6011 matches found
KNXmap - KNXnet/IP scanning and auditing tool for KNX home automation installations
A tool for scanning and auditing KNXnet/IP gateways on IP driven networks. KNXnet/IP defines Ethernet as physical communication media for KNX EN 50090, ISO/IEC 14543. KNXmap also allows to scan for devices on the KNX bus via KNXnet/IP gateways. In addition to scanning, KNXmap supports other modes...
USBTracker - Script to track USB devices events and artifacts in a Windows OS
USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS vista and later. Special recommandations USBTracker read some protected log files and needs to be run with administrator permissions. The most simple w...
Pulsegram - Integrated Keylogger With Telegram
PulseGram is a keylogger integrated with a Telegram bot. It is a monitoring tool that captures keystrokes, clipboard content, and screenshots, sending all the information to a configured Telegram bot. It is designed for use in adversary simulations and security testing contexts. ⚠️ Warning: This...
ShowStopper - Anti-Debug tricks exploration tool
The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods. With this tool, you can attach a debugger to its process and research the debugger’s behavior for the...
Hidden-Cry - Windows Crypter/Decrypter Generator With AES 256 Bits Key
Windows Crypter/Decrypter Generator with AES 256 bits key Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable FUD - Don't Upload to virustotal.com! Legal disclaimer: Usage of Hidden-Cry for attacking targets without prior mutual consent is illegal. It's the end user's...
PathAuditor - Detecting Unsafe Path Access Patterns
The PathAuditor is a tool meant to find file access related vulnerabilities by auditing libc functions. The idea is roughly as follows: Audit every call to filesystem related libc functions performed by the binary. Check if the path used in the syscall is user-writable. In this case an unprivileg...
EyeWitness - Tool To Take Screenshots Of Websites, Provide Some Server Header Info, And Identify Default Credentials If Possible
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known. EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xm...
Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow
Checklist and tools for increasing security of Apache Airflow. DISCLAIMER This project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them. Contents The purpose of this project is provide tools to increase security of Apache Airflow. installations. This...
Userrecon v1.1.0 - Recognition Usernames In 187 Social Networks
Find usernames in 187 social networks. Installation 1. Install dependencies Debian/Ubuntu: sudo apt install python3 python3-pip 2. Install with pip3: sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git userrecon-py --help Building from Source Clone this repository, and: git clo...
PyWhatCMS - Unofficial WhatCMS API Package
Python package for whatcms.com API The package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems CMS Installation pip install pywhatcms Usage First of all, import pywhatcms: from pywhatcms import whatcms Query a domain: whatcms'API-KEY',...
TLS-Scanner - The TLS-Scanner Module From TLS-Attacker
TLS-Scanner is a tool created by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations. Please note: TLS-Scanner is a research tool intended for TLS developers, pentesters, administrator...
RDPY - Remote Desktop Protocol in Twisted Python
RDPY is a pure Python implementation of the Microsoft RDP Remote Desktop Protocol protocol client and server side. RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication through ntlmv2 authentication protocol. RDPY...
EvilURL v2.0 - An Unicode Domain Phishing Generator for IDN Homograph Attack
Generate unicode evil domains for IDN Homograph Attack and detect them. PREREQUISITES python 3.x for evilurl3.py TESTED ON:Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/EvilURL.git RUNNING cd EvilURL python3 evilurl.py CHANGELOG Full script updated to Python 3.x Python...
Inspeckage - (Android Package Inspector) Dynamic Analysis With Api Hooks, Start Unexported Activities And More
Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. http://ac-pm.github.io/Inspeckage https://twitter.com/inspeckage...
Tails 1.1.1 - The Amnesic Incognito Live System
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...
Network_Assessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor
With Wireshark or TCPdump, you can determine whether there is harmful activity on your network traffic that you have recorded on the network you monitor. This Python script analyzes network traffic in a given .pcap file and attempts to detect the following suspicious network activities and attack...
Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
AntiForensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase. Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident Response / Forensics Teams. Capabilities Unloading Sysmon Driver. Gutmann Method Fi...
The-Bastion - Authentication, Authorization, Traceability And Auditability For SSH Accesses
Bastions are a cluster of machines used as the unique entry point by operational teams such as sysadmins, developers, database admins, ... to securely connect to devices servers, virtual machines, cloud instances, network equipment, ..., usually using ssh. Bastions provides mechanisms for...
Creepy - A Geolocation OSINT Tool. Offers Geolocation Information Gathering Through Social Networking Platforms
This project is currently not maintained. I haven't put any work on it since 2016 and with the current state of the API access to instagram and twitter, and the default settings for their geolocation features cree.py wouldn't be of much use. I will live the repository and site up for the time but...
Subdomain3 - A New Generation Of Tool For Discovering Subdomains
Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Please enjoy it. Features More quick Three patterns for speed. User can modify the...
PESTO - PE (files) Statistical Tool
PESTO is a Python script that extracts and saves in a database some PE file security characteristics or flags searching for every PE binary in a whole directory, and saving results in a database. It checks for architecture flag in the header, and for the following security flags: ASLR, NOSEH, DEP...
XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit
XSRFProbe is an advanced Cross Site Request Forgery CSRF/XSRF Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate maliciously exploitable...
Nmap 7.60 - Free Security Scanner For Network Exploration & Security Audits
Nmap "Network Mapper" is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets...
Morpheus - Automated Ettercap TCP/IP Hijacking Tool
Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host... workflow: 1º - attacker - arp poison local lan...
VNCPassView - Recover the passwords stored by VNC
VNCPassView is a small utility that recover the passwords stored by the VNC tool. It can recover 2 of passwords: password stored for the current logged-on user HKEYCURRENTUSER in the Registry, and password stored for the all users. Using VNCPassView This utility doesn't require any installaion...
[IPv6 Toolkit v1.3] Security Assessment and Troubleshooting Tool for the IPv6 Protocols
A security assessment and troubleshooting tool for the IPv6 protocols. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. Supported platforms The following platforms are supported: FreeBSD, NetBSD, OpenBSD, Linux, and Mac O...
Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
Instagram Brute Force CPU/GPU Supported 2024 Use option 2 while running the script. Option 1 is on development Chrome should be downloaded in device. Compatible and Tested GUI Supported Operating Systems Only Python 3.13 x64 bit Unix / Linux / Mac / Windows 8.1 and higher Install Requirements pip...
Odin - Central IoC Scanner Based On Loki
Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...
GitOops - All Paths Lead To Clouds
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables...
Concealed Position - Bring Your Own Print Driver Privilege Escalation Tool
Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position CP uses the as designed package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. C...
PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...
Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence
Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. To learn more about Tsunami, visit our documentations. Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All...
WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!
WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview. Disclaimer : WiFi Passview is NOT...
IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP:...
Mondoo - Cloud-Native Security And Vulnerability Risk Management
Quick Start Install mondoo: Workstation export MONDOOREGISTRATIONTOKEN='changeme' curl -sSL http://mondoo.io/download.sh | bash Service export MONDOOREGISTRATIONTOKEN='changeme' curl -sSL http://mondoo.io/install.sh | bash For other installation methods, have a look at our documentation. Run a...
DNS-Shell - An Interactive Shell Over DNS Channel
DNS-Shell is an interactive Shell over DNS channel. The server is Python based and can run on any operating system that has python installed, the payload is an encoded PowerShell command. Understanding DNS-Shell The Payload is generated when the sever script is invoked and it simply utilizes...
DeepSearch - Advanced Web Dir Scanner
DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots Usage Basic: python3 deepsearch.py -u...
Faraday v2.6 - Collaborative Penetration Test and Vulnerability Management Platform
Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time , letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...
pyrasite - Inject code into running Python processes
Tools for injecting arbitrary code into running Python processes. Requirements gdb version 7.3+ or RHEL5+ On OS X you will need to have a codesigned gdb - see https://sourceware.org/gdb/wiki/BuildingOnDarwin if you get errors while running with --verbose which mention codesigning. Compatiblity...
SSLsplit - transparent SSL/TLS interception
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...
Exploit Linux 3.4+ Arbitrary write with CONFIG_X86_X32
CVE: 2014-0038 Author: saelo Published: 2014-02-02 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to a...
[ARPwner] ARP and DNS Poisoning Attack Tool
ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs. This tool was released by...
[theHarvester v2.2a] Tool for Gathering
theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in ord...
Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
Camtruder is a high-performance RTSP camera discovery and vulnerability assessment tool written in Go. It efficiently scans and identifies vulnerable RTSP cameras across networks using various authentication methods and path combinations, with support for both targeted and internet-wide scanning...
BoobSnail - Allows Generating Excel 4.0 XLM Macro
BoobSnail allows generating XLM Excel 4.0 macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques; various obfuscation techniques; translation of formulas into languages other than English; can be used as a library - you can easily...
adalanche - Active Directory ACL Visualizer and Explorer
Tags: API Documentation, Access, Active Directory, Analysis, Binary, LDAP, Linux, Max, Memory, Parameter, Reverse, Takeover, Windows, pwned, Adalanche adalanche - Active Directory ACL Visualizer - who's really Domain Admin? Adalanche - Active Directory Acl Visualizer - Who'S Really Domain Admin?...
WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls
A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...
SnitchDNS - Database Driven DNS Server With A Web UI
SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...
Evine - Interactive CLI Web Crawler
Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...
HackingTool - ALL IN ONE Hacking Tool For Hackers
This project still in BETA so you may face problems, Please open an issue so i'll fix them..!! Hackingtool Menu AnonSurf Information Gathering Password Attack Wireless Attack SQL Injection Tools Phishing Attack Web Attack Tool Post exploitation Forensic Tools Payload Creator Router Exploit Wifi...