6011 matches found
Hardcodes - Find Hardcoded Strings From Source Code
hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it. Yes, it is designed to process any syntax and following languages are officially supported: ada,...
Harbian-Audit - Hardened Debian GNU/Linux Distro Auditing
Hardened Debian GNU/Linux and CentOS 8 distro auditing. The main test environment is in debian GNU/Linux 9/10 and CentOS 8, and other versions are not fully tested. There are no implementations of desktop and SELinux related items in this release. The code framework is based on the OVH-debian-cis...
How to Free Recover Deleted Files on Your Mac
There are many scenarios where you would want to recover deleted data from your Mac. These deleted files could be your important photos, official documents, financial records, etc. Loss of such data can cause you unnecessary emotional and financial harm. However, you can make use of data recovery...
Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m...
LinPwn - Interactive Post Exploitation Tool
LinPwn is a interactive tool created to assist you in post exploitation enumeration and privilege escalation. Connection Set your IP and port you want it to connect to in the Connection class. Place the LinPwn binary on the target machine. Run nc -lvp PORT on your machine and then run LinPwn on t...
Darling - Darwin/macOS Emulation Layer For Linux
Darling is a runtime environment for OS X applications. Please note that no GUI applications are supported at the moment. Download Darling uses many Git submodules, so a plain clone will not do. git clone --recurse-submodules https://github.com/darlinghq/darling.git Updating sources: git pull git...
Syhunt Community Hybrid Scanner v6.2
Syhunt Community is a hybrid static and dynamic web application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detaile...
Optiva Framework - Web Application Scanner
You can use this Framework on your website to check the security of your website by finding the vulnerability in your website or you can use this tool to Get admin panel search SQL injection by dork As well as collecting information and encrypting Hash. Features : Infromation Modules : Port Scann...
rbndr - Simple DNS Rebinding Service
rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl...
cmsPoc - A CMS Exploit Framework
A CMS Exploit Framework. Requirements python2.7 Works on Linux, Windows Usage usage: cmspoc.py -h -t TYPE -s SCRIPT -u URL optional arguments: -h, --help show this help message and exit -t TYPE, --type TYPE e.g.,phpcms -s SCRIPT, --script SCRIPT Select script -u URL, --url URL Input a target url...
Pharos - Static Binary Analysis Framework
The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National...
backdoorppt - transform your payload.exe into one fake word doc (.ppt)
backdoorppt - 'Office spoof extensions tool' Version release: v1.5-Stable Distros Supported: Linux Kali, Ubuntu, Mint Author: pedro ubuntu r00t-3xp10it Suspicious-Shell-Activity© SSA RedTeam develop @2017 Transform your payload.exe into one fake word doc .ppt Simple script that allow users to add...
BLACKBOx - A Penetration Testing Framework
Password Attacks: MD5 CRACKER SHA1 CRACKER SHA224 CRACKER SHA256 CRACKER SHA384 CRACKER SHA512 CRACKER MSSQL2000 CRACKER MSSQL2005 CRACKER MYSQL323 CRACKER MYSQL41 CRACKER ORACLE11 CRACKER Web Hacking : Wordpress Bruteforce – Bruteforce wordpress panel FTP Bruteforce – Bruteforcing FTP LOGIN SSH...
Wifresti - Find your wireless network password from Windows, Linux and Mac OS
Find your wireless network password from Windows , Linux and Mac OS. Wifresti is a simple Wi-Fi password recovery tool , compatible with Windows , and Unix systems Linux , Mac OS. Features Recover Wifi password on Windows Recover Wifi password on Unix Requirements An operating system tested on...
SQLiPy - Plugin for Burp Suite that integrates SQLMap using the SQLMap API
SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API. SQLMap comes with a RESTful based server that will execute SQLMap scans. This plugin can start the API for you or connect to an already running API to perform a scan. Requirements Jython 2.7 beta, due to the use...
[Web-Sorrow v1.5] Versatile security scanner for the information disclosure and fingerprinting phases of pentesting
Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any...
EmploLeaks - Finding Leaked Employees Info for the Win
Developed by Faraday security researchers, this cutting-edge tool utilizes the power of OpenSource Intelligence techniques. EmploLeaks extracts valuable insights by scouring various platforms, to compile a comprehensive list of employees associated with a given company and cross-reference these...
DoSinator - A Powerful Denial Of Service (DoS) Testing Tool
DoSinator is a versatile Denial of Service DoS testing tool developed in Python. It empowers security professionals and researchers to simulate various types of DoS attacks, allowing them to assess the resilience of networks, systems, and applications against potential cyber threats. Features...
Leaktopus - Keep Your Source Code Under Control
Keep your source code under control. Key Features Plug &Play - one line installation with Docker. Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com. Currently supports: GitHub Repositories Gists coming soon Paste sites e.g., PasteBin coming soon Filter results with a...
Octopii - An AI-powered Personal Identifiable Information (PII) Scanner
Octopii is an open-source AI-powered Personal Identifiable Information PII scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory. Working Octopii uses Tesseract's Optical Character Recognition OCR and Keras' Convolutional Neural Networks CN...
MailRipV2 - Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features
Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support SOCKS4 / SOCKS5 with automatic proxy-scraper and checker, e-mail delivery / inbox check and DNS lookup for unknown SMTP-hosts. Made for easy usage and always working! Overview Legal Notices You are ONL...
ODBParser - OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing
ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenance OR to query databases you have permission to access! PLEASE USE RESPONSIBLY What is this? Wrote this as wanted to create...
AlanFramework - A Post-Exploitation Framework
Alan Framework is a post-exploitation framework useful during red-team activities. If you find my tool useful, please consider tosponsor me. Sponsored users have access to early releases and non public content. You can download the binary from:...
Cariddi - Take A List Of Domains, Crawl Urls And Scan For Endpoints, Secrets, Api Keys, File Extensions, Tokens And More...
Take a list of domains, crawl urls andscan for endpoints, secrets, api keys, file extensions, tokens and more... Preview Installation You need Go. Linux git clone https://github.com/edoardottt/cariddi.git cd cariddi go get make linux to install make unlinux to uninstall Or in one line: git clone...
UAC - Unix-like Artifacts Collector
UAC is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts. It respects the order of volatility and artifacts that are changed during the execution. It was created to facilitate and speed up data...
Netmap.Js - Fast Browser-Based Network Discovery Module
Fast browser-based network discovery module Description netmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website visitors' networks. It's quite fast, making use of es6-promise-pool to efficiently run the maximum number of concurrent connections...
DLLHSC - DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking
DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking Contents of this repository This repository hosts the Visual Studio project file for the tool DLLHSC, the project file for the API hooking functionality detour, the project file f...
Tritium - Password Spraying Framework
A tool to enumerate and spray valid Active Directory accounts through Kerberos Pre-Authentication. Background Although many Kerberos password spraying tools currently exist on the market, I found it difficult to find tools with the following built-in functionality: The ability to prevent users fr...
WSMan-WinRM - A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object
A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes...
Polypyus - Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries
Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that are complex to disassemble and where common tools miss functions...
SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS
SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel...
Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH
As far as I know, sshuttle is the only program that solves the following common case: Your client machine or router is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh. You don't necessarily have admin access on the remote network. The remote network has no VPN, or only...
PostShell - Post Exploitation Bind/Backconnect Shell
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell allows...
IP Obfuscator - Simple Tool To Convert An IP Into Integer, Hexadecimal Or Octal Form
IP Obfuscator is a simple tool written in python to convert an IP into different obfuscated forms. This tool will help you to obfuscate host addresses into integer, hexadecimal or octal form. What is Obfuscation? "In software development, obfuscation is the deliberate act of creating source or...
badKarma - Advanced Network Reconnaissance Toolkit
badKarma is a python3 GTK+ network infrastructure penetration testing toolkit. badKarma aim to help the tester in all the penetration testing phases information gathering, vulnerability assessment,exploitation,post-exploitation and reporting. It allow the tester to save time by having...
NtlmRelayToEWS - Ntlm Relay Attack To Exchange Web Services
ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services EWS. It spawns an SMBListener on port 445 and an HTTPListener on port 80, waiting for incoming connection from the victim. Once the victim connects to one of the listeners, an NTLM negociation occurs and is relaye...
Yamot - Yet Another MOnitoring Tool
yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...
Hijacker v1.4 - All-in-One Wi-Fi Cracking Tools for Android
Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng , Airodump-ng , MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with a...
WSSAT - Web Service Security Assessment Tool
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...
probeSniffer - A Tool for Sniffing Unencrypted Wireless Probe Requests from Devices
| | \ / | \ / / | | | | |/ | \ | o | D | | o / | || || | / | D | /| /| O | | \ | | || || | | || | / | | | | | O | / \ | | || || | | | \ | | | . | | | \ | | || || | | | | | . \ || |||/|||||||| || |||| v2.1 by David SchĂźtz @xdavidhu A tool for sniffing unencrypted wireless probe requests...
shARP - anti-ARP-spoofing application software and uses active scanning method to detect any ARP-spoofing incidents
ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.Our anti- ARP spoofing program, shARP detects the...
Telegram BBBot - Telegram Bug Bounty Bot
Telegram Bug Bounty Bot https://telegram.me/bugbountychannel History This bot adopted special for deploying to Heroku General purposes of this got - "Be helpful for infosec community!" Bot use https://github.com/maddevsio/bbcrawler for fetching information Used heroku...
Whonix v11 - Anonymous Operating System
Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. Whonix consists of two parts: One...
Onionshare - Securely and anonymously share a file of any size
OnionShare lets you securely and anonymously share a file of any size with someone. It works by starting a web server, making it accessible as a Tor hidden service, and generating an unguessable URL access and download the file. It doesn't require setting up a server on the internet somewhere or...
[Facebook Password Decryptor v5.0] Facebook Password Recovery Software
Facebook Password Decryptor is the FREE software to instantly recover Facebook account passwords stored by popular Web Browsers and Messengers. It is one of our most popular software with over One Million downloads worldwide. It supports recovering of the stored Facebook login password from most ...
[HoneyDrive Desktop v0.2] Honeypot LiveCD
HoneyDrive is a virtual appliance OVA with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more...
[MASTIFF2HTML] Static Analysis Framework Results Viewer
MASTIFF2HTML is a python program that is used to create a GUI results interface in HTML from MASTIFF results. Download the python program at: https://github.com/1aN0rmus/TekDefense/blob/master/MASTIFF2HTML.py MASTIFF is an automated static malware analysis framework. Learn more about MASTIFF at:...
Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers
Description Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver Model WDM drivers. In a comprehensi...
Huntr-Com-Bug-Bounties-Collector - Keep Watching New Bug Bounty (Vulnerability) Postings
New bug bountyvulnerabilities collector Requirements Chrome with GUI If you encounter trouble with script execution, check the status of VMs GPU features, if available. Chrome WebDriver Preview python3 main.py 2024-02-20 16:14:47.836189 1. Arbitrary File Reading due to Lack of Input Filepath...
SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers
SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners,...