6011 matches found
Sparrow-Wifi - Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux
Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use case...
Grapl - Graph Platform For Detection And Response
Grapl is a Graph Platform for Detection and Response. For a more in depth overview of Grapl, read this. In short, Grapl will take raw logs, convert them into graphs, and merge those graphs into a Master Graph. It will then orchestrate the execution of your attack signatures and provide tools for...
W13Scan - Passive Security Scanner
W13scan is a proxy-based web scanner that runs on Linux/Windows/Mac systems. Begin Demo Pure Python and Python version = 3 Can you use star to encourage the author ? Install pip3 install w13scan Usage help w13scan -h running w13scan -s 127.0.0.1:7778 HTTPS Support If you want w13scan to support...
Machinae v1.4.8 - Security Intelligence Collector
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes, and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae...
Acunetix Vulnerability Scanner Version For Linux
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost-effective and secure, Linux is the server operating system of choice for many large organizations including Facebook, Twitter, and Google. Acunetix is...
KisMac - Open Source Wireless Stumbling And Security Tool For Mac OS X
KisMAC is a free, open source wireless stumbling and security tool for Mac OS X. Whats new: Mac OS 10.9 - 10.12 64-bit only ARC 64-bit only New GUI Modern Objective-c syntax Rewrote most part of deprecated methods Remove debug info from release How Build: git clone...
Auto-Elevate - Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method 41 ICMLuaUtil UAC bypass from...
FockCache - Minimalized Test Cache Poisoning
FockCache - Minimalized Test Cache Poisoning Detail For Cache Poisoning : https://portswigger.net/research/practical-web-cache-poisoning FockCache FockCache tries to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. After successful result, it gives you ...
huskyCI - Performing Security Tests Inside Your CI
huskyCI is an open-source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics. How does it work? The main goal of this project is to help development teams improve the quality of their code by...
B2R2 - Collection Of Useful Algorithms, Functions, And Tools For Binary Analysis
B2R2 is a collection of useful algorithms, functions, and tools for binary analysis , written purely in F in .NET lingo, it is purely managed code. B2R2 has been named after R2-D2, a famous fictional robot appeared in the Star Wars. In fact, B2R2's original name was B2-R2 , but we decided to use...
Tachyon - Fast HTTP Dead File Finder
Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install: $...
GhostTunnel - A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment
GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...
Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources
Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified...
Rubocop - A Ruby Static Code Analyzer, Based On The Community Ruby Style Guide
RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide . Most aspects of its behavior can be tweaked via various configuration options. Installation RuboCop 's installation is pretty standard: $ gem install rubocop ...
[bWAPP] an extremely buggy web application!
bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...
[Binwalk] Firmware Analysis Tool
Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...
FindUncommonShares - A Python Equivalent Of PowerView's Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains
The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domai...
Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)
Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...
Jeopardize - A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains
Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates typosquatting, homograph etc., analyzes them and assigns a risk score to them. After then, it sends...
dnsFookup - DNS Rebinding Toolkit
DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...
ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting
ezXSS is an easy way for penetration testers and bug bounty hunters to test blind Cross Site Scripting. Current features Some features ezXSS has Easy to use dashboard with statics, payloads, view/share/search reports and more Payload generator Instant email alert on payload Custom javascript...
Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)
Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. Installation macOS brew cask install sampler or curl -Lo /usr/local/bin/sampler https://github.com/sqshq/sampler/releases/download/v1.0.1/sampler-1.0.1-darwin-amd64 chmod +x...
nodeCrypto - Ransomware Written In NodeJs
Ransomware written in NodeJs. Install and run git clone https://github.com/atmoner/nodeCrypto.git cd nodeCrypto && npm install You must edit first variable in index.js Once your configuration is complete, you can start the ransomware. node index.js The files at the root of the web server will...
ezsploit - Linux Bash Script Automation For Metasploit
Command line script for automatingmetasploit functions: Checks for metasploit service and starts if not present Easily craft meterpreter reversetcp payloads for Windows, Linux, Android and Mac Start multiple meterpreter reversetcp listners Assistance with building basic persistence options and...
MARA Framework - Mobile Application Reverse engineering and Analysis Framework
MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security...
Pyew - A Python tool for static malware analysis
Pyew is a command line python tool to analyse malware. It does have support for hexadecimal viewing, disassembly Intel 16, 32 and 64 bits, PE and ELF file formats it performs code analysis and let you write scripts using an API to perform many types of analysis, follows direct call/jmp instructio...
APCLdr - Payload Loader With Evasion Features
Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertabl...
Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework
Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...
Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers
Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...
Autoenum - Automatic Service Enumeration Script
Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments i.e. HTB, VulnHub, OSCP and draws a bit from a number of existing tools including AutoRecon https://github.com/Tib3rius/AutoRecon, Auto-Rec...
Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing
GuardedBox is an open-source online client-side manager for secure storage and secrets sharing. It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups. Secre...
XCTR Hacking Tools - All in one tools for Information Gathering
All in one tools for Information Gathering. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUEdanvvVAkPBOspZkX397JxyXjnDNIATd5XbLZxVTPLzyCRJ1sMpQaEF7hH6x35GxYAT9L82ooTzK-EdywccEmklcpKtxIEsLBAYYDYNiTp...
Gophish - Open-Source Phishing Toolkit
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple - just download and extract the zip...
Genact - A Nonsense Activity Generator
Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of genact and watch the show. genact has multiple scenes that pretend to be doing something exciting or useful when in realit...
GhostSquadHackers - Encrypt/Encode Your Javascript Code
Encrypt/Encode your Javascript payloads/code. Windows Scripting This tool is meant to encode and encrypt your javascript code. Features Number Calculating ASCII codes Caeser-Encryption Hex Encoding Octal encoding Binary Encrypt Random Octal Quotes Add trash to code Url Encode current Extras: crea...
Ntopng - Web-based Traffic And Security Network Traffic Monitoring
ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well. ntopng – yes, it’s all lowercase –...
WhatCMS - CMS Detection And Exploit Kit Based On Whatcms.org API
CMS Detection and Exploit Kit based on Whatcms.org API. Introduction Whatcms.sh can currently detect the use of more than 330 different CMS applications and services to later indicate a list of valid security audit tools for the detected CMS. You need the whatcms.org API to use the tool: Get API...
XBruteForcer - CMS Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento)
Brute Force Tool: WP , Joomla , DruPal , OpenCart , Magento Simple brute force script 1 WordPress Auto Detect Username 2 Joomla 3 DruPal 4 OpenCart 5 Magento 6 All Auto Detect CMS Usage Short Form | Long Form | Description ---|---|--- -l | --list | websites list -p | --passwords | Passwords list...
Anti-DDOS - Anti DDOS Bash Script
Programming Languages : BASH RUN root@ismailtasdelen: bash ./anti-ddos.sh Cloning an Existing Repository Clone with HTTPS git clone https://github.com/ismailtasdelen/Anti-DDOS.git Cloning an Existing Repository Clone withSSH git clone [email protected]:ismailtasdelen/Anti-DDOS.git Download...
PacketFence v4.3.0 - Free and Open Source network access control (NAC) solution
PacketFence is a fully supported , trusted , Free and Open Source network access control NAC solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer...
GHunt - Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...
ShellGen - Reverse shell generator
This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address on tun0 the IPv4. INFORMATION Update has been made from sys library to argparse library done in version 0.8 Usage For help: shellgen -h shellgen --help If you want to skip update and just get...
Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of the .git repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list. Installation - git...
OSSEM - Open Source Security Events Metadata
The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...
SharpHide - Tool To Create Hidden Registry Keys
Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden null terminated registry key. This works by adding a null byte in front of the UNICODESTRING key valuename. More info about this technique can be found in the following whitepaper:...
SniffAir - A Framework For Wireless Pentesting
SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly...
SNMP-Brute - Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script
SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Requirements metasploit snmpwalk snmpstat john the ripper Usage python snmp-brute.py -t IP Options --help, -h show...
Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]
A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...
[Wireshark v1.8.7] The world’s foremost network protocol analyzer
Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...
Misp-Extractor - Tool That Connects To A MISP Instance And Retrieves Attributes Of Specific Types (Such As IP Addresses, URLs, And Hashes)
This code connects to a given MISP Malware Information Sharing Platform server and parses a given number of events, writing the IP addresses, URLs, and MD5 hashes found in the events to three separate files. Usage To use this script, you will need to provide the URL of your MISP instance and a...