difuze - Fuzzer for Linux Kernel Drivers

Fuzzer for Linux Kernel Drivers Tested on Ubuntu = 14.04.5 LTS As explained in our paper, There are two main components of difuze: Interface Recovery and Fuzzing Engine 1. Interface Recovery The Interface recovery mechanism is based on LLVM analysis passes. Every step of interface recovery are...

RouterSploit - Router Exploitation Framework

The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

Project Arsenal X - As HackTheGame But Real

Project Arsenal X New version of my Arsenal X written in Delphi with the following options: + Gmail Inbox + Whois Client + Table + Downloader + Get IP + Locate IP + K0bra SQLI Scanner + Crack multiple hashes + Search admin panel + Port Scanner + Multi Cracker with support for FTP, TELNET, POP3 +...

Maryam - Open-source Intelligence(OSINT) Framework

OWASP Maryam is a modular open-source framework based on OSINT and data gathering. It is designed to provide a robust environment to harvest data from open sources and search engines quickly and thoroughly. Installation Supported OS Linux FreeBSD Darwin OSX $ pip install maryam Alternatively, you...

SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names

SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names. LFI for Lateral Movement? Gain SSH Access? ?file=../../../../../../../../home/user/.ssh/idrsa ?file=../../../../../../../../home/user/.ssh/idrsa-cert SSH Private Key...

EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials

This is a tool designed for Open Source Intelligence OSINT purposes, which helps to gather information about employees of a company. How it Works The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find...

Whisker - A C# Tool For Taking Over Active Directory User And Computer Accounts By Manipulating Their msDS-KeyCredentialLink Attribute

Whisker is a C tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. This tool is based on code from DSInternals by Michael Grafnetter @MGrafnetter. For this attack to...

RAT-el - An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus...

Wsb-Detect - Tool To Detect If You Are Running In Windows Sandbox ("WSB")

wsb-detect enables you to detect if you are running in Windows Sandbox "WSB". The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox WSB for short. The...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

Dufflebag - Search Exposed EBS Volumes For Secrets

Dufflebag is a tool that searches through public Elastic Block Storage EBS snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around! The tool is organized as an Elastic Beanstalk "EB", not to be confused with EBS...

Corsy v1.0 - CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Requirements Corsy only works with Python 3 and has the following depencies: tld requests To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt Usag...

SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn't perform authentication against SMB everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn...

The Docker Bench For Security - A Script That Checks For Dozens Of Common Best-Practices Around Deploying Docker Containers In Production

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding...

Parrot Security 4.4 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.4 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Parrot 4.4 Development Goals The Parrot 4.4 development process involved the ideas of many people in the community, and the go...

Invoke-ATTACKAPI - A PowerShell Script To Interact With The MITRE ATT& CK Framework Via Its Own API

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team @MITREattack. Goals Provide an easy way to interact with the MITRE ATT&CK Framework via its o...

Pwntools - CTF Framework And Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. from pwn import contextarch = 'i386', os = 'linux' r = remote'exploitme.example.com', 31337 EXPLOIT COD...

QARK - Tool to look for several security related Android application vulnerabilities

Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...

EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises

EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features v1.0.1- - Subdomain enumeration 2 engines +...

Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python

️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A quick guide of how to install and use Pinkerton. 1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git 2. Install the libraries with: pip3 install -r...

Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms

Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...

noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chain positional arguments: domain/username:password Account used to authenticate to DC. optional arguments: -h, --help show thi...

TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID | Cloud Service Company | Types Of Cloud...

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

Wpgarlic - A Proof-Of-Concept WordPress Plugin Fuzzer

A proof-of-concept WordPress plugin fuzzer used in the research described in https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html that helped to discover more than 140 vulnerablities in WordPress plugins installed on almost 15 million sites. If you want to continue the research, start with...

Domain-Protect - Protect Against Subdomain Takeover

Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack ...

Ipa-Medit - Memory Search And Patch Tool For Resigned Ipa Without Jailbreak

Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be...

VAST - Visibility Across Space And Time

The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at tenzirvast:gitter.im. Key Features High-Throughput Ingestion : import numerou...

SecretScanner - Find Secrets And Passwords In Container Images And File Systems

Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure such as accounts, devices, network, cloud based services,...

Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more...

OSV - Open Source Vulnerability DB And Triage Service

OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. For open source maintainers, OSV's automation helps reduce the burden of triage. Each vulnerability undergoes automated bisection and impa...

Ditto - A Tool For IDN Homograph Attacks And Detection

Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡitter.com/ https://clᴏudflare.com Using with Docker The image on docker hub is...

HyperDbg - The Source Code Of HyperDbg Debugger

HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging...

Watcher - Open Source Cybersecurity Threat Hunting Platform

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources...

DarkSide - Tool Information Gathering And Social Engineering

Features: Hacker Dashboard Hacker News thehackernews.com/ New Exploits Exploit-db.com Hacking Tutorials Video youtube.com The Latest Prices OF Digital Currencies Rials , Usd Information Gathering Bypass Cloud Flare Cms Detect Trace Toute Reverse IP Port Scan IP location Finder Show HTTP Header Fi...

smbAutoRelay - Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

SMB AutoRelay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments. Usage Syntax: ./smbAutoRelay.sh -i -t -q -d . Example: ./smbAutoRelay.sh -i eth0 -t ./targets.txt . Notice that the targets file should contain just the IP...

Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Example report Documentation For full documentation, please visit the project on ReadTheDocs. Installation Cheat sheet Example report Overview...

SNOWCRASH - A Polyglot Payload Generator

A polyglot payload generator Introduction SNOWCRASH creates a script that can be launched on both Linux and Windows machines. Payload selected by the user in this case combined Bash and Powershell code is embedded into a single polyglot template, which is platform-agnostic. There are few payloads...

FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity

FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. Installation $ git clone https://github.com/dwisiswant0/findom-xss.git Dependencies: LinkFinder Configuration Change the value of LINKFINDER variable on line 3 with your main...

RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types e.g., java.lang.String, can be exploited by replacing the object with a serialize...

Richkit - Domain Enrichment Toolkit

Richkit is a python3 package that provides tools taking a domain name as input, and returns addtional information on that domain. It can be an analysis of the domain itself, looked up from data-bases, retrieved from other services, or some combination thereof. The purpose of richkit is to provide...

Hershell - Multiplatform Reverse Shell Generator

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Masc - A Web Malware Scanner

A malware web scanner developed during CyperCamp Hackathon 2017. Features At the moment, there are some features avaiable for any type of website custom or CMS and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules...

TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shel...

PyStat - Advanced Netstat Using Python For Windows

PyStat is an Advanced Netstat Using Python For Windows. Features Know remote address of process Know remote ports of process Know which user using process along with title & PID Changelogs: Auto Install python modules support added in install.py Installation Guide: Download the .zip file Extract...

I2P - The Invisible Internet Project

I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based a la IP, but there is a library available to allow reliable streaming communication on top of it a la TCP. All...

BlueMaho - Bluetooth Security Testing Suite

BlueMaho is GUI-shell interface for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice...

[DNSwalk] Running on BackTrack 5 R3

Dnswalk is a DNS debugger. It performs zone transfers of specifieddomains, and checks the database in numerous ways for internalconsistency, as well as accuracy. dnswalk is not for the faint of heart. It should NOT be used without a firm knowledge of the DNS RFC's. The warnings and errors must be...

VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing

VulnKnox is a powerful command-line tool written in Go that interfaces with the KNOXSS API. It automates the process of testing URLs for Cross-Site Scripting XSS vulnerabilities using the advanced capabilities of the KNOXSS engine. Features Supports pipe input for passing file lists and echoing...