6011 matches found
Qiling - Advanced Binary Emulation Framework
Qiling is an advanced binary emulation framework, with the following features: Cross platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X8664, Arm, Arm64, Mips Multiple file formats: PE, MachO, ELF Emulate & sandbox machine code in a isolated environment Provide high level API to setup...
Veil - Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. Veil is current under support by @ChrisTruncer Software Requirements: The following OSs are officially supported: Debian 8+ Kali Linux Rolling 2018.1+ The following OSs are likely able to run Veil: Ar...
Dirhunt v0.6.0 - Find Web Directories Without Bruteforce
DEVELOPMENT BRANCH : The current branch is a development version. Go to the stable release by clicking on the master branch. Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also...
EKFiddle v.0.8.2 - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General
A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Installation Download and install the latest version of Fiddler https://www.telerik.com/fiddler Special instructions for Linux and Mac here:...
ExchangeRelayX - An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)
Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...
Parat - Python Based Remote Administration Tool (RAT)
Parat is a simple remote administration tool RAT written in python. Also you can read wiki! Change log: Compatible with both python 2 and 3 versionsdont forget that may causes some error.so please share us any errors Do you want to try? Copy and paste on your terminal: git clone...
LaZagne v2.3 - Credentials Recovery Project
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...
rePy2exe - A Reverse Engineering Tool for py2exe applications
Reverse Engineering Tool for py2exe applications. Prerequisites cmake git python2.7 Cloning git clone https://github.com/4w4k3/rePy2exe.git Running python rePy2exe.py or python2.7 rePy2exe.py Authors Alisson Moretto - Coder - 4w4k3 Reference Thanks to: zrax - pycdc matiasb - unpy2exe License This...
LiME - Linux Memory Extractor
A Loadable Kernel Module LKM which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space...
QARK - Tool to look for several security related Android application vulnerabilities
Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...
BlueMaho - Bluetooth Security Testing Suite
BlueMaho is GUI-shell interface for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice...
CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one o...
Dorkish - Chrome Extension Tool For OSINT & Recon
During reconaissance phase or when doing OSINT , we often use google dorking and shodan and thus the idea of Dorkish. Dorkish is a Chrome extension tool that facilitates custom dork creation for Google and Shodan using the builder and it offers prebuilt dorks for efficient reconnaissance and OSIN...
Chlonium - Chromium Cookie Import / Export Tool
Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the Local State file. This state key is encrypted using DPAPI. This is a change from older versions, which used DPAPI to...
Domain-Protect - Protect Against Subdomain Takeover
Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack ...
Jarm - Active Transport Layer Security (TLS) server fingerprinting tool
Please read the initial JARM blog post for more information. JARM is an active Transport Layer Security TLS server fingerprinting tool. JARM fingerprints can be used to: Quickly verify that all servers in a group have the same TLS configuration. Group disparate servers on the internet by...
FRIDA-DEXDump - Fast Search And Dump Dex On Memory
Features 1. support fuzzy search broken header dex. 2. fix struct data of dex-header. 3. compatible with all android versionfrida supported. 4. support loading as objection plugin 5. pypi package has been released Requires frida: pip install frida optional click pip install click Installation Fro...
Msldap - LDAP Library For Auditing MS AD
msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL see below Supports integrated windows authentication SSPI both with NTLM and with KERBEROS Supports channel binding for...
DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs
DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs Eric Conrad, Backshore Communications, LLC deepblue at backshore dot net Twitter: @ericconrad http://ericconrad.com Sample evtx files are in the .\evtx directory Usage: .\DeepBlue.ps1 See the Set-ExecutionPolicy Readme if...
eDEX-UI - A Cross-Platform, Customizable Science Fiction Terminal Emulator With Advanced Monitoring &Touchscreen Support
eDEX-UI is a fullscreen, cross-platform terminal emulator and system monitor that looks and feels like a sci-fi computer interface. Heavily inspired from the TRON Legacy movie effects especially the Board Room sequence, the eDEX-UI project was originally meant to be "DEX-UI with less « art » and...
Exe_To_Dll - Converts A EXE Into DLL
Converts an EXE, so that it can be loaded like a DLL. Supports both 32 and 64 bit DLLs Inspired by the idea of@guywhataguy. Read more here. Download: Fresh builds can be downloaded from the build server click on the build and choose the "Artifacts" tab Clone: Use recursive clone to get the repo...
Project iKy v2.6.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...
wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX
wxHexEditor is another Free Hex Editor, build because there is no good hex editor for Linux system, specially for big files. Low Level Data Recovery with wxHexEditor wxHexEditor is not an ordinary hex editor, but could work as low level disk editor too. If you have problems with your HDD or...
Privacy Badger - A Browser Extension That Automatically Learns To Block Invisible Trackers
Privacy Badger is a browser extension that automatically learns to block invisible trackers. Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web. Privacy Badger sends the Do Not Track signal with your browsing...
Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind Chepy to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner. There are some key advantages and...
DrMITM - Program Designed To Globally Log All Traffic Of A Website
DrMITM is a program designed to globally log all traffic. How it works DrMITM sends a request to website and returns the IP of the website just in case the server of the website is designed to rely on the website IP for requests, and the request that goes to the website also ends up being sent to...
HouseProxy - HTTP proxy focused on block phishing URL's
Protect your parents from phishing, HTTP proxy focused on block phishing URL's Install git clone https://github.com/mthbernardes/HouseProxy.git cd HouseProxy/ pip install -r requeriments.txt Config Edit etc/HouseProxy.conf to change de default user and password Create a entry in your DNS to...
PRET - Printer Exploitation Toolkit
PRET is a new tool for printer security testing developed in the scope of a Master's Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript, PJL and PCL are supported which are spoken by most laser...
RouterSploit - Router Exploitation Framework
The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features v1.0.1- - Subdomain enumeration 2 engines +...
C2-Search-Netlas - Search For C2 Servers Based On Netlas
C2 Search Netlas is a Java utility designed to detect Command and Control C2 servers using the Netlas API. It provides a straightforward and user-friendly CLI interface for searching C2 servers, leveraging the Netlas API to gather data and process it locally. Usage To utilize this terminal utilit...
Poastal - The Email OSINT Tool
Poastal is an email OSINT tool that provides valuable information on any email address. With Poastal, you can easily input an email address and it will quickly answer several questions, providing you with crucial information. Features Determine the name of the person who has the email. Check if t...
Dumpulator - An Easy-To-Use Library For Emulating Memory Dumps. Useful For Malware Analysis (Config Extraction, Unpacking) And Dynamic Analysis In General (Sandboxing)
Note: This is a work-in-progress prototype, please treat it as such. Pull requests are welcome! You can get your feet wet withgood first issues An easy-to-use library for emulating code in minidump files. Here are some links to posts/videos using dumpulator: Introduction video with OALabs:...
VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing
The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...
Sentinel-Attack - Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel That Leverages Sysmon And MITRE ATT&CK
Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment. Overview Sentinel ATT&CK provides the...
PSPKIAudit - PowerShell toolkit for auditing Active Directory Certificate Services (AD CS)
PowerShell toolkit for auditing Active Directory Certificate Services AD CS. It is built on top of PKISolution's PSPKI toolkit Microsoft Public License. This repo contains a newer version of PSPKI than what's available in the PSGallery see the PSPKI directory. Vadims Podans the creator of PSPKI...
jwtXploiter - A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims kid, jku, x5u Verify a token Retrieve the public key of your target's ssl connection and try to use it in a key...
SharpLAPS - Retrieve LAPS Password From LDAP
The attribute ms-mcs-AdmPwd stores the clear-text LAPS password. This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. Require either: Account with ExtendedRight or Generic All Rights Domain Admin...
Rustcat - Netcat Alternative
About Rustcat is a port listener that can be used for different purposes. It is basically like netcat but with fewer options Why use Rustcat? Serves it purpose of listening to ports Has command history It is easy to use Supports udp Uses colors Installation Debian wget...
RAT-el - An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus...
ByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture
ByteDance-HIDS is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. ByteDance-HIDS comprises three major components: ByteDance-HIDS Agent, co-worked with ByteDance-HIDS Driver , is the...
Wonitor - Fast, Zero Config Web Endpoint Change Monitor
fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response body is stored on a local key/value store file. no configuration needed. to increase network throughput, a --worker flag allows to set the concurrency when monitoring...
Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
A JavaScript components vulnrability scanner, based on RetireJS. Why use JShole instead of RetireJS? By default, RetireJS only searches one page, but JShole tries to crawl all pages. How it works? Get Started Requirements requests Install git clone https://github.com/callforpapers-source/jshole.g...
Radare2 - Unix-Like Reverse Engineering Framework And Commandline Tools Security
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for analyzing binaries, disassembling code,...
BabySploit - BabySplot Beginner Pentesting Framework
Tested on Kali Linux. Should work with all Debian based distros and other ones if you have the right packages installed BabySploit is a penetration testing framework aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit. With a very easy to use UI and...
Swap Digger - Tool That Automates Swap Extraction And Searches For Linux User Credentials, Web Forms Credentials, Web Forms Emails, Http Basic Authentication, Wifi SSID And Keys, Etc
swapdigger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. Download and run the tool O...
WPHunter - Wordpress Vulnerability Scanner
You can use this tool on your wordpress website to check the security of your website by finding the vulnerability in your website. Over 75 million websites run on WordPress. which is now powers 26% of the Web. Remarkably enough thousands of WP sites are vulnerable to attacks and get hacked each...
PyStat - Advanced Netstat Using Python For Windows
PyStat is an Advanced Netstat Using Python For Windows. Features Know remote address of process Know remote ports of process Know which user using process along with title & PID Changelogs: Auto Install python modules support added in install.py Installation Guide: Download the .zip file Extract...
CANToolz aka YACHT (Yet Another Car Hacking Tool) - Framework for Black-Box CAN Network Analysis
CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MIT...