6011 matches found
R4Ven - Track Ip And GPS Location
Track User's Smartphone/Pc Ip And Gps Location. The tool hosts a fake website which uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location latitude and longitude of the target along with IP Address and Device Information. This tool is a Proof of...
SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features 1. Supported PHP Language 2...
AES256_Passwd_Store - Secure Open-Source Password Manager
This script securely encrypts or decrypts passwords on disk within a custom database file. It also features functionality to retrieve passwords from a previously generated database file. This script takes a master password from stdin/from memory, then hashes the password using the specified hashi...
Fpicker - A Frida-based Fuzzing Suite Supporting Various Modes (Including AFL++ In-Process Fuzzing)
fpicker is a Frida-based fuzzing suite that offers a variety of fuzzing modes for in-process fuzzing, such as an AFL++ mode or a passive tracing mode. It should run on all platforms that are supported by Frida. Installation Instructions Building and Running Creating a Fuzzing Harness Modes and...
Cerbrutus - Network Brute Force Tool, Written In Python
Modular brute force tool written in Python, for very fast password spraying SSH, and FTP and in the near future other network services. COMING SOON: SMB, HTTPs POST, HTTPs GET, HTTP BASIC AUTH Thanks to @0dayctf, Rondons, Enigma, and 001 fortesting and contributing Installation: cd /opt git clone...
Project iKy v2.7.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...
Zmap - A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys
ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PFRING, ZMap can scan the IPv4...
ADSearch - A Tool To Help Query AD Via The LDAP Protocol
A tool written for cobalt-strike's execute-assembly command that allows for more efficent querying of AD. Key Features List all Domain Admins Custom LDAP Search Connect to LDAPS Servers Output JSON data from AD instances Retrieve custom attributes from a generic query i.e. All computers Usage...
Unfollow-Plus - Automated Instagram Unfollower Bot
Automated Instagram Unfollower Bot. Installation : apt update apt install git curl -y git clone git://github.com/htr-tech/unfollow-plus.git cd unfollow-plus Run : bash unfollower.sh Single Command : apt update ; apt install git curl -y ; git clone git://github.com/htr-tech/unfollow-plus.git ; cd...
uDork - Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or...
Game-based learning platform provides full immersion into cybersecurity
Working and learning have gone remote, and we have to come to terms with this new reality. Nowadays, several organizations allow their staff to work from home permanently. Most universities consider reducing classroom time wherever possible, and now we are seeing the demand for online courses sky...
BADlnk - Reverse Shell In Shortcut File (.lnk)
Reverse Shell in Shortcut File .lnk How it works? Shortcut file Microsoft Windows 9.x LNK is a file extension for a shortcut file used by Microsoft Windows to point to an executable file. LNK stands for LiNK. Shortcut files are used as a direct link to an executable file, instead of having to...
ABD - Course Materials For Advanced Binary Deobfuscation
Advanced Binary Deobfuscation This repository contains the course materials of Advanced Binary Deobfuscation at the Global Cybersecurity Camp GCC Tokyo in 2020. Course Abstract Reverse engineering is not easy, especially if a binary code is obfuscated. Once obfuscation performed, the binary would...
TheTHE - Simple, Shareable, Team-Focused And Expandable Threat Hunting Experience
TheTHE is an environment intended to help analysts and hunters over the early stages of their work in an easier, unified and quicker way. One of the major drawbacks when dealing with a hunting is the collection of information available on a high number of sources, both public and private. All thi...
Sshtunnel - SSH Tunnels To Remote Server
Inspired by https://github.com/jmagnusson/bgtunnel, which doesn't work on Windows. See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installation sshtunnel is on PyPI, so simply run: pip install sshtunnel or easyinstall sshtunnel or conda install -c...
Pockint - A Portable OSINT Swiss Army Knife For DFIR/OSINT Professionals
POCKINT a.k.a. Pocket Intelligence is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program to be carried within USBs or investigation VMs, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box...
Exrex - Irregular Methods On Regular Expressions
Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more. It's pure python, without external dependencies. There are regular expressions with infinite matching strings eg.: a-z+, in these cases exrex limits the maximum...
Jackhammer - One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems
One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the qualit...
Bashark - Bash Post Exploitation Toolkit
Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark's help menu Features Single Bash script...
SQLMap v1.2.10 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
[Spooftooph 0.5.2] Automated spoofing or cloning Bluetooth device
Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same devi...
Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources
xurlfind3r is a command-line interface CLI utility to find domain's known URLs from curated passive online sources. Features Fetches URLs from curated passive sources to maximize results: AlienVault's OTX BeVigil Common Crawl URLScan Github Intelligence X Wayback Machine With Wayback Machine,...
VX-API - Collection Of Various Malicious Functionality To Aid In Malware Development
The VX-API is a collection of malicious functionality to aid in malware development. It is recommended you clone and/or download this entire repo then open the Visual Studio solution file to easily explore functionality and concepts. Some functions may be dependent on other functions present with...
Bbot - OSINT Automation For Hackers
BEE·bot OSINT automation for hackers. BBOT is a recursive , modular OSINT framework written in Python. It is capable of executing the entire OSINT process in a single command, including subdomain enumeration, port scanning, web screenshots with its gowitness module, vulnerability scanning with...
K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way reverse shell. k0otkit is the combination of Kubernetes and...
Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.2. This release has various impressive updates. The summary of the changelog since the 2022.1 release from February 2022 is: GNOME 42 - Major release update of the popular desktop environment KDE Plasma 5.24 - Version bump with a more...
Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface
An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Introduction Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS. Features Tun interface No more SOCKS! Simpl...
Pstf2 - Passive Security Tools Fingerprinting Framework
Have you ever wanted a simple, easy and stealth bypass for multiple classes of security products? pstf^2 pronounced pstf-square is an implementation of an HTTP server capable of passive browser fingerprinting - and it might just be the thing you are looking for. When attackers try to deliver a...
Orbitaldump - A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python
A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list usually thousands ...
Ioccheck - A Tool For Simplifying The Process Of Researching IOCs
A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise IOCs. Features Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python. Currenty supports the following services: VirusTotal...
Dystopia - Low To Medium Multithreaded Ubuntu Core Honeypot Coded In Python
Low to medium Ubuntu Core honeypot coded in Python. Features Optional Login Prompt Logs commands used and IP addresses Customize MOTD, Port, Hostname and how many clients can connect at once default is unlimited Save and load config Add support to a plethora of commands Todo Packet Capture Better...
Ghost Framework - An Android Post-Exploitation Framework That Exploits The Android Debug Bridge To R emotely Access An Android Device
About Ghost Framework Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation To install...
Geo-Recon - An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. Setup This tool is compactible with: Any Linux Operating System Debian, Ubuntu, CentOS Termux Linux Setup git clone https://github.com/radioactivetobi/geo-recon.git cd geo-recon chmod +x...
Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management
Please note : We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at [email protected]. Website: https://www.vaultproject.io IRC: vault-tool on Freenode Announcement list: Google...
Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation Download precompiled version here. If you have a Go environment, make sure you have Go = 1.13 with Go Modules enable and run the following command. GO111MODULE=...
FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server
FProbe - Fast HTTP Probe Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some additional...
Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework
About Proton Framework Proton Framework is a Windows post exploitation framework similar to other penetration testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that the Proton Framework does most of its operations using Windows Script Host a.k.a...
Adama - Searches For Threat Hunting And Security Analytics
Adama Searches ForThreat Hunting and Security Analytics A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK. Adama is part of the SpaceCake project...
Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies
RA pid B ig I P D ecoder What it is A CLI tool and library allowing to simply decode all kind of BigIP cookies. Features Support all 4 cookie formats CLI tool & library Hackable References Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/ Author Made by Alexandre ZANNI @noraj...
Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
An Obfuscation-Neglect Android Malware Scoring System Concepts Android malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way. W...
Sherlock - Find Usernames Across Social Networks
Find usernames across social networks Installation NOTE : Python 3.6 or higher is required. clone the repo $ git clone https://github.com/sherlock-project/sherlock.git change the working directory to sherlock $ cd sherlock install python3 and python3-pip if not exist install the requirements $ pi...
DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate...
TIDoS-Framework v1.7 - The Offensive Manual Web Application Penetration Testing Framework
TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...
Singularity - A DNS Rebinding Attack Framework
Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...
[SuperPutty Password Decryptor] SuperPutty Session Login Password Recovery Software
SuperPutty Password Decryptor is the Free desktop tool to instantly recover all the login passswords from SuperPutty session history. SuperPutty is a Windows GUI Application that allows PuTTY SSH Client to be opened in Tabs. It also stores the session details allowing users to automatically login...
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n arson when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
HackBot - A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI
Welcome to HackBot, an AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis. Whether you are a security researcher, an ethical hacker, or just curious about cybersecurity, HackBot is her...
Fingerprintx - Standalone Utility For Service Discovery On Open Ports!
fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a set of ports identified during a port scan. For example, an engineer may wish to scan...
Havoc - Modern and malleable post-exploitation command and control framework
Havoc is a modern and malleablepost-exploitation command and control framework, created by @C5pider. Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures. Support Consider supporting C5pider on Patreon/Github Sponsors. Additional...
PowerShx - Run Powershell Without Software Restrictions
Unmanaged PowerShell execution using DLLs or a standalone executable. Introduction PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe,...