6011 matches found
AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING
This Is Advance Phishing Tool! OTP PHISHING SPECIAL OTP BYPASS VIDEO WORKED Social Media Hack | Link ---|--- Installation Termux | https://www.youtube.com/watch?v=LO3hX1lLBjI Whatsapp OTP | https://www.youtube.com/watch?v=pyB63ym3QYs Google OTP | https://www.youtube.com/watch?v=MhSb4My1lZo Paytm...
Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...
Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Example report Documentation For full documentation, please visit the project on ReadTheDocs. Installation Cheat sheet Example report Overview...
Klar - Integration Of Clair And Docker Registry
Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...
Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company
should-i-trust is a tool to evaluate OSINT signals for a domain. Requirements should-i-trust requires API keys from the following sources: Censys.io - Free for for first 250/quries/month VirusTotal - Free GrayHatWarFare - Free with limited results Use Case You're part of a review board that's...
S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. It was originally built back in 2016 to target GitHub. Installation Binaries Find the binaries on the Releases page. Go go get...
RapidRepoPull - Tool To Quickly Pull And Install Repos From A List
Description This program uses Python to clone/maintain multiple security related repos using threading and multiprocessing Goal The goal of this program is to quickly pull and install repos from its list Use cases Quickly install your favorite Security repos on a new system Kick off multiple...
DigiDuck Framework - Framework For Digiduck Development Boards Running ATTiny85 Processors And Micronucleus Bootloader
Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader! Roadmap: Plan to implement a command for Duckyspark translation within the framework. Requirements: - ATTiny85 or other compatible "Digispark" Development Boards - DigiSpark Drivers If you can use...
GyoiThon - A Growing Penetration Test Tool Using Machine Learning
GyoiThon is a growing penetration test tool using Machine Learning. GyoiThon identifies the software installed on web server OS, Middleware, Framework, CMS, etc... based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generate...
filtron - Filtering reverse HTTP proxy
Reverse HTTP proxy to filter requests by different rules. Can be used between production webserver and the application server to prevent abuse of the application backend. The original purpose of this program was to defend searx , but it can be used to guard any web application. Installation and...
Xerosploit - Efficient And Advanced Man In The Middle Framework
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...
I2P - The Invisible Internet Project
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based a la IP, but there is a library available to allow reliable streaming communication on top of it a la TCP. All...
AppCrashView - View Application Crashes (.wer files)
AppCrashView is a small utility for Windows Vista and Windows 7 that displays the details of all application crashes occurred in your system. The crashes information is extracted from the .wer files created by the Windows Error Reporting WER component of the operating system every time that a cra...
ProGuard - Java class file Shrinker, Optimizer, Obfuscator and Preverifier
ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names...
Subhunter - A Fast Subdomain Takeover Tool
Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. It occurs when...
Mailchecker - Cross-language Temporary (Disposable/Throwaway) Email Detection Library. Covers 55 734+ Fake Email Providers
Cross-language email validation. Backed by a database of over 55 000 throwable email domains. Validate the format of your email uses validator.js email regex underneath and FILTERVALIDATEEMAIL for PHP Validate if the email is not a temporary mail yopmail-like..., add your own dataset to list.txt...
Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python
️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A quick guide of how to install and use Pinkerton. 1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git 2. Install the libraries with: pip3 install -r...
Aftermath - A Free macOS IR Framework
Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can be deployed from an MDM ideally, but it can also run independently from the infected user's...
Arsenal - Recon Tool installer
Arsenal is a Simple shell script Bash used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal Name | description ---|--- Amass | The OWASP Amass Project performs network mapping of attack surfaces and external...
Gh-Dork - Github Dorking Tool
Supply a list of dorks and, optionally, one of the following: a user -u a file with a list of users -uf an organization -org a file with a list of organizations -of a repo -r You can also pass: an output directory to store results -o a filename to store valid items, if your users or org file may...
AlphaGolang - IDApython Scripts For Analyzing Golang Binaries
AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the methodology an analyst might follow when tackling a Go binary. Scripts are...
BurpCrypto - A Collection Of Burpsuite Encryption Plug-Ins, Support AES/RSA/DES/ExecJs(execute JS Encryption Code In Burpsuite)
Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJsexecute JS encryption code in burpsuite. Build $ mvn package Usage 中文使用说明 Download the precompiled jar package from Releases. Add this jar package to your burpsuite's Extensions. Switch to BurpCrypto tab,...
BlobHunter - Find Exposed Data In Azure With This Public Blob Scanner
An opensource tool for scanning Azure blob storage accounts for publicly opened blobs. BlobHunter is a part of "Hunting Azure Blobs Exposes Millions of Sensitive Files" research: https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files Overvi...
Fully-Homomorphic-Encryption - Libraries And Tools To Perform Fully Homomorphic Encryption Operations On An Encrypted Data Set
This repository contains open-source libraries and tools to perform fully homomorphic encryption FHE operations on an encrypted data set. About Fully Homomorphic Encryption Fully Homomorphic Encryption FHE is an emerging data processing paradigm that allows developers to perform transformations o...
AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile
AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile. Any incoming requests that do not share the profiles user-agent, URI paths, headers, and query parameters, will be redirected ...
Tracee - Container And System Event Tracing Using eBPF
Tracee is a lightweight and easy to use container and system tracing tool. It allows you to observe system calls and other system events in real-time. A unique feature of Tracee is that it will only trace newly created processes and containers that were started after Tracee has started, in order ...
DroneSploit - Drone Pentesting Framework Console
This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For the ease of use, the interface has a layout that looks like Metasploit. Black Hat Europe Arsenal 2019 presentation Also see articles: Black Hat Europe: New...
URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage. Homepage: https://www.morningstarsecurity.com/research/urlcrazy Use Cases Detect typo squatters profiting from typos on your domain name...
Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload
About Mouse Framework Mouse Framework is an iOS and macOS post exploitation surveillance framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse Payload. Mouse gives you the power and convenience of uploading and...
Ettercap - A Comprehensive Suite For Man In The Middle Attacks
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ETTERCAP...
StaCoAn - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding...
Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or...
AVPASS - Tool For Leaking And Bypassing Android Malware Detection System
AVPASS is a tool for leaking the detection model of Android malware detection systems i.e., antivirus software, and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and...
Meld - Visual Diff And Merge Tool Targeted At Developers
Meld is a visual diff and merge tool targeted at developers. Meld helps you compare files, directories, and version controlled projects. It provides two- and three-way comparison of both files and directories, and has support for many popular version control systems. Meld helps you review code...
Custom-SSH-Backdoor - SSH Backdoor using Paramiko
Custom ssh backdoor, coded in python using Paramiko. Paramiko is a Python 2.6+, 3.3+ implementation of the SSHv2 protocol, providing both client and server functionality. While it leverages a Python C extension for low level cryptography PyCrypto, Paramiko itself is a pure Python interface around...
[ZynOS-Attacker] (TP-LINK TD-W8951ND Router) Tool for automated attack on a range of IP
With these scripts you can attack ZynOS routers and modify/extract anything you want on the target router from extracting ISP username and password to injecting rogue DNS servers IPs. Download ZynOS-Attacker...
[SecureCheq v1.0] The Security Configuration Management made easy!
SecureCheq is a fast, simple utility for Windows servers and desktops that answers these questions while it tests for common configuration risks. This free utility: Tests for a subset of typical and often dangerous Windows configuration errors Provides detailed remediation and repair advice Tests...
Sicat - The Useful Exploit Finder
Introduction SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant...
noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chain positional arguments: domain/username:password Account used to authenticate to DC. optional arguments: -h, --help show thi...
Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search...
Nimplant - A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform Linux & Windows implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated...
COM-Code-Helper - Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code
Two IDAPython Scripts help you to reconstruct Microsoft COM Component Object Model Code Especially malware reversers will find this useful, as COM Code is still regularly found in malware. ClassAndInterfaceToNames.py This IDAPython script scans an idb file for class and interfaces UUIDs and creat...
Flawfinder - A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code
This is "flawfinder" by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more...
FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...
Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly
Docker for pentest is an image with the more used tools to create an pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB Hack the Box vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzd...
SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files
SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of...
Words Scraper - Selenium Based Web Scraper To Generate Passwords List
Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...
Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers
The Forerunner library is a fast, lightweight, and extensible networking library created to aid in the development of robust network centric applications such as: IP Scanners, Port Knockers, Clients, Servers, etc. In it's current state, the Forerunner library is able to both synchronously and...
ParamKit - A Small Library Helping To Parse Commandline Parameters
A small library helping to parse commandline parameters for Windows. Objectives "like Python's argparse but for C/C++" compact and minimalistic easy to use extendable Demo Print help for each parameter: Easily store values of popular types, and verify if all required parameters are filled: Verify...
Catchyou - FUD Win32 Msfvenom Payload Generator
Fully Undetectable Win32 MSFVenom Payload Generator meterpreter/shell reverse tcp Author: github.com/thelinuxchoice/catchyou Twitter: twitter.com/linuxchoice Please, don't upload to VirusTotal! Usehttps://antiscan.me Features: Fully Undetectable Win32 MSFVenom Payload meterpreter/shell reverse tc...