6011 matches found
Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines
All-in-one tool for managing vulnerability reports Why The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools. Purify is designed to analyze the report of any tool , if the report is in JSON or XML format. This...
Obfuscapk - A Black-Box Obfuscation Tool For Android Apps
Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...
Slither v0.6.7 - Static Analyzer For Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...
HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery
Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...
Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites
Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: credentials private RSA keys Wordpress configuration files MySQL connect strings onion links links to files hosted inside the onion network PDF, DOC, DOCX, XLS, XLSX Keep in mind: 1. This bot ...
stoQ - An Open Source Framework For Enterprise Level Automated Analysis
stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...
Shellcode-Encrypter-Decrypter - Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode
A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode. Installation git clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py --help Usage Example Encryption: python encdecshellcode.py --shellcode \x41\x41\x42\x42 --key SECRETKEY --option...
OWTF v2.4 - Offensive Web Testing Framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide v3 and v4, the OWASP Top 10, PTES and NIST so that pentesters will have more time to See the big picture and think out of the box More efficiently...
YaCy - The Peer to Peer Search Engine
YaCy is a free search engine that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is...
Snoop - OSINT Tool For Research Social Media Accounts By Username
OSINT Tool for research social media accounts by username Install Requests Install Requests pip install requests Install BeautifulSoup Install BeautifulSoup pip install beautifulsoup4 Execute the program Execute Snoop python3 snoop.py Download Snoop...
HiddenDesktop - HVNC For Cobalt Strike
Hidden Desktop often referred to as HVNC is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to...
UDPX - Fast A nd Lightweight, UDPX Is A Single-Packet UDP Scanner Written In Go That Supports The Discovery Of Over 45 Services With The Ability To Add Custom Ones
Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be run on Linux, Mac OS, and Windows. Unlike internet-wide scanners like zgrab2 and zmap, UDPX is...
Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a...
Pesidious - Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks
Malware Mutation using Deep Reinforcement Learning and GANs The purpose of the tool is to use artificial intelligence to mutate a malware PE32 only sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researche...
Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...
Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data
This tool is written in python2, the purpose of this tool is to parse all the results from Bing search.Basically whenever a firebaseio URL is found for an app , User instead of searching for sensitive data by going manually through the search results can use this tool.This tool works by using the...
XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch
XSS-Freak is an XSS scanner fully written in python3 from scratch. It is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. Then it searches them for input tags and then launches a bunch of XSS payloads. if an input is not sanitized and...
FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics
Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...
DjangoHunter - Tool Designed To Help Identify Incorrectly Configured Django Applications That Are Exposing Sensitive Information
Tool designed to help identify incorrectly configuredDjango applications that are exposing sensitive information. https://www.reddit.com/r/django/comments/87qcf4/28165thousanddjangorunningserversareexposed/ https://twitter.com/6ix7ine/status/978598496658960384?lang=en Usage Usage: python3...
Mooscan - A Scanner For Moodle LMS
A scanning tool for Moodle LMS. Key Benefits Allows administrators to determine exactly what is visible externally in their Moodle installation. A tool for penetration testers to find potential vulnerabilities in a Moodle installation by enumerating installed plugins, themes and libraries. Road M...
SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
IIS Short Name Scanner - Scanner For IIS Short File Name Disclosure Vulnerability (using the tilde [~] character)
Scanner for IIS short file name 8.3 disclosure vulnerability by using the tilde character. Description Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character . This may allow a...
Nimbo-C2 - Yet Another (Simple And Lightweight) C2 Framework
About Nimbo-C2 is yet another simple and lightweight C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows by dynamically loading the CLR to the process. Nim is powerful, but interacting with Windows is much easier and robust using...
GoSH - Golang Reverse/Bind Shell Generator
Golang reverse/bind shell generator. Description This tool generates a Go binary that launches a shell of the desired type on the targeted host. The shell binary can be compiled for multiple platforms, supports partial polymorphism unique functions' names and can use UDP protocol instead of the...
SigFlip - A Tool For Patching Authenticode Signed PE Files (Exe, Dll, Sys ..Etc) Without Invalidating Or Breaking The Existing Signature
SigFlip is a tool for patching authenticode signed PE files exe, dll, sys ..etc in a way that doesn't affect or break the existing authenticode signature, in other words you can change PE file checksum/hash by embedding data i.e shellcode without breaking the file signature, integrity checks or P...
Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances
Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch...
Cypher - Crypto Cipher Encode Decode Hash
All in one tools for CRYPTOLOGY. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzEISVu6IIqjydF1vTUDcdbKWD8Vdi1BM5fQfCGuAnFRSCrZIh04d17YDeNKsRw0CRJD8cQmlIloLRldnU-Rounz7YQAvc7MOENa22PJkMajWGZvAelxpm3EoWCFL0BCnfBRMV4Ly99Y/w640-h36...
Femida - Automated Blind-Xss Search For Burp Suite
An automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp - Extender - Add - find and select blind-xss.py How to use Settings First of all you need to setup your callback URL in field called "Your url" and press Enter to automaticall...
Termshark - A Terminal UI For Tshark, Inspired By Wireshark
A terminal user-interface for tshark, inspired by Wireshark. If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help! Features Read pcap files or sniff live interfaces where tshark is permitted. Inspect each packet using familiar...
H2T - Scans A Website And Suggests Security Headers To Apply
h2t is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better. Dependences Python 3 colorama requests Install $ git clone https://github.com/gildasio/h2t $ cd h2t $ pip install -r requirements.txt $ ./h2t.py -h...
LeakLooker - Find Open Databases With Shodan
Find open databases with Shodan Background: https://medium.com/@wojciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put yourShodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry.filesize...
GTRS - Google Translator Reverse Shell
This tools uses Google Translator as a proxy to send arbitrary commands to an infected machine. INFECTED MACHINE ==HTTPS== GOOGLE TRANSLATE ==HTTP== C2 Environment Configuration First you need a VPS and a domain, for the domain you can get a free one on Freenom. With your VPS and domain, just edi...
Isip - Interactive Sip Toolkit For Packet Manipulations, Sniffing, Man In The Middle Attacks, Fuzzing, Simulating Of Dos Attacks
Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Video Setup git clone https://github.com/halitalptekin/isip.git cd isip pip install -r requirements.txt Usage Packet manipulation tools are in packet cmd loop. First start, y...
htrace.sh - Simple Shell Script To Debugging HTTP/HTTPS Traffic Tracing, Response Headers And Mixed-Content
htrace.sh is a shell script that allows you to validate your domain configuration and catch any errors e.g. redirect loops. It also displays basic information about the ssl configuration if available, response headers, checks for mixed content and performs security scans using Nmap scripts and...
BadMod v2.0 - Detect Website CMS, Website Scanner & Auto Exploiter
Auto exploiter & get all server sites & bing dorker. Version 2.0 Fixed colors bug Fixed permissions bug Added new option to scan single target Added new option to scan joomla & wordpress plugins Installation Install tool git clone https://github.com/MrSqar-Ye/BadMod.git Install php sudo apt-get...
LANs.py - Inject Code, Jam Wifi, And Spy on Wifi Users
LANs.py Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit. Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the...
Upload_Bypass - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques Covered In Hacktricks
UploadBypass is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and exploiting vulnerabilities, ensuring thorough assessments of web applications. Simplifies the...
Dorkify - Perform Google Dork Search
Perform Google Dork search with Dorkify Google Dorking Google dorking is a hacker technique that uses Google Search to find security holes in the configuration and computer code that websites use. Google Dorking involves using advanced operators in the Google search engine to locate specific...
Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
Collect OSINT for GitLab groups and members and search the group and group members' snippets, issues, and issue discussions for sensitive data that may be included in these assets. The information gathered is intended to compliment and inform the use of additional tools such as TruffleHog or...
dorkX - Pipe Different Tools With Google Dork Scanner
Pipe different tools with google dork Scanner Install zoid@MSI /dorkX git clone https://github.com/ethicalhackingplayground/dorkX zoid@MSI /dorkX cd dorkX zoid@MSI /dorkX go build dorkx.go zoid@MSI /dorkX go build corsx.go zoid@MSI /dorkX go build csrfx.go zoid@MSI /dorkX go build zin.go Usage:...
Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
Lockphish it's the first tool 05/13/2020 for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Leg...
Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System
Tinfoil Chat TFC is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. TFC is designed for people with one of the most complex threat models: organized...
Ffuf - Fast Web Fuzzer Written In Go
A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode -s for clean output that's easy to use in pipes to other...
HoneyPy - A Low To Medium Interaction Honeypot
A low interactionhoneypot with the capability to be more of a medium interaction honeypot. HoneyPy is written in Python2 and is intended to be easy to: install and deploy extend with plugins and loggers run with custom configurations Feel free to follow the QuickStart Guide to dive in directly. T...
Digger - Tool Which Can Do A Lot Of Basic Tasks Related To Information Gathering
Digger is a multi-functional tool written in python for all of your primary data gathering wants. It makes use of APIs to assemble all the data so your id just isnāt uncovered. Features Whois Lookup Online Traceroute DNS Lookup Reverse DNS Lookup IP Location Lookup Port Scan HTTP Header Check How...
Vayne-RaT - An Advanced C# .NET RAT
Vayne-RaT is Free and Open SourceRemote Administration Tool Coded In C. Features: Multi-Threaded CMD Shell File Manager Download & Upload Remote Desktop Password Recovery Assembly Builder Scan-Time Crypter FUD Requirements Stub Coded In .NET 2.0 Mono.Cecil.dll Dissembler Lib.dll BunifuUIv1.52.dll...
[DDOSIM] Layer 7 DDoS Simulator
DDOSIM is a tool that can be used in a laboratory environment to simulate a distributed denial of service DDOS attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts having random IP addresse...
[CookieCatcher] Session Hijacking Tool
CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...
Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
Dealing with failing web scrapers due to anti-bot protections or website changes? Meet Scrapling. Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. For both beginners an...
PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application
An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...