6011 matches found
LightBulb Framework - Tools For Auditing WAFS
LightBulb is an open source python framework for auditing web application firewalls and filters. Synopsis The framework consists of two main algorithms: GOFA : An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active...
Noisy - Simple Random DNS, HTTP/S Internet Traffic Noise Generator
A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity. Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable wit...
Autocrack - Hashcat Wrapper To Help Automate The Cracking Process
This python script is a Hashcat https://hashcat.net wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses...
dorkbot - Scan Google Search Results for Vulnerabilities
dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules: Indexers - modules that issue a search query and return the results as targets...
ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors...
Telegram BBBot - Telegram Bug Bounty Bot
Telegram Bug Bounty Bot https://telegram.me/bugbountychannel History This bot adopted special for deploying to Heroku General purposes of this got - "Be helpful for infosec community!" Bot use https://github.com/maddevsio/bbcrawler for fetching information Used heroku...
Wifi-Dumper - Tool To Dump The Wifi Profiles And Cleartext Passwords Of The Connected Access Points On The Windows Machine
This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements. Features Option 1: Shows t...
[Password Sniffer Spy v2.0] Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords
Password Sniffer Spy is the all-in-one Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of supported protocols, HTTP...
[Hashcat v0.46] Multi-Threaded Password Hash Cracking Tool
hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing like CUDA-Multiforcer, it is still pretty fast. hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting...
Huntr-Com-Bug-Bounties-Collector - Keep Watching New Bug Bounty (Vulnerability) Postings
New bug bountyvulnerabilities collector Requirements Chrome with GUI If you encounter trouble with script execution, check the status of VMs GPU features, if available. Chrome WebDriver Preview python3 main.py 2024-02-20 16:14:47.836189 1. Arbitrary File Reading due to Lack of Input Filepath...
Airgorah - A WiFi Auditing Software That Can Perform Deauth Attacks And Passwords Cracking
Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack the password of the access point. It is written in Rust and uses GTK4 fo...
Appshark - Static Taint Analysis Platform To Scan Vulnerabilities In An Android App
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK -- JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue. Building/Compiling...
Cloudfox - Automating Situational Awareness For Cloud Penetration Tests
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...
SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon
/ // \ / \ \ / / / / / / / / / / / / \ | / / / / / / // / // / / / / / / // / // // / |/ / / / ///// // ///////|/// A easy-to-use python tool to perform dns recon with multiple options Installation: It can be installed in any OS with python3 Manual installation git clone...
Grafiki - Threat Hunting Tool About Sysmon And Graphs
Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugg...
Haklistgen - Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing
Turns any junk text into a usable wordlist for brute-forcing. Installation go install github.com/hakluke/haklistgen@latest Usage Examples Scrape all words out of an HTTP response to build a directory bruteforce wordlist: curl https://wikipedia.org | haklistgen Pipe a list of subdomains to it to...
Security Scorecards - Security Health Metrics For Open Source
Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...
MurMurHash - Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? MurmurHash is a non-cryptographic hash function suitable for general hash-based lookup. The name comes from two basic operations, multiply MU and rotate R, used i...
Traitor - Automatic Linux Privesc Via Exploitation Of Low-Hanging Fruit E.G. GTFOBin
Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities including most of GTFOBins in order to pop a root shell. It'll exploit most sudo privileges listed in...
NtHiM - Super Fast Sub-domain Takeover Detection
NtHiM - Super Fast Sub-domain Takeover Detection Installation Method 1: Using Pre-compiled Binaries The pre-compiled binaries for different systems are available in the Releases page. You can download the one suitable for your system, unzip the file and start using NtHiM. Method 2: Using Crates.i...
cve_manager_VS - A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule
A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product...
Mail-Swipe - Script To Create Temporary Email Addresses And Receive Emails
Mail Swipe is a python script that helps you to create temporary email addresses and receive emails at that address. It uses the API provided by 1secmail to create emails addresses and fetch emails. You can either generate your own email address or you can generate a random email address using th...
EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...
Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../ install : sudo pip3 install -r requirements.txt EvilNet Attack Network Scan Network Wifi Attack !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfriWP5PH79tY6f...
Impost3r - A Linux Password Thief
Impost3r is a tool that aim to steal many kinds of linux passwordsincluding ssh,su,sudo written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD This tool is limited to security research and teaching, and the user bears all legal and related responsibilities...
Scavenger - Is A Multi-Threaded Post-Exploitation Scanning Tool For Scavenging Systems, Finding Most Frequently Used Files And Folders As Well As "Interesting" Files Containing Sensitive Information
scavenger : is a multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as "interesting" files containing sensitive information. Problem Definition: Scavenger confronts a challenging issue typically faced by Penetration Testin...
Trape v2.0 - People Tracker On The Internet: OSINT Analysis And Research Tool
Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their...
Put2Win - Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter
Script to automatize shell upload by PUT HTTP method to get meterpreter. Dependencies It's necessary to have installed nmap and msfvenom tools for a correct operation Installation git clone https://github.com/sysdevploit/put2win Usage ./Put2win.sh -h This script automatize shell upload by PUT HTT...
BillCipher - Information Gathering Tool For A Website Or IP Address
Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. Features DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Ho...
AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets
AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to...
Lynis 2.5.2 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
shARP - anti-ARP-spoofing application software and uses active scanning method to detect any ARP-spoofing incidents
ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.Our anti- ARP spoofing program, shARP detects the...
FalconGate - A smart gateway to stop hackers and Malware attacks
A smart gateway to stop hackers, Malware and more... Motivation Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new...
Scansploit - Tool for Injecting Malicious Payloads Into Barcodes (code128, QRCodes, DataMatrix and EAN13)
Tool for Injecting Malicious Payloads Into Barcodes Barcodes code128 QRCodes DataMatrix EAN13 Requirements Python3 PyStrich pip3 install pystrich Incase of jpeg error: sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk Pillow pip3...
[REMnux] A Linux Distribution for Malware Analysis
REMnux incorporates a number of tools for analyzing malicious executables that run on Microsoft Windows, as well as browser-based malware, such as Flash programs and obfuscated JavaScript. This popular toolkit includes programs for analyzing malicious documents, such PDF files, and utilities for...
[HoneyDrive Desktop v0.2] Honeypot LiveCD
HoneyDrive is a virtual appliance OVA with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more...
Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Web Shell Client Description & Demo Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell. In the case the above video does not works for...
BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!
A proof-of-concept User-Defined Reflective Loader UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin | @s4ntiago...
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one o...
Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...
Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking
This tool compilation is carefully crafted with the purpose of being useful both for the beginners and veterans from the malware analysis world. It has also proven useful for people trying their luck at the cracking underworld. It's the ideal complement to be used with the manuals from the site,...
LTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper
LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel PDCCH to obtain the Downlink Control Informations DCIs and Radio Network Temporary Identifiers RNTIs of all active users. Using decoded DCIs and RNTIs, LTESniffer further decodes t...
NetworkAssessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor
The Network Compromise Assessment Tool is designed to analyze pcap files to detect potential suspicious network traffic. This tool focuses on spotting abnormal activities in the network traffic and searching for suspicious keywords. DNS Tunneling Detection : Identifies potential covert...
BugChecker - SoftICE-like Kernel Debugger For Windows 11
Introduction BugChecker is a SoftICE-like kernel and user debugger for Windows 11 and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64. BugChecker doesn't require a second machine to be connected to the system being debugged, like in the case of WinDbg and KD. This...
HardHatC2 - A C# Command And Control Framework
A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...
Burp-Dom-Scanner - Burp Suite's Extension To Scan And Crawl Single Page Applications
It's a Burp Suite's extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based XSS. It can also collect all the requests XHR, fetch, websockets, etc issued during the crawling allowing them to be forwarded to...
Pyramid - A Tool To Help Operate In EDRs' Blind Spots
What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. This can be achieved because: 1. the Pytho...
Pinecone - A WLAN Red Team Framework
Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for...
PacketStreamer - Distributed Tcpdump For Cloud Native Environments
Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...
CVE-Tracker - With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs
With the help of this automated script, you will never lose track of newly released CVEs. What does this powershell script do is exactly running the Microsoft Edge at system startup, navigate to 2 URLs ,and then put the browser in to full screen mode. As ethical hackers, it's vital that we keep...
Voltron - A Hacky Debugger UI For Hackers
Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers LLDB, GDB, VDB and WinDbg by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you ca...