Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the...

Kerberoast - Kerberoast Attack -Pure Python-

Kerberos attack toolkit -pure python- Install pip3 install kerberoast Prereqirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following : +://:@/?= : +://:@/?= Steps -with SSPI-: kerberoast auto Steps -SSPI not...

Pantagrule - Large Hashcat Rulesets Generated From Real-World Compromised Passwords

gargantuan hashcat rulesets generated from compromised passwords Project maintenance warning : This project is deemed completed. No pull requests or changes will be made to this project in the future unless they are actual bugs or migrations to allow these rules to work with newer versions of...

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses

Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...

Solr-GRAB - Steal Apache Solr Instance Queries With Or Without A Username And Password

Steal Apache Solr instance Queries with or without a username and password. DISCLAIMER : This project should be used for authorized testing and educational purposes only. Download git clone https://github.com/GnosticPlayers/Solr-GRAB Usage You can search for Apache Solr Instances via Censys, with...

Max - Maximizing BloodHound

Maximizing BloodHound. Description New Release: dpat - The BloodHound Domain Password Audit Tool DPAT A simple suite of tools: get-info - Pull lists of information from the Neo4j database mark-owned - Mark a list of objects as Owned mark-hvt - Mark a list of objects as High Value Targets query...

Turbo-Intruder - A Burp Suite Extension For Sending Large Numbers Of HTTP Requests And Analyzing The Results

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended to complement Burp Intruder by handling attacks that require exceptional speed, duration, or complexity. The following features set it apart: Fast - Turbo Intruder uses a...

Stegseek - Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second

Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt in under 2 seconds. Stegse...

RedShell - An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server

An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server. Installation RedShell runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs. Install dependencies: pip3 install -r...

Mikrot8Over - Fast Exploitation Tool For Mikrotik RouterOS

mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4 This is reworked original Mikrotik Exploit. Added Python 2 compatibility and multithreading scan features. Python version Utility was tested on a python2.6 , python2.7 , python3. If you have found any bugs, don't hesitate to...

DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife

Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs? Let's assume that we have a valid credentials, or an active session with access to a remote machine, but we are without an option for executing a process remotely in a...

Hack-Tools - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory

Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...

Dnssearch - A Subdomain Enumeration Tool

This software is a subdomain enumeration tool. Purpose dnssearch takes an input domain -domain parameter and a wordlist -wordlist parameter , it will then perform concurrent DNS requests using the lines of the wordlist as sub domains eventually bruteforcing every sub domain available on the top...

Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Video Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

Arjun v1.1 - HTTP Parameter Discovery Suite

Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn't work with python Note: Arjun uses nano as the default editor for the prompt bu...

SubScraper - External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTPS requests and DNS "A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to...

RedHunt OS - Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat Hunting RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machine: Lubuntu-17.10.1...

MagicTree - Penetration Tester Productivity Tool

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we...

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 Additions JavaScript Beautifier Pause and Resume support for Scan Jump to Payload Cookie Support for POST Request Cookie Support and Custom Headers for Header Scanner Added TRACE method Support Improved Interface Better Proxy Support WAF Fingerprinting Load Files Hash Calculator Hash...

[Laudanum] Collection of injectable files

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others. Download Laudanum...

[SuperPutty Password Decryptor] SuperPutty Session Login Password Recovery Software

SuperPutty Password Decryptor is the Free desktop tool to instantly recover all the login passswords from SuperPutty session history. SuperPutty is a Windows GUI Application that allows PuTTY SSH Client to be opened in Tabs. It also stores the session details allowing users to automatically login...

PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools

A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title - injection-techniques-using-windows-thread-pools-35446"The Pool Party You Will Never Forget: New Process Injection Techniques UsingWindows Thread...

Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources

xurlfind3r is a command-line interface CLI utility to find domain's known URLs from curated passive online sources. Features Fetches URLs from curated passive sources to maximize results: AlienVault's OTX BeVigil Common Crawl URLScan Github Intelligence X Wayback Machine With Wayback Machine,...

Scanner-and-Patcher - A Web Vulnerability Scanner And Patcher

This tools is very helpful for finding vulnerabilities present in the Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of application'...

DNSrecon-gui - DNSrecon Tool With GUI For Kali Linux

DNSRecon is a DNS scanning and enumeration tool written in Python, which allows you to perform different tasks, such as enumeration of standard records for a defined domain A, NS, SOA, and MX. Top-level domain expansion for a defined domain. With this graph-oriented user interface, the different...

SQLiDetector - Helps You To Detect SQL Injection "Error Based" By Sending Multiple Requests With 14 Payloads And Checking For 152 Regex Patterns For Different Databases

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | S|Q|L|i|...

xnLinkFinder - A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target

About - v2.0 This is a tool used to discover endpoints and potential parameters for a given target. It can find them by: crawling a target pass a domain/URL crawling multiple targets pass a file of domains/URLs searching files in a given directory pass a directory name get them from a Burp projec...

Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security

A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn't be here open an issue Books Hash...

K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way reverse shell. k0otkit is the combination of Kubernetes and...

Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.2. This release has various impressive updates. The summary of the changelog since the 2022.1 release from February 2022 is: GNOME 42 - Major release update of the popular desktop environment KDE Plasma 5.24 - Version bump with a more...

Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts Route53, and can optionally take in records via CSV input, or via Cloudflare. After these records are collected,...

AnalyticsRelationships - Get Related Domains / Subdomains By Looking At Google Analytics IDs

subdomains by looking at Google Analytics IDs Python/GO versions By @JosueEncinar " Get related domains / subdomains by looking at Google Analytics IDs Python/GO versions By @JosueEncinar This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First sear...

Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots

Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal EyeWitness or GoWitness and then run them through Eyeballer to tell you what's likely to...

ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache

Bypass User Account Control UAC to gain elevated Administrator privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level set to default or lower How it works ByeIntegrity hijacks a DLL located in the Native Image Cache NIC. The NIC is used ...

Baserunner - A Tool For Exploring Firebase Datastores

A tool for exploring and exploiting Firebase datastores. Set up 1. git clone https://github.com/iosiro/baserunner.git 2. cd baserunner 3. npm install 4. npm run build 5. npm start 6. Go to http://localhost:3000 in your browser. Usage The Baserunner interface looks like this: First, use the...

UDdup - Urls De-Duplication Tool For Better Recon

The tool gets a list of URLs, and removes "duplicate" pages in the sense of URL patterns that are probably repetitive and points to the same web template. For example: https://www.example.com/product/123 https://www.example.com/product/456 https://www.example.com/product/123?isprod=false...

Bento - A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications

A bento 弁当, bentō is a single-portion take-out or home-packed meal of Japanese origin. Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players. It has the portability of Docker with the addition of X, so you can also run GUI application like burp...

Packer-Fuzzer - A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call,...

Xerror - Fully Automated Pentesting Tool

Xerror is an automated penetration tool , which will helps security professionals and non professionals to automate their pentesting tasks. Xerror will perform all tests and, at the end generate two reports for executives and analysts. Xerror provides GUI easy to use menu driven options.Iinternal...

Osi.Ig - Information Gathering Instagram

The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes: profile : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined...

MacC2 - Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities

MacC2 is a macOS post exploitation tool written in python that uses Objective C calls or python libraries as opposed to command line executions. The client is written in python2, which though deprecated is still being shipped with base Big Sur installs. It is possible down the road that Apple wil...

GitDorker - A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks

GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query. The Primary purpose of GitDorker is to provide the user with a clean and...

AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING

This Is Advance Phishing Tool! OTP PHISHING SPECIAL OTP BYPASS VIDEO WORKED Social Media Hack | Link ---|--- Installation Termux | https://www.youtube.com/watch?v=LO3hX1lLBjI Whatsapp OTP | https://www.youtube.com/watch?v=pyB63ym3QYs Google OTP | https://www.youtube.com/watch?v=MhSb4My1lZo Paytm...

mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

Small utility program to perform multiple operations for a given subnet/CIDR ranges. The tool was developed to ease load distribution for mass scanning operations, it can be used both as a library and as independent CLI tool. Features Simple and modular code base making it easy to contribute. CID...

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale

Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...

Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...

Klar - Integration Of Clair And Docker Registry

Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...

Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company

should-i-trust is a tool to evaluate OSINT signals for a domain. Requirements should-i-trust requires API keys from the following sources: Censys.io - Free for for first 250/quries/month VirusTotal - Free GrayHatWarFare - Free with limited results Use Case You're part of a review board that's...