Stego-Toolkit - Collection Of Steganography Tools (Helps With CTF Challenges)

This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes preinstalled with many popular see list below and several screening scripts you can use check simple things for instance, run checkjpg.sh image.jpg...

Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails...

dazzleUP - A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP detects the following vulnerabilities. Exploit Checks The first feature of dazzleUP is that it uses Windows Update Agent API instead of WMI like...

Java LOIC - Low Orbit Ion Cannon. A Java based network stress testing application

Low Orbit Ion Cannon. The project is a Java implementation of LOIC written by Praetox but it's not related with the original project. The main purpose of Java LOIC is testing your network. Java LOIC should work on most operating systems. Download Java LOIC...

RFI/LFI Payload List

As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give...

BruteSploit - Collection Of Method For Automated Generate, Bruteforce And Manipulation Wordlist

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and can be used in CTF for manipulation,combine,transform and permutation some words or file text. Tutorial Check in...

[FBHT v2.0] Facebook Hacking Tool

FBHT F aceb ook H ackingT ool is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform The tool provides: Tests account handling Create, Delete, Friend, Accept Youtube videos phishing Facebook links preview modification Friends list privacy bypass...

EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...

Byp4Xx - Simple Bash Script To Bypass "403 Forbidden" Messages With Well-Known Methods Discussed In #Bugbountytips

byp4xx.sh / / / // / / / / / / / // /| |// |// / // / // / // / / /./, / ./ // //|//|| /// A bash script to bypass "403 Forbidden" responses with well-known methods discussed in bugbountytips Installation: git clone https://github.com/lobuhi/byp4xx.git cd byp4xx chmod u+x byp4xx.sh Usage: Start...

Th3Inspector - Tool for Information Gathering

Tool For Information Gathering. Usage Short Form| Long Form| Description ---|---|--- -i| --info| Website Information -n| --number| Phone Number Information -mx| --mailserver| Find IP Address And E-mail Server -w| --whois| Domain Whois Lookup -l| --location| Find Website/IP Address Location -c|...

TeleShadow v3 - Telegram Desktop Session Stealer (Windows)

Teleshadow3- Advanced Telegram Desktop Session Hijacker! Download Click HERE to download the latest version! Stealing desktop telegrams has never been so easy! Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use...

Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM

A sugared version ofRottenPotatoNG, with a bit of juice, i.e. another LocalPrivilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM Summary RottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on...

SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying...

Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)

Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate almost FUD executable even with the most common 32 bit msfvenom payload lower detection ratio with 64 bit payloads. The aim of this tool is to make antivirus evasion an easy task for pentesters through...

OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises

OfensivePipeline allows you to download and build C tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the...

chisel - A fast TCP tunnel over HTTP

Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though...

Pentmenu - A simple Bash Script for Recon and DOS Attacks

A bash script inspired by pentbox. Designed to be a simple way to implement various network pentesting functions, including network attacks, using wherever possible readily available software commonly installed on most linux distributions without having to resort to multiple specialist tools. Sud...

Blutter - Flutter Mobile Application Reverse Engineering Tool

Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime Currently the application supports only Android libapp.so arm64 only. Also the application is currently work only against recent Dart versions. For high priority missing features, see TODO Environment Setup This...

GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...

Telegram C# C2 - A Command and Control Tool for Telegram Bot Communication

Command and Control for C Writing Author: Leiothrix Telegram: @Leiothrix Twitter: @wh4am1 Team: QQ愛&Love Install Nuget download these package using System.IO; using Telegram.Bot; using Telegram.Bot.Args; using Telegram.Bot.Types.InputFiles; using AForge.Video; using AForge.Controls; using...

TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)

Telegram Group Scraper Tool. Fetch All Information About Group Members • How To Install & Setup API Termux • API Setup Go to http://my.telegram.org and log in. Click on API development tools and fill the required fields. put app name you want & select other in platform Example : copy "apiid" &...

[MoonSols] Windows Memory Toolkit

MoonSols Windows Memory Toolkit is a powerful toolkit containing all the utilities needed to perform any kind of memory acquisition or conversion during an incident response, or a forensic analysis for Windows desktops, servers or virtualized environment. The version 2.0 is a refresh and updated...

VulnWhisperer - Create Actionable Data From Your Vulnerability Scans

Createactionable data from your vulnerability scans VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one, using that data later to sync with...

Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM

Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...

HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm ... The CodeXplorer plugin is one of the first publicly available Hex-Rays Decompiler plugins. We kee...

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

[Binwalk v1.2.2] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

pwnedOrNot - Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin Dump...

[Mellivora] Basic database driven CTF engine

Mellivora is a basic database driven CTF engine written in PHP. Requirements LAMP: PHP 5.3+, MySQL 5.5+, Apache 2.2+. May work with other configurations but this is untested. Installation Download to any directory, say: "/var/www/mellivora/". Create an Apache VHost and point DocumentRoot to...

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the "Log4j" Java library vulnerability CVE-2021-44228 for a list of URL with multithreading The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request...

Arachni v1.5.1 - Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is...

yarGen - A Generator for Yara Rules (for malware researchers)

yarGen is a generator for Yara rules. What does yarGen do? The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files. Since version 0.14.0 it uses naive-bayes-classifier by Mustafa Atik and Nejdet Yucesoy in...

PhoneInfoga - Advanced Information Gathering & OSINT Tool For Phone Numbers

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to...

Apk-Mitm - A CLI Application That Prepares Android APK Files For HTTPS Inspection

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to...

XSStrike v1.2 - Fuzz, Crawl and Bruteforce Parameters for XSS

XSStrike is a python script designed to detect and exploit XSS vulnerabilites. A list of features XSStrike has to offer: Fuzzes a parameter and builds a suitable payload Bruteforces paramteres with payloads Has an inbuilt crawler like functionality Can reverse engineer the rules of a WAF/Filter...

A2SV - Auto Scanning to SSL Vulnerability

█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...

EvilURL - An Unicode Domain Phishing Generator for IDN Homograph Attack

An unicode domain phishing generator for IDN Homograph Attack. VIDEO DEMO CLONE git clone https://github.com/UndeadSec/EvilURL.git RUNNING cd EvilURL python evilurl.py PREREQUISITES python 2.7 TESTED ON Kali Linux - ROLLING EDITION Download EvilURL...

Pyrdp - RDP Man-In-The-Middle And Library For Python3 With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python 3 Remote Desktop Protocol RDP Man-in-the-Middle MITM and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you c...

Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads previously seen tools uses only 1-2 variants. Fuzzing for HTTP GET and POST methods. Automatic...

[Wi-Fi Password Key Generator] Wireless WEP/WPA/WPA2 Security Key Maker Tool

WiFi Password Key Generator is the free desktop tool to quickly create secure Wireless WEP/WPA/WPA2 keys. Most devices Modems/Routers require you to enter WEP/WPA keys during Wireless security configuration. Unlike regular passwords, these keys have strict length requirements based on type of...

P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance". 0. How to install The latest image could be found under release tab. The easiest way to...

OhMyQR - Hijack Services That Relies On QR Code Authentication

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which...

Pixload - Image Payload Creating/Injecting Tools

Set of tools for creating/injecting payload into images. SETUP The following Perl modules are required: - GD - Image::ExifTool - String::CRC32 On Debian-based systems install these packages: sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl On OSX please refer to this...

LeakSearch - Search & Parse Password Leaks

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB Combination Of Many Breaches over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition, y...

Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Prerequisite Python 3 Installation git clone...

Onex - A Library Of Hacking Tools For Termux And Other Linux Distributions

"onex a hacking tools library." Onex is a kali linux hacking tools installer for termux and other linux distribution. It's package manager for hacker's. onex manage large number's of hacking tools that can be installed on single click.Using onex, you can install all hacking tools in Termux and...

10Minutemail - Python Temporary Email

10minutemail.net is a free, disposable e-mail service. Your temporary e-mail address will expire after 10 minutes, after which you cannot access it. You can extend the time by 10 minutes. The website you are registering with could be selling your personal information; you never know where your...

Uncompyle6 - A Cross-Version Python Bytecode Decompiler

A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.3 to version 3.8, spanning over 24 years ...

PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters

PyFuscation Requires python3 usage: PyFuscation.py -h -f -v -p --ps SCRIPT Optional arguments: • -h, --help show this help message and exit • -f Obfuscate functions ○ Do this First ... Its probably the most likely to work well • -v Obfuscate variables ○ If your going to obfuscate variables do the...

Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations

Iris WinDbg extension performs basic detection of common Windows exploit mitigations 32 and 64 bits. The checks implemented, as can be seen in the screenshot above, are for the loaded modules: DynamicBase ASLR DEP SEH SafeSEH CFG RFG GS AppContainer If you don't know the meaning of some of the...