6011 matches found
Azur3Alph4 - A PowerShell Module That Automates Red-Team Tasks For Ops On Objective
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach RCE achieved position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further...
Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository
Goscripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example...
ChangeTower - Tool To Help You Watch Changes In Webpages And Get Notified Of Any Changes
ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go This tools is good to know the web pages are update something or not to work on the new site before others Installation Instructions ChangeTower requires go1.16+ to install successfully. Ru...
Red-Detector - Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io
Scan your EC2 instance to find its vulnerabilities using Vuls https://vuls.io/en/. Audit your EC2 instance to find security misconfigurations using Lynis https://cisofy.com/solutions/lynis. Scan your EC2 instance for signs of a rootkit using Chkrootkit http://www.chkrootkit.org/. Requirements 1...
Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...
Keylogger - Get Keyboard, Mouse, ScreenShot, Microphone Inputs From Target Computer And Send To Your Mail
Inputs To Mail. Get Keyboard,Mouse,ScreenShot,Microphone Inputs and Send to your Mail. Purpose of the project is testing the security of information systems INSTALLATION pip install pynput USAGE •Set your own MAIL and PASSWORD on "keylogger.py". •Run main.py on Target Computer •Every 10 seconds,Y...
INTERCEPT - Policy As Code Static Analysis Auditing
Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works ...
AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names. Download AWSGen.py...
Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
Ultimate Internet of Things/Industrial Control Systemsreconnaissance tool. Powered by Shodan - Supported by Binary Edge & WhoisXMLAPI writeup - https://medium.com/@wojciech/hack-the-planet-with-%EA%93%98amerka-gui-ultimate-internet-of-things-industrial-control-systems-5ff7d9686b29 Demo -...
XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...
Secretx - Extracting API Keys And Secrets By Requesting Each URL At The Your List
Extracting api keys and secrets by requesting each url at the your list. Installation python3 -m pip install -r requirements.txt Usage python3 secretx.py --list urlList.txt --threads 15 optional arguments: --help --colorless Credits Thanks to @m4ll0k for patterns and @choudhary1337 inpsiring for...
Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a li...
Nuages - A Modular C2 Framework
Nuages is a modular C2 framework. Refer to the Wiki for documentation, do not hesitate to open issues for help, bug reports or feature requests Introduction Nuages aims at being a C2 framework in which back end elements are open source, whilst implants and handlers must be developed ad hoc by...
WinObjEx64 - Windows Object Explorer 64-Bit
WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the "Properties..." toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and ed...
Smap - Shellcode Mapper
Handy tool for shellcode analysis. Requirements objdump Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/smap.git cd smap/ python smap.py -h get shellcodes @ http://shell-storm.org/shellcode/,...
XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists
XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an...
Web-Traffic-Generator - A Quick And Dirty HTTP/S "Organic" Traffic Generator
Just a simple poorly written Python script that aimlessly "browses" the internet by starting at pre-defined rootURLs and randomly "clicking" links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. Th...
Java-Stager - A PoC Java Stager Which Can Download, Compile, And Execute A Java File In Memory
A PoC Java Stager which can download, compile, and execute a Java file in memory. This is for research purposes only, do not use this where you are unauthorised to do so. What is this? This is based on the work of James Williams from his talk "Next Gen AV vs My Shitty Code" available here: The ke...
Leaked? - A Checking Tool For Hash Codes And Passwords Leaked
Leaked? is A Checking tool for Hash codes and Passwords leaked, use API from @webtobesocial. Leaked? can work in any OS if they have support Python 3 Features Check passwords leaked Check hash code leaked Exit About Author Install and Run in Linux sudo apt update && apt install python3 python3-pi...
Magescan - Scan A Magento Site For Information
The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into. Installation .phar Download the magescan.phar file fro...
Dotdotslash - An Tool To Help You Search For Directory Traversal Vulnerabilities
An tool to help you search for Directory Traversal Vulnerabilities Benchmarks Platforms that I tested to validate tool efficiency: DVWA low/medium/high bWAPP low/medium/high Screenshots Instalation You can download the last version cloning this repository git clone...
In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...
Phishruffus - Intelligent Threat Hunter And Phishing Servers
Phishruffus is a tool designed to identify threats and malicious DNS servers on the Internet that are used for the illicit practice of bank phishing. Usage: $ pip install -r requirements.txt $ ./phishruffus.py –listdns dnsservers.txt –timeout 5 Read more here. Download Phishruffus...
radare2 - Unix-Like Reverse Engineering Framework And Commandline Tools
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code,...
p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
p0wnedShell is an offensive PowerShell host application written in C that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment .NET. It has a lot of offensive PowerShell modules and binaries included to make the process of Post...
OWASP ZAP 2.4.1 - Penetration Testing Tool for Testing Web Applications
The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...
Loki - Scanner for Simple Indicators of Compromise
Simple IOC Scanner Detection is based on four detection methods: 1. File Name IOC Regex match on full file path/name 2. Yara Rule Check Yara signature match on file data and process memory 3. Hash check Compares known malicious hashes MD5, SHA1, SHA256 with scanned files The Windows binary is...
[ExploitSearch.net] Exploit / Vulnerability Search Engine
Exploitsearch.net , is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source...
Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks
A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...
AtomLdr - A DLL Loader With Advanced Evasive Features
A DLL Loader With Advanced Evasive Features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL executing its entry point, or by executing the exported "Atom" function via the command line. DLL unhooking from \KnwonDlls\ directory, with no RWX sections. T...
D4TA-HUNTER - GUI Osint Framework With Kali Linux
D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...
SharpWSUS - CSharp tool for lateral movement through WSUS
SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog https://labs.nettitude.com/blog/introducing-sharpwsus/ which has more detailed information about the tooling, use case and detection. Credits Massive credit to the below resources that really did 90% of th...
Joern - Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs
Joern's Documentation is available here: https://docs.joern.io/home Quick Installation wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.sh chmod +x ./joern-install.sh sudo ./joern-install.sh joern Compiling synthetic/ammonite/predef/interpBridge.sc Compiling...
HookDump - Security Product Hook Detection
EDR function hook dumping Please refer to the Zeroperil blog post for more information https://zeroperil.co.uk/hookdump/ Building source In order to build this you will need Visual Studio 2019 community edition is fine and CMake. The batch file Configure.bat will create two build directories with...
Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System
Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom's ettu. When you run subdomain enumeration with some of...
Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References
A normal flask web app to learn win32api with code snippets and references. Prerequisite You need to download the following package before starting it pip install flask pip install pefile pip install requests Usage $ python flaskapp.py Live Demo Here is the Walkthrough: 1. Upload the exe or dll. ...
nodeCrypto v2.0 - Ransomware Written In NodeJs
nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Demo video Install server Upload all file of server/ folder on your webserver. Create a sql database and impo...
Andor - Blind SQL Injection Tool With Golang
Blind SQL Injection Tool with Golang. Usage Download andor.go and go to the folder where the file andor.go located. And type this to command promt: go run andor.go --url "http://deneme.com/index.php?id=1" Note: Get parameter value must be correct, otherwise it will not work. Download Andor...
Xray - A Tool For Recon, Mapping And OSINT Gathering From Public Networks
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It'll bruteforce subdomains using a wordlist and DNS requests. 2. For every...
SSH Auditor - The Best Way To Scan For Weak Ssh Passwords On Your Network
The Best Way To Scan For Weak Ssh Passwords On Your Network Features ssh-auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known ho...
R0Ak (The Ring 0 Army Knife) - A Command Line Utility To Read/Write/Execute Ring Zero On For Windows 10 Systems
r0ak is a Windows command-line utility that enables you to easily read, write, and execute kernel-mode code with some limitations from the command prompt, without requiring anything else other than Administrator privileges. Quick Peek r0ak v1.0.0 -- Ring 0 Army Knife...
Above - Invisible Network Protocol Sniffer
Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, Pseudonym: Caster Version: 2.6 Codename: Introvert Disclaimer All...
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...
VTScanner - A Comprehensive Python-based Security Tool For File Scanning, Malware Detection, And Analysis In An Ever-Evolving Cyber Landscape
VTScanner is a versatile Python tool that empowers users to perform comprehensive file scans within a selected directory for malware detection and analysis. It seamlessly integrates with the VirusTotal API to deliver extensive insights into the safety of your files. VTScanner is compatible with...
confluencePot - Simple Honeypot For Atlassian Confluence (CVE-2022-26134)
ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability CVE-2022-26134. About the vulnerability You can find the official advisory by Atlassian to this vulerability here. For details about the inner workings and exploits in the wild...
Godehashed - Tool That Uses The Dehashed.Com API To Search For Compromised Assets
A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a CSV for further analysis. Dehashed API You must supply the tool an api key. See apikeytemplate.txt for example. Installation To install the tool in CLI run the following command. You...
Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go
Hello! Welcome. Wprecon Wordpress Recon, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Notice: Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner. Branch Dev Compile and Install Features Random Agent Detection WA...
MalwareSourceCode - Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages
Malware Source Code Collection !!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in this repository. Download, compile or run at your own risk Contents: This repository contains the source code for the following: . ├── Acad ├── Engines │ ├── BAT │ ├── Linux...
Token-Reverser - Word List Generator To Crack Security Tokens
Word list generator to crack security tokens. Example use case 1. You are testing reset password function 2. Reset password token was sent to your email box e.g. 582431d4c7b57cb4a3570041ffeb7e10 3. You suppose, it is a md5 hash of the data you provided during registration process 4. You remember...
CVE Api - Parse & filter the latest CVEs from cve.mitre.org
Parse & filter the latest CVEs from https://cve.mitre.org. Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails...