6011 matches found
Osweep - Don't Just Search OSINT, Sweep It
If you work in IT security, then you most likely use OSINT to help you understand what it is that your SIEM alerted you on and what everyone else in the world understands about it. More than likely you are using more than one OSINT service because most of the time OSINT will only provide you with...
Nameles - Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering
Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or...
DbgShell - A PowerShell Front-End For The Windows Debugger Engine
A PowerShell front-end for the Windows debugger engine. Ready to tab your way to glory? For a quicker intro, take a look at Getting Started. Disclaimers 1. This project is not produced, endorsed, or monitored by the Windows debugger team. While the debugger team welcomes feedback about their API...
DarkSpiritz - A Penetration Testing Framework For UNIX Systems
What is DarkSpiritz? Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this...
WindowsSpyBlocker - Block Spying And Tracking On Windows
WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems. The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute...
AutoSQLi - An Automatic SQL Injection Tool Which Takes Advantage Of Googler, Ddgr, WhatWaf And SQLMap
An Automatic SQL Injection Tool Which Takes Advantage Of DorkNet Googler, Ddgr, WhatWaf And Sqlmap. Features Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool Dorking - from the command line one dork : YES - from a file: NO - from an...
Wifite 2.1.0 - Automated Wireless Attack Tool
A complete re-write of wifite, a Python script for auditing wireless networks. Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches! What's new in Wifite2? Less bugs Cleaner process management. Does not leave processes running in the background the ol...
jadx - Dex to Java Decompiler
jadx - Dex to Java decompiler Command line and GUI tools for produce Java source code from Android Dex and Apk files. Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in...
mimipenguin - A Tool To Dump The Login Password From The Current Linux User
A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Details Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing cleartext...
BeeLogger - Generate Emailing Keyloggers to Windows on Linux
Generate gmail emailing keyloggers to windows on linux, powered by python and compiled by pyinstaller. Features Send logs each 120 seconds. Send logs when chars 50. Send logs with gmail. Some Phishing methods are included. Multiple Session disabled. Bypass UAC. Prerequisites apt wine wget Linux...
transfer.sh - Easy and Fast File Sharing from the Command-line
Easy and fast file sharing from the command-line. This code contains the server with everything you need to create your own instance. Transfer.sh support currently the s3 Amazon S3 provider and local file system local. Usage Upload: $ curl --upload-file ./hello.txt https://transfer.sh/hello.txt...
Johnny - GUI for John the Ripper
Johnny is a cross-platform open-source GUI for the popular password cracker John the Ripper. Features 1. user could start, pause and resume attack though only one session is allowed globally, 2. all attack related options work, 3. all input file formats are supported pure hashes, pwdump, passwd,...
FuckShitUp - Multi Vulnerabilities Scanner written in PHP
Basically, FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab url's using search engines - and so, dork for interesting files and full path disclosures. Using list of url's, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and...
[SecLists] Collection of multiple types of lists used during security assessments
SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to...
QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
QuickResponseC2 is a stealthy Command and Control C2 framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS...
EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...
Blackbone - Windows Memory Hacking Library
Windows memory hacking library Features x86 and x64 support Process interaction Manage PEB32/PEB64 Manage process through WOW64 barrier Process Memory Allocate and free virtual memory Change memory protection Read/Write virtual memory Process modules Enumerate all 32/64 bit modules loaded...
SQLiDetector - Helps You To Detect SQL Injection "Error Based" By Sending Multiple Requests With 14 Payloads And Checking For 152 Regex Patterns For Different Databases
Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | S|Q|L|i|...
Socialhunter - Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked
Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company's reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Currently, ...
Snap-Scraper - Snap Scraper Enables Users To Download Media Uploaded To Snapchat's Snap Map Using A Set Of Latitude And Longitude Coordinates
Snap Scraper is an open source intelligence tool which enables users to download media uploaded to Snapchat's Snap Map using a set of latitude and longitiude co-ordinates. This project is in no way affiliated with, authorized, maintained, sponsored or endorsed by Snap inc. or any of its affiliate...
Reconmap - VAPT (Vulnerability Assessment And Penetration Testing) Automation And Reporting Platform
Reconmap is a vulnerability assessment and penetration testing VAPT platform. It helps software engineers and infosec pros collaborate on security projects, from planning, to implementation and documentation. The tool's aim is to go from recon to report in the least possible time. Demo Details on...
MetaFinder - Search For Documents In A Domain Through Google
Search For Documents In A Domain Through Google. The Objective Is To Extract Metadata. Installing dependencies: git clone https://github.com/Josue87/MetaFinder.git cd MetaFinder pip3 install -r requirements.txt Usage python3 metafinder.py -t domain.com -l 20 -v Parameters: t: Specifies the target...
Threagile - Agile Threat Modeling Toolkit
Threagile see https://threagile.io for more details is an open-source toolkit for agile threat modeling: It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules as well as...
Tangalanga - The Zoom Conference Scanner Hacking Tool
Zoom Conference scanner. This scanner will check for a random meeting id and return information if available. Usage This are all the possible flags: tangalanga \ -token=user-token \ default: env TOKEN user token to use. -colors=false \ default: true enable/disable colors -censor=true \ default:...
Dnssearch - A Subdomain Enumeration Tool
This software is a subdomain enumeration tool. Purpose dnssearch takes an input domain -domain parameter and a wordlist -wordlist parameter , it will then perform concurrent DNS requests using the lines of the wordlist as sub domains eventually bruteforcing every sub domain available on the top...
Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be exploited to bypass system security restrictions. These binaries can be abused to get the fk break out of restricted shells, escalate privileges, transfer files, spawn bind and reverse shell...
Heapinspect - Inspect Heap In Python
HeapInspect is designed to make heap much more prettier. Now this tool is aplugin of nadbg. Try it! Features Free of gdb and other requirement Multi glibc support 2.19, 2.23-2.27 currently tested both 32bit and 64bit Nice UI to show heap HeapShower detailed PrettyPrinter colorful, summary Heapdif...
Ddoor - Cross Platform Backdoor Using Dns Txt Records
Cross-platform backdoor using dns txt records. What is ddor? ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both linux and windows machines List of around 10 public DN...
NetAss2 - Network Assessment Assistance Framework
Easier network scanning with NetAss2 Network Assessment Assistance Framework. Make it easy for Pentester to do penetration testing on network. Dependencies nmap tool zmap tool Installation git clone https://github.com/zerobyte-id/NetAss2.git cd NetAss2 sudo chmod +x install.bash sudo ./install.ba...
KRF - A Kernelspace Randomized Faulter
KRF is a K ernelspace R andomized F aulter. It currently supports the Linux and FreeBSD kernels. What? Fault injection is a software testing technique that involves inducing failures "faults" in the functions called by a program. If the callee has failed to perform proper error checking and...
Clrinject - Injects C# EXE Or DLL Assembly Into Every CLR Runtime And AppDomain Of Another Process
Injects C EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process's classes and therefore affect it's internal state. Usage clrinject-cli.exe -p -a Opens process with id or name , inject EXE and...
RedHunt OS - Virtual Machine For Adversary Emulation And Threat Hunting
Virtual Machine for Adversary Emulation and Threat Hunting RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machine: Lubuntu-17.10.1...
Demiguise - HTA Encryption Tool for RedTeams
What does it do? The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page, the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to ge...
Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns
Password cracking rules for Hashcat based on statistics and industry patterns. The following blog posts on passwords explain the statistical signifigance of these rulesets: Statistics Will Crack Your Password Praetorian Password Cracking Rules Released Useful wordlists to utilize with these rules...
Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
Implement and monitor Appsec control at scale. Requirements NodeJS 20.13 Tested on Mac Ubuntu How to install $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ npm i Build a Docker image $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ docker build -t witch...
CSAF - Cyber Security Awareness Framework
The Cyber Security Awareness Framework CSAF is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity"cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...
BloodHound - Six Degrees Of Domain Admin
BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...
Bryobio - NETWORK Pcap File Analysis
NETWORK Pcap File Analysis, It was developed to speed up the processes of SOC Analysts during analysis Tested OK Debian OK Ubuntu Requirements $ pip install pyshark $ pip install dpkt $ Wireshark $ Tshark $ Mergecap $ Ngrep 𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗜𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗜𝗢𝗡𝗦 $ https://github.com/emrekybs/Bryobio.git $ cd...
Scanner-and-Patcher - A Web Vulnerability Scanner And Patcher
This tools is very helpful for finding vulnerabilities present in the Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of application'...
pyWhat - Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More...
The easiest way to identify anything pip3 install pywhat && pywhat --help What is this? Imagine this: You come across some mysterious text 5f4dcc3b5aa765d61d8327deb882cf99 and you wonder what it is. What do you do? Well, with what all you have to do is ask what "5f4dcc3b5aa765d61d8327deb882cf99"...
Turbo-Intruder - A Burp Suite Extension For Sending Large Numbers Of HTTP Requests And Analyzing The Results
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended to complement Burp Intruder by handling attacks that require exceptional speed, duration, or complexity. The following features set it apart: Fast - Turbo Intruder uses a...
Bheem - Simple Collection Of Small Bash-Scripts Which Runs Iteratively To Carry Out Various Tools And Recon Process
Project Bheem is a simple collection of small bash-scripts which runs iteratively to carry out various tools and recon process & store output in an organized way. This project was created initially for automation of Recon for personal usage and was never meant to be public as there is nothing fan...
Xerror - Fully Automated Pentesting Tool
Xerror is an automated penetration tool , which will helps security professionals and non professionals to automate their pentesting tasks. Xerror will perform all tests and, at the end generate two reports for executives and analysts. Xerror provides GUI easy to use menu driven options.Iinternal...
Osi.Ig - Information Gathering Instagram
The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes: profile : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined...
DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs? Let's assume that we have a valid credentials, or an active session with access to a remote machine, but we are without an option for executing a process remotely in a...
MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory
Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...
Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
We are incredibly excited to announce the second release of 2020, Kali Linux 2020.1.2 A quick overview of what’s new since January: KDE Plasma Makeover & Login PowerShell by Default. Kind of. Kali on ARM Improvements Lessons From The Installer Changes New Key Packages & Icons Behind the Scenes,...
Tor Browser v9.0 - Everything you Need to Safely Browse the Internet
Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well including Tor to 0.4.1.6 and OpenSSL to 1.1.1d for desktop versions and Tor to 0.4.1.5 for Android. In addition to all the needed patch rebasing and toolchain updates, ...
Zoom - Automatic & Lightning Fast Wordpress Vulnerability Scanner
Zoom is a lightning fast wordpress vulnerability scanner equipped with subdomain & infinite username enumeration.. It doesn't support plugin & theme enumeration at the moment. What's infinite enumeration? Try enumerating usernames of cybrary.com with Zoom & wpscan or your fav tool. Twitter:...
MagicTree - Penetration Tester Productivity Tool
Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we...