014-02-02 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to a...

[theHarvester v2.2a] Tool for Gathering

theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in ord...

Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool

Camtruder is a high-performance RTSP camera discovery and vulnerability assessment tool written in Go. It efficiently scans and identifies vulnerable RTSP cameras across networks using various authentication methods and path combinations, with support for both targeted and internet-wide scanning...

Odin - Central IoC Scanner Based On Loki

Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...

BoobSnail - Allows Generating Excel 4.0 XLM Macro

BoobSnail allows generating XLM Excel 4.0 macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques; various obfuscation techniques; translation of formulas into languages other than English; can be used as a library - you can easily...

MEAT - This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices and Android in the future. Requirements to run from source Windows or Linux Python 3.7.4 or 3.7.2 Pip...

GhostTunnel - A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...

MARA Framework - Mobile Application Reverse engineering and Analysis Framework

MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security...

Tails 1.1.1 - The Amnesic Incognito Live System

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...

Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management ASM toolkit designed to map out an organization's entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with...

Thunderstorm - Modular Framework To Exploit UPS Devices

Thunderstorm is a modular framework to exploit UPS devices. For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future. CVE Thunderstorm is currently capable of exploiting the following CVE: CVE-2022-47186 – Unrestricted fi...

Zphisher-GUI-Back_office - A Zphisher GUI Back-Office Plugin

DISCLAIMER This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way. This Tool is made for educational purposes only. Do not attempt to viola...

adalanche - Active Directory ACL Visualizer and Explorer

Tags: API Documentation, Access, Active Directory, Analysis, Binary, LDAP, Linux, Max, Memory, Parameter, Reverse, Takeover, Windows, pwned, Adalanche adalanche - Active Directory ACL Visualizer - who's really Domain Admin? Adalanche - Active Directory Acl Visualizer - Who'S Really Domain Admin?...

Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)

Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...

Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing

GuardedBox is an open-source online client-side manager for secure storage and secrets sharing. It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups. Secre...

Genact - A Nonsense Activity Generator

Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of genact and watch the show. genact has multiple scenes that pretend to be doing something exciting or useful when in realit...

ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting

ezXSS is an easy way for penetration testers and bug bounty hunters to test blind Cross Site Scripting. Current features Some features ezXSS has Easy to use dashboard with statics, payloads, view/share/search reports and more Payload generator Instant email alert on payload Custom javascript...

Tachyon - Fast HTTP Dead File Finder

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install: $...

Ntopng - Web-based Traffic And Security Network Traffic Monitoring

ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well. ntopng – yes, it’s all lowercase –...

Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources

Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified...

Rubocop - A Ruby Static Code Analyzer, Based On The Community Ruby Style Guide

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide . Most aspects of its behavior can be tweaked via various configuration options. Installation RuboCop 's installation is pretty standard: $ gem install rubocop ...

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT Open Source Intelligence and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

Evine - Interactive CLI Web Crawler

Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...

Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public

This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of the .git repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list. Installation - git...

XCTR Hacking Tools - All in one tools for Information Gathering

All in one tools for Information Gathering. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUEdanvvVAkPBOspZkX397JxyXjnDNIATd5XbLZxVTPLzyCRJ1sMpQaEF7hH6x35GxYAT9L82ooTzK-EdywccEmklcpKtxIEsLBAYYDYNiTp...