6011 matches found
Stegseek - Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second
Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt in under 2 seconds. Stegse...
Hacktory platform packed with new game-playing features
Without practice, theory is dead. Applied knowledge is essential in any area, especially in cybersecurity, and practice is the only way to make learning worthwhile. There are so many courses to fit any demand. However, boring lectures, outdated textbooks, and vague, complex tasks become obstacles...
Kube-Score - Kubernetes Object Analysis With Recommendations For Improved Reliability And Security
kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. You can test kube-score out in the browser with the online demo source. Installation...
LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...
laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host
Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host. Scan rationale Scan host. Resolve IP adress and check .env file in IP Adress Checking debug mode Laravel Read .env variables Installation...
Shelly - Simple Backdoor Manager With Python (Based On Weevely)
Shelly adalah sebuah tool sederhana yang ditulis menggunakan Python, yang berfungsi untuk meremote sebuah website Instalation : $ git clone https://github.com/tegal1337/Shelly $ cd Shelly $ python3 shell.py Requirements : sudo pip install -r requirements.txt Example : python3 shell.py -g backdoor...
Seeker v1.1.9 - Accurately Locate Smartphones Using Social Engineering
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the...
MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory
Secure software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go. Features Sensitive data is encrypted and authenticated in memory using xSalsa2...
Parrot Security 4.3 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
Parrot 4.3 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Linux 4.18 Linux was updated to the 4.18.10 version, and linux 4.19 will be released soon. Firefox 63 Firefox 63 provides...
TakeOver v1 - Extracts CNAME Record Of All Subdomains At Once
What isSubdomain Takeover? Subdomain takeover is a class of vulnerability where subdomain points to an external service that has been deleted. The external services are Github, Heroku, Gitlab, Tumblr and so on. Let’s assume we have a subdomain sub.example.com that points to an external service su...
EggShell - iOS/macOS/Linux Remote Administration Tool
EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shel...
Parrot Security 4.2.2 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
Updated kernel and core packages Parrot 4.2 is powered by the latestLinux 4.18 debianized kernel with all the usual wireless patches. A new version of the Debian-Installer now powers our netinstall images and the standard Parrot images. Firmware packages were updated to add broader hardware...
UBoat - HTTP Botnet Project
A POC HTTP Botnet designed to replicate a full weaponised commercial botnet. Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...
Fuxi Scanner - Network Security Vulnerability Scanner
Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions. Vulnerability detection & management Authentication Tester IT asset discovery & management Port scanner Subdomain scanner Acunetix Scanner Integrate Acunetix API Installation Documentation Usa...
sigma - Generic Signature Format for SIEM Systems
Generic Signature Format for SIEM Systems. What is Sigma? Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this...
ssh-audit - SSH Server Auditing
ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information...
Bradamsa - Burp Suite extension to generate Intruder payloads using Radamsa
Bradamsa is a Burp Suite extension for Radamsa, a well-known fuzzer made by the Oulu University Secure Programming Group. Inspired by burp-radamsa, this plugin allows to generate Intruder payloads using Radamsa. Features Java-based plugin using native Burp Suite extension APIs Intruder payloads...
Tails - The Amnesic Incognito Live System Released
Tails , The Amnesic Incognito Live System, is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete...
[MultiMonitorTool] Enable/disable/configure multiple monitors on Windows
MultiMonitorTool is a small tool that allows you to do some actions related to working with multiple monitors. With MultiMonitorTool, you can disable/enable monitors, set the primary monitor, save and load the configuration of all monitors, and move windows from one monitor to another. You can do...
[Automater 1.2] IP and URL Analysis Tool
Automater is a IP and URL Analysis tool we created to help automate the analysis process. You can see a video of Automater in action in TekTip episode 15. Download Automater 1.2...
X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans
A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process. Site-wide Link Discovery: Collects all...
EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials
This is a tool designed for Open Source Intelligence OSINT purposes, which helps to gather information about employees of a company. How it Works The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find...
JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm
With the global increase in JSON Web Token JWT usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementatio...
FireStorePwn - Firestore Database Vulnerability Scanner Using APKs
fsp scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication. If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill. Install fsp sudo wget...
CallObfuscator - Obfuscate Specific Windows Apis With Different APIs
Obfuscate hide the PE imports from static/dynamic analysis tools. Theory This's pretty forward, let's say I've used VirtualProtect and I want to obfuscate it with Sleep, the tool will manipulate the IAT so that the thunk that points to VirtualProtect will point instead to Sleep, now at executing...
Girsh - Automatically Spawn A Reverse Shell Fully Interactive
Who didn't get bored of manually typing the few lines to upgrade a reverse shell to a full interactive reverse shell tty spawn, stty size ..., stty raw -echo or typing the command to use ConPTY. Description With Girsh, just run it and it will detect the OS and execute the correct commands to...
Sigurlx - A Web Application Attack Surface Mapping Tool
sigurlx a web application attack surface mapping tool, it does ...: Categorize URLs URLs' categories: endpoint js js style css data json|xml|csv archive zip|tar|tar.gz doc pdf|xlsx|doc|docx|txt media jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff Next, probe HTTP requests to th...
Aura - Python Source Code Auditing And Static Analysis On A Large Scale
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attac...
Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools
A graphical interface to use information security tools by the browser. Getting Started Kali Linux Tools Interface is a graphical interface to use information security tools by the browser. The project uses the Kali Linux tools as a reference because it is the distribution that has the largest...
Airshare - Cross-platform Content Sharing In A Local Network
Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces. It works completely offline! Built with aiohttp and zeroconf. Checkout the demo...
DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple files Gzip compression supported Now supports...
Astra - Automated Security Testing For REST API's
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...
InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram
InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access. Features Download Instagram Photos Download Instagram Videos Download Instagram Profile Pictures Git Installation clone the repo $ git clone...
Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs
This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...
See-SURF - Python Based Scanner To Find Potential SSRF Parameters
A Python based scanner to find potential SSRF parameters in a web application. Motivation SSRF being one of the critical vulnerabilities out there in web, I see there was no tool which would automate finding potential vulnerable parameters. See-SURF can be added to your arsenal for recon while...
AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)
Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System HIDS due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be...
Grouper2 - Find Vulnerabilities In AD Group Policy
What is it for? Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some...
Silver - Mass Scan IPs For Vulnerable Services
masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more. Note: Silver...
Mallory - HTTP/HTTPS Proxy Over SSH
HTTP/HTTPS proxy over SSH. Installation Local machine: go get github.com/justmao945/mallory/cmd/mallory Remote server: need our old friend sshd Configueration Config file Default path is $HOME/.config/mallory.json, can be set when start program mallory -config path/to/config.json Content: idrsa i...
JShell - Get A JavaScript Shell With XSS
JShell - Get a JavaScript shell with XSS. Usages Run shell.py and JShell will automatically try to detect your IP address, default LPORT is 33. As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim. As soon as you do that, you will get a...
Wildpwn - Unix Wildcard Attack Tool
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often. First things first! Read: https://www.exploit-db.com/papers/33930/ Basic usage It goes something like...
ShellPop - Pop Shells Like A Master
Pop shells like a master Shell pop is all about popping shells. With this tool you can generate easy and sofisticated reverse or bind shell commands to help you during penetration tests. Don't waste more time with .txt files storing your Reverse shells! Installation Python 2.x is required. 3.0+...
meg - Fetch Many Paths For Many Hosts (Without Killing The Hosts)
meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating. You get lots of results quickly, but non of the individual hosts get flooded with traffic...
Enigma - Multiplatform Payload Dropper
Enigma is a Multiplatform payload dropper. Run git clone https://github.com/UndeadSec/Enigma.git cd Enigma python enigma.py or python3 enigma3.py Prerequisites python 2.7 for enigma.py python 3.x for enigma.py metasploit Tested on Kali Linux - ROLLING EDITION Video Download Enigma...
OSXAuditor - Free Mac OS X Computer Forensics Tool
OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system a...
dirsearch - Brute Force Directories and Files in Websites
dirsearch is a simple command line tool designed to brute force directories and files in websites. Operating Systems supported Windows XP/7/8/10 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for multiple extensions -e|--extensions asp,php Reporting plain text, JSON...
SploitScan - A Sophisticated Cybersecurity Utility Designed To Provide Detailed Information On Vulnerabilities And Associated Proof-Of-Concept (PoC) Exploits
SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It'...
Fuzzable - Framework For Automating Fuzzable Target Discovery With Static Analysis
Framework for Automating Fuzzable Target Discovery with Static Analysis. Introduction Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as it...
PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...
R4Ven - Track Ip And GPS Location
Track User's Smartphone/Pc Ip And Gps Location. The tool hosts a fake website which uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location latitude and longitude of the target along with IP Address and Device Information. This tool is a Proof of...