XCTR Hacking Tools - All in one tools for Information Gathering

All in one tools for Information Gathering. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUEdanvvVAkPBOspZkX397JxyXjnDNIATd5XbLZxVTPLzyCRJ1sMpQaEF7hH6x35GxYAT9L82ooTzK-EdywccEmklcpKtxIEsLBAYYDYNiTp...

Gophish - Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple - just download and extract the zip...

Penta - Open Source All-In-One CLI Tool To Automate Pentesting

Penta is is Pentest automation tool using Python3. Future! It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers. Installation Install requirements penta requires the following packages. Python3.7 pipenv Resolve python package dependency. $...

GhostSquadHackers - Encrypt/Encode Your Javascript Code

Encrypt/Encode your Javascript payloads/code. Windows Scripting This tool is meant to encode and encrypt your javascript code. Features Number Calculating ASCII codes Caeser-Encryption Hex Encoding Octal encoding Binary Encrypt Random Octal Quotes Add trash to code Url Encode current Extras: crea...

Anti-DDOS - Anti DDOS Bash Script

Programming Languages : BASH RUN root@ismailtasdelen: bash ./anti-ddos.sh Cloning an Existing Repository Clone with HTTPS git clone https://github.com/ismailtasdelen/Anti-DDOS.git Cloning an Existing Repository Clone withSSH git clone [email protected]:ismailtasdelen/Anti-DDOS.git Download...

Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...

Inspeckage - (Android Package Inspector) Dynamic Analysis With Api Hooks, Start Unexported Activities And More

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. http://ac-pm.github.io/Inspeckage https://twitter.com/inspeckage...

[Binwalk] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers

Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...

ShellGen - Reverse shell generator

This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address on tun0 the IPv4. INFORMATION Update has been made from sys library to argparse library done in version 0.8 Usage For help: shellgen -h shellgen --help If you want to skip update and just get...

SharpHide - Tool To Create Hidden Registry Keys

Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden null terminated registry key. This works by adding a null byte in front of the UNICODESTRING key valuename. More info about this technique can be found in the following whitepaper:...

BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

Command Injection Payload List

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. In this...

SniffAir - A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly...

GetAltName - Get Subject Alt Name From SSL Certificates

GetAltName it's a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your...

[Wireshark v1.8.7] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities

While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...

APCLdr - Payload Loader With Evasion Features

Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertabl...

Misp-Extractor - Tool That Connects To A MISP Instance And Retrieves Attributes Of Specific Types (Such As IP Addresses, URLs, And Hashes)

This code connects to a given MISP Malware Information Sharing Platform server and parses a given number of events, writing the IP addresses, URLs, and MD5 hashes found in the events to three separate files. Usage To use this script, you will need to provide the URL of your MISP instance and a...

Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...

Scrummage - The Ultimate OSINT And Threat Hunting Framework

VERSION 3.6 Code efficiency enhancements and bug fixes for plugins, and improved logging. Significant UI/UX enhancements. Organisation specific settings and configurations, allowing for predefined searches based on your organisation and it's users. Due to the above change, if you are upgrading fr...

AutoGadgetFS - USB Testing Made Easy

What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to condu...

Bxss - A Blind XSS Injector Tool

ABlind XSS Injector tool Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods PUT,POST,GET,OPTIONS all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments ...

DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index. Dagobah runs into the a LAMBDA and looks a...

RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking

RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the...

Zeek - A Powerful Network Analysis Framework That Is Much Different From The Typical IDS You May Know

A powerful framework for network traffic analysis and security monitoring. Key Features — Documentation — Getting Started — Development — License Follow us on Twitter at @zeekurity. Key Features In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis ...

AbsoluteZero - Python APT Backdoor

This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7...

Laforge - Security Competition Infrastructure Automation Framework

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a...

WhatCMS - CMS Detection And Exploit Kit Based On Whatcms.org API

CMS Detection and Exploit Kit based on Whatcms.org API. Introduction Whatcms.sh can currently detect the use of more than 330 different CMS applications and services to later indicate a list of valid security audit tools for the detected CMS. You need the whatcms.org API to use the tool: Get API...

SNMP-Brute - Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script

SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Requirements metasploit snmpwalk snmpstat john the ripper Usage python snmp-brute.py -t IP Options --help, -h show...

Hostscan - PHP tool for scanning specific range of hosts

Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft. How it...

Pyew - A Python tool for static malware analysis

Pyew is a command line python tool to analyse malware. It does have support for hexadecimal viewing, disassembly Intel 16, 32 and 64 bits, PE and ELF file formats it performs code analysis and let you write scripts using an API to perform many types of analysis, follows direct call/jmp instructio...

[bWAPP] an extremely buggy web application!

bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...

Autoharness - A Tool That Automatically Creates Fuzzing Harnesses Based On A Library

AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even...

Gorsair - Hacks Its Way Into Remote Docker Containers That Expose Their APIs

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk,...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...

APKLab - Android Reverse Engineering WorkBench For VS Code

APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...

Astsu - A Network Scanner Tool

How it works Scan common ports Send a TCP Syn packet to the destination on the defined port, if the port is open, use an nmap scan to check the service running on the port and prints all the ports found. Discover hosts in network Uses as a base the router's ip to map all possible ips. It then sen...

AWS Report - Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...

Dex2Jar - Tools To Work With Android .Dex And Java .Class Files

dex2jar Tools to work with android .dex and java .class files 1. dex-reader/writer: Read/write the Dalvik Executable .dex file. It has a light weight API similar with ASM. 2. d2j-dex2jar: Convert .dex file to .class files zipped as jar 3. smali/baksmali: disassemble dex to smali files and assembl...

BootStomp - A Bootloader Vulnerability Finder

BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper at https://seclab.cs.ucsb.edu/academic/publishing/bootstomp-security-bootloaders-mobile-devices-2017 To run...

PacketFence v4.3.0 - Free and Open Source network access control (NAC) solution

PacketFence is a fully supported , trusted , Free and Open Source network access control NAC solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer...

Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser

Instagram Brute Force CPU/GPU Supported 2024 Use option 2 while running the script. Option 1 is on development Chrome should be downloaded in device. Compatible and Tested GUI Supported Operating Systems Only Python 3.13 x64 bit Unix / Linux / Mac / Windows 8.1 and higher Install Requirements pip...

PentestGPT - A GPT-empowered Penetration Testing Tool

A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...

Smogcloud - Find Cloud Assets That No One Wants Exposed

Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral...

GHunt - Investigate Google Accounts With Emai

GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...

H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...

Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...