Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews

tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to ...

Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...

Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs. This useful extension was originally developed by Nick Bloor @nickstadb for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented a...

Vboxdie-Cracker - VirtualBox Disk Image Encryption Password Cracker

Virtual Box Disk Image Encryption password cracker Requirements 1. PHP = 5.5.0 2. OpenSSL = 1.0.1 XTS support Algorithm description User password is stored using a combination of PBKDF2 and AES-XTS as following shown values are fixed at the moment, but they can be controlled inside the file forma...

ezsploit - Linux Bash Script Automation For Metasploit

Command line script for automatingmetasploit functions: Checks for metasploit service and starts if not present Easily craft meterpreter reversetcp payloads for Windows, Linux, Android and Mac Start multiple meterpreter reversetcp listners Assistance with building basic persistence options and...

Aclpwn.Py - Active Directory ACL Exploitation With BloodHound

Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell...

PurpleSharp - C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments

Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, buildi...

AWS Report - A Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Install using PIP pip install awsreport Features Search IAM users based on creation date Search buckets public Search security based in rules, default is 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permissi...

PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator

PCFG = Probabilistic Context Free Grammar PCFG = Pretty Cool Fuzzy Guesser In short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords honeywords, or help develop better password strength...

Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets

The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...

HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery

Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...

Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites

Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: credentials private RSA keys Wordpress configuration files MySQL connect strings onion links links to files hosted inside the onion network PDF, DOC, DOCX, XLS, XLSX Keep in mind: 1. This bot ...

Reconerator - C# Targeted Attack Reconnaissance Tools

This is a custom .NET assembly which will perform a number of situational awareness activities. There are a number of current featuresets: BASIC - Obtains information from the disk and registry. LDAP - Allows customised AD LDAP queries to be made. RESOLVEHOST - Performs DNS lookup queries...

Janusec Application Gateway - Tool Which Provides WAF, CC Attack Defense, Unified Web Administration Portal, Private Key Protection, Web Routing And Scalable Load Balancing

Janusec Application Gateway, an application security solutions which provides WAF Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Key Features WAF Web...

CMS Scanner - Scan Wordpress, Drupal, Joomla, vBulletin Websites For Security Issues

Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports...

The LaZagne Project - Recover most common software passwords (Firefox, IE, Opera, Chrome, Filezilla, winscp, coreFTP, WiFi and many more)

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different technics plaintext, using api, custom algorithms, etc.. This tool has been developped to find these passwords for most common...

ShowStopper - Anti-Debug tricks exploration tool

The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods. With this tool, you can attach a debugger to its process and research the debugger’s behavior for the...

Nautilus - A Grammar Based Feedback Fuzzer

Nautilus is a coverage guided, grammar based fuzzer. You can use it to improve your test coverage and find more bugs. By specifying the grammar of semi valid inputs, Nautilus is able to perform complex mutation and to uncover more interesting test cases. Many of the ideas behind this fuzzer are...

OSSEM - Open Source Security Events Metadata

The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...

Obfuscapk - A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...

FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...

LeakLooker - Find Open Databases With Shodan

Find open databases with Shodan Background: https://medium.com/@wojciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put yourShodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry.filesize...

MCExtractor - Intel, AMD, VIA & Freescale Microcode Extraction Tool

Intel, AMD, VIA & Freescale Microcode Extraction Tool MC Extractor News Feed MC Extractor Discussion Topic Intel, AMD & VIA CPU Microcode Repositories A. About MC Extractor MC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users...

DjangoHunter - Tool Designed To Help Identify Incorrectly Configured Django Applications That Are Exposing Sensitive Information

Tool designed to help identify incorrectly configuredDjango applications that are exposing sensitive information. https://www.reddit.com/r/django/comments/87qcf4/28165thousanddjangorunningserversareexposed/ https://twitter.com/6ix7ine/status/978598496658960384?lang=en Usage Usage: python3...

Shellcode-Encrypter-Decrypter - Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode

A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode. Installation git clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py --help Usage Example Encryption: python encdecshellcode.py --shellcode \x41\x41\x42\x42 --key SECRETKEY --option...

OWTF v2.4 - Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide v3 and v4, the OWASP Top 10, PTES and NIST so that pentesters will have more time to See the big picture and think out of the box More efficiently...

Mooscan - A Scanner For Moodle LMS

A scanning tool for Moodle LMS. Key Benefits Allows administrators to determine exactly what is visible externally in their Moodle installation. A tool for penetration testers to find potential vulnerabilities in a Moodle installation by enumerating installed plugins, themes and libraries. Road M...

XBruteForcer - CMS Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento)

Brute Force Tool: WP , Joomla , DruPal , OpenCart , Magento Simple brute force script 1 WordPress Auto Detect Username 2 Joomla 3 DruPal 4 OpenCart 5 Magento 6 All Auto Detect CMS Usage Short Form | Long Form | Description ---|---|--- -l | --list | websites list -p | --passwords | Passwords list...

YaCy - The Peer to Peer Search Engine

YaCy is a free search engine that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is...

[ARPwner] ARP and DNS Poisoning Attack Tool

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs. This tool was released by...

SpiderSuite - Advance Web Spider/Crawler For Cyber Security Professionals

An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage...

FindUncommonShares - A Python Equivalent Of PowerView's Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains

The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domai...

IoTMap - Research Project On Heterogeneous IoT Protocols Modelling

IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as a part of a PhD thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocol as this time : BLE, ZigB...

Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines

All-in-one tool for managing vulnerability reports Why The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools. Purify is designed to analyze the report of any tool , if the report is in JSON or XML format. This...

Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data

This tool is written in python2, the purpose of this tool is to parse all the results from Bing search.Basically whenever a firebaseio URL is found for an app , User instead of searching for sensitive data by going manually through the search results can use this tool.This tool works by using the...

Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System

Tinfoil Chat TFC is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. TFC is designed for people with one of the most complex threat models: organized...

Femida - Automated Blind-Xss Search For Burp Suite

An automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp - Extender - Add - find and select blind-xss.py How to use Settings First of all you need to setup your callback URL in field called "Your url" and press Enter to automaticall...

H2T - Scans A Website And Suggests Security Headers To Apply

h2t is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better. Dependences Python 3 colorama requests Install $ git clone https://github.com/gildasio/h2t $ cd h2t $ pip install -r requirements.txt $ ./h2t.py -h...

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

GTRS - Google Translator Reverse Shell

This tools uses Google Translator as a proxy to send arbitrary commands to an infected machine. INFECTED MACHINE ==HTTPS== GOOGLE TRANSLATE ==HTTP== C2 Environment Configuration First you need a VPS and a domain, for the domain you can get a free one on Freenom. With your VPS and domain, just edi...

SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

LANs.py - Inject Code, Jam Wifi, And Spy on Wifi Users

LANs.py Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit. Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the...

IIS Short Name Scanner - Scanner For IIS Short File Name Disclosure Vulnerability (using the tilde [~] character)

Scanner for IIS short file name 8.3 disclosure vulnerability by using the tilde character. Description Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character . This may allow a...

Psobf - PowerShell Obfuscator

Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the...

UDPX - Fast A nd Lightweight, UDPX Is A Single-Packet UDP Scanner Written In Go That Supports The Discovery Of Over 45 Services With The Ability To Add Custom Ones

Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be run on Linux, Mac OS, and Windows. Unlike internet-wide scanners like zgrab2 and zmap, UDPX is...

Nettacker - Automated Penetration Testing Framework

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocol...

Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances

Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch...

Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a...

Cypher - Crypto Cipher Encode Decode Hash

All in one tools for CRYPTOLOGY. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzEISVu6IIqjydF1vTUDcdbKWD8Vdi1BM5fQfCGuAnFRSCrZIh04d17YDeNKsRw0CRJD8cQmlIloLRldnU-Rounz7YQAvc7MOENa22PJkMajWGZvAelxpm3EoWCFL0BCnfBRMV4Ly99Y/w640-h36...

Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...