6011 matches found
SADProtocol goes to Hollywood
.png Faraday’s researchers Javier Aguinaga and Octavio Gianatiempo have investigated on IP cameras and two high severity vulnerabilities. This research project began when Aguinaga's wife, a former Research leader at Faraday Security, informed him that their IP camera had stopped working. Although...
FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...
Mellon - OSDP Attack Tool
OSDP attack tool and the Elvish word for friend Attack 1: Encryption is Optional OSDP supports, but doesn't strictly require , encryption. So your connection might not even be encrypted at all. Attack 1 is just to passively listen and see if you can read the card numbers on the wire. Attack 2:...
Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework
What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. The Long Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating...
PartyLoud - A Simple Tool To Generate Fake Web Browsing And Mitigate Tracking
PartyLoud is a highly configurable and straightforward free tool that helps you prevent tracking directly from your linux terminal, no special skills required. Once started, you can forget it is running. It provides several flags; each flag lets you customize your experience and change PartyLoud...
Cloudfox - Automating Situational Awareness For Cloud Penetration Tests
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...
Trufflehog - Find Credentials All Over The Place
TruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us https://join.slack.com/t/trufflehog-community/sharedinvite/zt-pw2qbi43-Aa86hkiimstfdKH9UCpPzQ Demo docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github...
PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities
PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...
Osinteye - Username Enumeration And Reconnaisance Suite
Username Enumeration And Reconnaisance Suite Supported sites PyPI Github TestPypi About.me Instagram DockerHub Installation Clone project: $ git clone https://github.com/rly0nheart/osinteye.git $ cd osinteye $ pip install -r requirements.txt Usage $ python osinteye --SITENAME USERNAME Or give...
KNX-Bus-Dump - A Tool To Listen On A KNX Bus Via TPUART And The Calimero Project Suite And To Dump The Data From The Packets Into A Wireshark-Compatible File Hex Dump
KNX is a popular building automation protocol and is used to interconnect sensors, actuators and other components of a smart building together. Our KNX Bus Dump tool uses the Calimero java library, which we contributed to for the sake of this tool, to record the telegrams sent over a KNX bus...
pwnSpoof - Generates realistic spoofed log files for common web servers with customisable attack scenarios
pwnSpoof from Punk Security generates realistic spoofed log files for common web servers with customisable attack scenarios. Every log bundle is unique and completely customisable, making it perfect for generating CTF scenarios and for training serials. Can you find the attacker session and build...
BatchQL - GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however n...
Process-Dump - Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis
Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject...
AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool For Visualizing Python Package Registry Security Audit Data
AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index PyPI via Aura, a static analysis designed for large scale security auditing of Python packages. The...
Domhttpx - A Google Search Engine Dorker With HTTP Toolkit Built With Python, Can Make It Easier For You To Find Many URLs/IPs At Once With Fast Time
domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time. Usage Flags This will display help for the tool. Here are all the switches it supports. Flag | Description | Example ---|---|--- -ip, --only-ip |...
Salus - Security Scanner Coordinator
Salus Security Automation as a Lightweight Universal Scanner, named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide...
Duplicut - Remove Duplicates From MASSIVE Wordlist, Without Sorting It (For Dictionary-Based Password Cracking)
Quickly dedupe massive wordlists, without changing the order Created by nil0x42 and contributors Overview Modern password wordlist creation usually implies concatenating multiple data sources. Ideally, most probable passwords should stand at start of the wordlist, so most common passwords are...
Posta - Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites Google Chrome / Chromium Node.js option...
Kali Linux 2021.1 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2021.1. This release has various impressive updates. The summary of the changelog since the 2020.4 release from November 2020 is: Xfce 4.16 - Our preferred and current default desktop environment has been updated and tweaked KDE 5.20 - Plasma also...
GRecon - Your Google Recon Is Now Automated
GRecon Greei-Conn is a simple python tool that automates the process of Google Based Recon AKA Google Dorking The current Version 1.0 Run 7 Search Queries 7 Micro-Plugins on the spicified Target Providing Awsome Results Current Version Run Google Search Queries to find : Subdomains Sub-Subdomains...
Invoke-Antivm - Powershell Tool For VM Evasion
Invoke-AntiVM is a set of modules to perform VM detection and fingerprinting with exfiltration via Powershell. Compatibility Run the script check-compatibility.ps1 to check what modules or functions are compatibile with the powershell version. Our goal is to achieve compatibility from 2.0 but we...
APICheck - The DevSecOps Toolset For REST APIs
APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: Developers...
Gitjacker - Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only...
NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode...
GRAT2 - Command And Control (C2) Project For Learning Purpose
GRAT2 is a Command and Control C2 tool written in python3 and the client in .NET 4.0. The main idea came from Georgios Koumettou who initiated the project. Why we developed GRAT2 ? We are aware that there are numerous C2 tools out there but, we developed this tool due to curiosity of how C2 and...
Faraday v3.12 - Collaborative Penetration Test and Vulnerability Management Platform
There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place, This update is focused on improving your everyday...
LOLBITS v2.0.0 - C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service BITS to establish the communication channel between the compromised host and the backend. The C2 backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP...
Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom right now is perfect for teams as small as one person, without costing you much at all to run. And by not much to run at all, I mean, less than 5 bucks a month if you use...
FinalRecon - The Last Web Recon Tool You'll Need
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...
Tails 4.5 - Live System to Preserve Your Privacy and Anonymity
The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot. This release also fixes many security vulnerabilities. You should upgrade as soon as possible. New features Secure Boot Tails now starts on computers with Secure Boot enabled. If your Mac displays the...
CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations including some additions below, it really shines when used at the scale of a large network. At the core of it, you provide it a list of...
Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
AntiSpy is a free but powerful anti virus and rootkits toolkit. It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks. With its assistance,you can easily spot and neutralize malwares hidden from normal detectors. Developme...
Kbd-Audio - Tools For Capturing And Analysing Keyboard Input Paired With Microphone Capture
This is a collection of command-line and GUI tools for capturing and analyzing audio data. The most interesting tool is called keytap - it can guess pressed keyboard keys only by analyzing the audio captured from the computer's microphone. Build instructions Dependencies: SDL2 - used to capture...
KismetMobileDashboard - Mobile UI For Kismet
Prerequisite: git-master level kismet. https://github.com/kismetwireless/kismet 1.Installation. git clone into the kismet git. "/home/whatever/kismet" wiPi@YoMama:/kismet cd /kismet wiPi@YoMama:git clone https://github.com/elkentaro/KismetMobileDashboard.git cd into kismetmobiledashboard sudo mak...
Hijacker v1.5 - All-in-One Wi-Fi Cracking Tools for Android
Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with an intern...
InSpy - A Linkedin Enumeration Tool
InSpy is a python based LinkedIn enumeration tool. Inspy has two functionalities: TechSpy and EmpSpy. TechSpy - Crawls LinkedIn job listings for technlogoies used by the provided company. InSpy attempts to identify technologies by matching job descriptions to keywords from a new line delimited...
dorkbot - Scan Google Search Results for Vulnerabilities
dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules: Indexers - modules that issue a search query and return the results as targets...
Lynis 2.5.2 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
THC-Hydra 8.2 - Network Logon Cracker
A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...
IVRE - A Python network recon framework, based on Nmap, Bro & p0f
IVRE Instrument de veille sur les réseaux extérieurs or DRUNK Dynamic Recon of UNKnown networks is a network recon framework, including two modules for passive recon one p0f-based and one Bro-based and one module for active recon mostly Nmap-based, with a bit of ZMap. The advertising slogans are:...
Web Security Dojo - Training Environment for Web Application Security Penetration Testing
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the...
Pixiewps - Bruteforce Offline the WPS Pin (Pixie Dust Attack)
Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack. It is meant for educational purposes only. All credits for the research go to Dominique Bongard. DEPENDENCIES Pixiewps requires libssl. To install it:...
[Hashcat v0.46] Multi-Threaded Password Hash Cracking Tool
hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing like CUDA-Multiforcer, it is still pretty fast. hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting...
[WiFi Password Dump] Command-line Tool to Recover Wireless Passwords
WiFi Password Dump is the free command-line tool to quickly recover all the Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/Passwords WEP/WPA/WPA2 etc stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displa...
[SPF v0.1.7] Smartphone Pentest Framework - Support of the SMS shell pivot
The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gatherin...
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ; wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note that...
Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...
Mass-Bruter - Mass Bruteforce Network Protocols
Mass bruteforce network protocols Info Simple personal script to quickly mass bruteforce common services in a large scale of network. It will check for default credentials on ftp, ssh, mysql, mssql...etc. This was made for authorized red team penetration testing purpose only. How it works 1. Use...
Kali Linux 2022.4 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.4. This release has various impressive updates. A summary of the changelog since August’s 2022.3 release: Microsoft Azure - We are back on the Microsoft Azure store More Platforms - Generic Cloud, QEMU VM image & Vagrant libvirt Social...
Appshark - Static Taint Analysis Platform To Scan Vulnerabilities In An Android App
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK -- JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue. Building/Compiling...