6011 matches found
Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public
This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method Only if the MODCGI is Enabled at the targeted webserver. This tool works with the...
Scrummage - The Ultimate OSINT And Threat Hunting Framework
VERSION 3.6 Code efficiency enhancements and bug fixes for plugins, and improved logging. Significant UI/UX enhancements. Organisation specific settings and configurations, allowing for predefined searches based on your organisation and it's users. Due to the above change, if you are upgrading fr...
Autoharness - A Tool That Automatically Creates Fuzzing Harnesses Based On A Library
AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even...
Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...
DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities
A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...
Nautilus - A Grammar Based Feedback Fuzzer
Nautilus is a coverage guided, grammar based fuzzer. You can use it to improve your test coverage and find more bugs. By specifying the grammar of semi valid inputs, Nautilus is able to perform complex mutation and to uncover more interesting test cases. Many of the ideas behind this fuzzer are...
Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform
This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...
AWS Report - Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...
RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking
RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the...
Penta - Open Source All-In-One CLI Tool To Automate Pentesting
Penta is is Pentest automation tool using Python3. Future! It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers. Installation Install requirements penta requires the following packages. Python3.7 pipenv Resolve python package dependency. $...
BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...
Command Injection Payload List
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. In this...
GetAltName - Get Subject Alt Name From SSL Certificates
GetAltName it's a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your...
Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities
While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...
PentestGPT - A GPT-empowered Penetration Testing Tool
A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...
Gorsair - Hacks Its Way Into Remote Docker Containers That Expose Their APIs
Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk,...
Smogcloud - Find Cloud Assets That No One Wants Exposed
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral...
Bxss - A Blind XSS Injector Tool
ABlind XSS Injector tool Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods PUT,POST,GET,OPTIONS all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments ...
DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources
Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index. Dagobah runs into the a LAMBDA and looks a...
Astsu - A Network Scanner Tool
How it works Scan common ports Send a TCP Syn packet to the destination on the defined port, if the port is open, use an nmap scan to check the service running on the port and prints all the ports found. Discover hosts in network Uses as a base the router's ip to map all possible ips. It then sen...
AbsoluteZero - Python APT Backdoor
This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7...
Dex2Jar - Tools To Work With Android .Dex And Java .Class Files
dex2jar Tools to work with android .dex and java .class files 1. dex-reader/writer: Read/write the Dalvik Executable .dex file. It has a light weight API similar with ASM. 2. d2j-dex2jar: Convert .dex file to .class files zipped as jar 3. smali/baksmali: disassemble dex to smali files and assembl...
Laforge - Security Competition Infrastructure Automation Framework
Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a...
BootStomp - A Bootloader Vulnerability Finder
BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper at https://seclab.cs.ucsb.edu/academic/publishing/bootstomp-security-bootloaders-mobile-devices-2017 To run...
Hostscan - PHP tool for scanning specific range of hosts
Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft. How it...
SubGPT - Find Subdomains With GPT, For Free
SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more. Best part? It's free! The following subdomains were found by this tool with these 30 subdomains as input. call-prompts-staging.example.com dclb02-dca1.prod.example.com activedirectory-sjc1.example.c...
Nettacker - Automated Penetration Testing Framework
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocol...
APKLab - Android Reverse Engineering WorkBench For VS Code
APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...
H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)
h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...
PurpleSharp - C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, buildi...
Zeek - A Powerful Network Analysis Framework That Is Much Different From The Typical IDS You May Know
A powerful framework for network traffic analysis and security monitoring. Key Features — Documentation — Getting Started — Development — License Follow us on Twitter at @zeekurity. Key Features In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis ...
Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews
tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to ...
Reko - A General Purpose Binary Decompiler
Reko Swedish: "decent, obliging" is a C project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windo...
Janusec Application Gateway - Tool Which Provides WAF, CC Attack Defense, Unified Web Administration Portal, Private Key Protection, Web Routing And Scalable Load Balancing
Janusec Application Gateway, an application security solutions which provides WAF Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Key Features WAF Web...
URLCrazy - Test domain typos and variations to detect typo squatting, URL hijacking, phishing, and corporate espionage
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Usage Detect typo squatters profiting from typos on your domain name Protect your brand by registering popular typos Identify typo domain names that will receive...
Speakeasy - Windows Kernel And User Mode Emulation
Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific...
UAFuzz - Binary-level Directed Fuzzing For Use-After-Free Vulnerabilities
Directed Greybox Fuzzing DGF like AFLGo aims to perform stress testing on pre-selected potentially vulnerable target locations, with applications to different security contexts: 1 bug reproduction, 2 patch testing or 3 static analysis report verification. There are recently more research work tha...
Threadtear - Multifunctional Java Deobfuscation Tool Suite
Threadtear is a multifunctional deobfuscation tool for java. Suitable for easier code analysis without worrying too much about obfuscation. Even the most expensive obfuscators like ZKM or Stringer are included. It also contains older deobfuscation tools from my github account, but it can also be...
Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets
The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...
Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...
Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs. This useful extension was originally developed by Nick Bloor @nickstadb for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented a...
Reconerator - C# Targeted Attack Reconnaissance Tools
This is a custom .NET assembly which will perform a number of situational awareness activities. There are a number of current featuresets: BASIC - Obtains information from the disk and registry. LDAP - Allows customised AD LDAP queries to be made. RESOLVEHOST - Performs DNS lookup queries...
MCExtractor - Intel, AMD, VIA & Freescale Microcode Extraction Tool
Intel, AMD, VIA & Freescale Microcode Extraction Tool MC Extractor News Feed MC Extractor Discussion Topic Intel, AMD & VIA CPU Microcode Repositories A. About MC Extractor MC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users...
CMS Scanner - Scan Wordpress, Drupal, Joomla, vBulletin Websites For Security Issues
Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports...
Vboxdie-Cracker - VirtualBox Disk Image Encryption Password Cracker
Virtual Box Disk Image Encryption password cracker Requirements 1. PHP = 5.5.0 2. OpenSSL = 1.0.1 XTS support Algorithm description User password is stored using a combination of PBKDF2 and AES-XTS as following shown values are fixed at the moment, but they can be controlled inside the file forma...
Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks
“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependant tool sets are: 1 Tor -- For the console build in anonymizer. 2 Set -- Social-Engineer Toolkit SET,...
The LaZagne Project - Recover most common software passwords (Firefox, IE, Opera, Chrome, Filezilla, winscp, coreFTP, WiFi and many more)
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different technics plaintext, using api, custom algorithms, etc.. This tool has been developped to find these passwords for most common...
Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the...
IoTMap - Research Project On Heterogeneous IoT Protocols Modelling
IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as a part of a PhD thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocol as this time : BLE, ZigB...
AWS Report - A Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources. Install using PIP pip install awsreport Features Search IAM users based on creation date Search buckets public Search security based in rules, default is 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permissi...