6011 matches found
[WebSploit] Framework 2.0.3 with Wifi Jammer
WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability. WebSploit Is An Open Source Project For : Social Engineering Works Scan,Crawler & Analysis Web Automatic Exploiter Support Network Attacks +Autopwn - Used From Metasploit For Scan and Exploit Target Servic...
CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Firewall Manager API Project Installation Follow these steps to set up and run the API project: 1. Clone the Repository git clone https://github.com/adriyansyah-mf/CentralizedFirewall cd CentralizedFirewall 2. Edit the .env File Update the environment variables in .env according to your...
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line
LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA.... and LOLSpoof will ensure that the process creation telemetry...
BugChecker - SoftICE-like Kernel Debugger For Windows 11
Introduction BugChecker is a SoftICE-like kernel and user debugger for Windows 11 and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64. BugChecker doesn't require a second machine to be connected to the system being debugged, like in the case of WinDbg and KD. This...
PacketStreamer - Distributed Tcpdump For Cloud Native Environments
Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...
PyShell - Multiplatform Python WebShell
PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating syste...
Shellcode-Encryptor - A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus
A simple shell code encryptor/decryptor/executor to bypass anti virus. Note: I have completely redone the work flow for creating the bypass, I have found injecting the binary into memory using PowerShell as the most effective method. Purpose To generate a .Net binary containing base64 encoded, AE...
Etl-Parser - Event Trace Log File Parser In Pure Python
Event Trace Log file reader in pure Python etl-parser is a pure Python 3 parser library for ETL Windows log files. ETL is the default format for ETW as well as the default format for the Kernel logger. etl-parser has no system dependencies, and will work well on both Windows and Linux. Since this...
Web-Hacking-Toolkit - A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support
A multi-platform web hacking toolkit Docker image with Graphical User Interface GUI support. Installation Docker Pull the image from Docker Hub: docker pull signedsecurity/web-hacking-toolkit Run a container and attach a shell: docker run --rm -it --name web-hacking-toolkit...
Totp-Ssh-Fluxer - Take Security By Obscurity To The Next Level (This Is A Bad Idea, Don'T Really Use This Please)
Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of security through obscurity it does work very well at killing a lot of the automated logins you always see in /var/log/auth.log...
Gitlab-Watchman - Monitoring GitLab For Sensitive Data Shared Publicly
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and...
Kenzer - Automated Web Assets Enumeration And Scanning
Automated Web Assets Enumeration & Scanning Instructions for running 1. Create an account on Zulip 2. Navigate to Settings Your Bots Add a new bot 3. Create a new generic bot named kenzer 4. Add all the configurations in configs/kenzer.conf 5. Install/Run using - ./install.sh -b if you need...
Sploit - Go Package That Aids In Binary Analysis And Exploitation
Sploit is a Go package that aids in binary analysis and exploitation. The motivating factor behind the development of sploit is to be able to have a well designed API with functionality that rivals some of the more common Python exploit development frameworks while taking advantage of the Go...
Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan Documentation: https://docs.accurics.com Discuss: https://community.accurics.com Features 500+ Policies for...
GG-AESY - Hide Cool Stuff In Images
Blogpost: https://redteamer.tips/introducing-gg-aesy-a-stegocryptor/ WARNING: you might need to restore NuGet packages and restart visual studio before compiling. If anyone knows how I can get rid of this problem, DM me. Manual To start off, I highly recommend to always use GG-AESY using verbose...
C41N - An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points, and Evil Twin attacks. c41n sets up an access point with user defined characteristics interface, name and channel for the access point, sets up DHCP server for the access...
Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...
Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...
RapidScan - The Multi-Tool Web Vulnerability Scanner
Evolution: It is quite a fuss for a pentester to perform binge-tool-scanning running security scanning tools one after the other sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program...
EagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search
Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search. This only works if theirFacebook Profile is public What does this do? In simple words you have at least one Image of the Person you are looking for and a clue about its name. You fe...
Eternal Check - Ip Vulnerability Check To Eternal Blue, Romance, Synergy & Champion
Ip Vulnerability Check To Eternal Blue, Romance, Synergy & Champion: Eternal Check Eternal Check verifies if an ip is vulnerable to the smb vulnerabilities Eternal Blue Eternal Romance Eternal champion Eternal synergy Screenshots Eternal Check Running Video Requirements nmap winbind wine32 wget...
Recon-ng - Full-Featured Web Reconnaissance Framework
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...
CMSsc4n v2.0 - Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop
Tool to identify if a domain has got a CMS and determine his version. At the moment, CMSs supported by CMSsc4n are WordPress, Moodle, Joomla, Drupal and Prestashop. Instalation You can download the latest version of CMSmap by cloning the GitHub repository: git clone...
ReconDog - An All In One Tool For All Your Basic Information Gathering Needs
Recon Dog is an all in one tool for all your basic information gathering needs. It uses APIs to gather all the information so your identity is not exposed. Downloading and running Recon Dog Enter the following command in the terminal to download it git clone...
sharkPy - NSA Tool to Dissect, Analyze, and Interact with Network Packet Data using Wireshark and libpcap capabilities
A python module to dissect, analyze, and interact with network packet data as native Python objects using Wireshark and libpcap capabilities. sharkPy dissect modules extend and otherwise modify Wireshark's tshark. SharkPy packet injection and pcap file writing modules wrap useful libpcap...
Lynis 2.5.0 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
BruteXSS - Tool to find XSS vulnerabilities in web application
BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience. This tool is developed in Python, so obviously cross platform, you just need Python...
MPC - Msfvenom Payload Creator
Msfvenom Payload Creator MPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MPC itself...
USBPcap - USB Packet capture for Windows (open-source USB Sniffer for Windows)
USBPcap is an open-source USB sniffer for Windows. USB Packet capture for Windows Tour Download USBPcap...
BackdoorFactory - Patch PE (x86/x64) and ELF (x86/x64 and ARM LE x32) binaries with shellcode
Patch win86/64 PE and linux86/64 binaries with shellcode. The goal of The Backdoor Factory is to patch executable binaries with user desired shellcode and continue normal execution of the binary prepatched state. Under a BSD 3 Clause License. This is done by either appending a code cave or using...
Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process
RemoteDLL is the simple tool to Inject DLL or Remove DLL from Remote Process. It is based on popular Dll Injection technique. It supports following DLL Injection methods CreateRemoteThread NtCreateThread Good for DLL Injection across sessions on Vista/Windows 7 QueueUseAPC Delayed Injection...
Shodan Plugin for Chrome
The Shodan plugin tells you where the website is hosted country, city, who owns the IP and what other services/ ports are open. The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual...
[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities
The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques...
[BTCrack v1.1] The worlds first Bluetooth Pass phrase (PIN) Bruteforce Tool
BTCrack is the worlds first Bluetooth Pass phrase PIN bruteforce tool, BTCrack will bruteforce the Passkey and the Link key from captured pairing exchanges. BTcrack was demoed and realeased at Hack.lu 2007 and 23C3 in Berlin, the video of the presentation is available on Google Video . To capture...
[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager Log...
[DEFT 7.2] Computer Forensic live system
DEFT 7.2 released its last 32bit release but we will support bugfix until 2020. DEFT is a new concept of Computer Forensic live system that uses LXDE as desktop environment and thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an...
Bytesrevealer - Online Reverse Enginerring Viewer
Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...
OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer
Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your server logs. Stay ahead of potential threats with features that include: Features 1. Attac...
Raven - CI/CD Security Analyzer
RAVEN Risk Analysis andVulnerability Enumeration for CI/CD is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to identify...
Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator
Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...
Spoofy - Program That Checks If A List Of Domains Can Be Spoofed Based On SPF And DMARC Records
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records. You may be asking, "Why do we need another tool that can check if a domain can be spoofed?" Well, Spoofy is different and here is why: 1. Authoritative lookups on all lookups with known fallback...
PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...
Kubei - A Flexible Kubernetes Runtime Scanner
Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster, including images of application pods and system pods. It doesn’t scan the entire image...
Seekr - A Multi-Purpose OSINT Toolkit With A Neat Web-Interface
A multi-purpose toolkit for gathering and managing OSINT-Data with a neat web-interface. Introduction Seekr is a multi-purpose toolkit for gathering and managing OSINT-data with a sleek web interface. The backend is written in Go and offers a wide range of features for data collection,...
Cicd-Goat - A Deliberately Vulnerable CI/CD Environment
Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags. Created by Cider Security. Description The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full blown CI/...
Whids - Open Source EDR For Windows
What EDR with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by "artifact collection driven by detection" ? It means that an alert can directly trigger...
GodGenesis - A Python3 Based C2 Server To Make Life Of Red Teamer A Bit Easier. The Payload Is Capable To Bypass All The Known Antiviruses And Endpoints
God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently It only supports TCP reverse shell but wait a min, its a FUD and can give u admin shell from any targeted WINDOWS Machine. The List Of Commands It Supports :-...
RPCMon - RPC Monitor Tool Based On Event Tracing For Windows
A GUI tool for scanning RPC communication through Event Tracing for Windows ETW. The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. I...
VLANPWN - VLAN Attacks Toolkit
VLAN attacks toolkit DoubleTagging.py - This tool is designed to carry out a VLAN Hopping attack. As a result of injection of a frame with two 802.1Q tags, a test ICMP request will also be sent. DTPHijacking.py - A script for conducting a DTP Switch Spoofing/Hijacking attack. Sends a malicious...
Gshell - A Flexible And Scalable Cross-Plaform Shell Generator Tool
A simple yet flexible cross-platform shell generator tool. Name: GGreat Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. If you find this tool helpful, then please give me a...