6011 matches found
SwiftyInsta - Instagram Unofficial Private API Swift
Instagram offers two kinds of APIs to developers. The Instagram API Platform extremely limited in functionality and close to being discontinued, and the Instagram Graph API for Business and Creator accounts only. However, Instagram apps rely on a third type of API , the so-called Private API or...
PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)
PwnedPasswordsChecker is a tool that checks if the hash of a known password in SHA1 or NTLM format is present in the list of I Have Been Pwned leaks and the number of occurrences. You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here Once the list is...
Zin - A Payload Injector For Bugbounties Written In Go
APayload Injector for bugbounties written in go Features Inject multiple payloads into all parameters Inject single payloads into all parameters Saves responses into output folder Displays Status Code & Response Length Can grep for patterns in the response Really fast Easy to setup Install $ go g...
DropEngine - Malleable Payloads!
By @s0lst1c3 Disclaimer DropEngine the "Software" and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied, and hereby disclaims all implied warranties, including any warranty of merchantability and warranty of fitness for a particular purpose...
Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduce...
Formphish - Auto Phishing Form-Based Websites
Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page. Features: Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer: Usage of Formphish for attacking targets without prior mutual consent is illegal...
ACHE - A Web Crawler For Domain-Specific Search
ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant...
habu - Network Hacking Toolkit
Habu is to teach and learn some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the...
DAVScan - Fingerprints servers, finds exploits, scans WebDAV
DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities...
osquery - SQL powered operating system instrumentation, monitoring, and analytics
osquery is an operating system instrumentation framework for OS X and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Platform | Build status | | | ---|---|---|---|--- OS X 10.9 | | | Homepage: | https://osquery.io OS X 10.10/11 | | |...
pi-hole - A Black Hole For Internet Advertisements (Designed For Raspberry Pi)
A black hole for Internet advertisements designed for Raspberry Pi Designed For Raspberry Pi A+, B, B+, 2, Zero, and 3B with an Ethernet/Wi-Fi adapter Works on most Debian distributions! 1. Install Raspbian 2. Run the command below downloads this script in case you want to read over it first! cur...
JSRat - Reverse HTTP Shell Using JavaScript
JSRat is a reverse HTTP Shell by using JavaScript. JSRat use rundll32.exe to load the JavaScript code in cmd and a HTTP Shell is returned when the code is executed. The special part is that after running the cmd command, rundll32.exe will remain in the background to continuously connect to the...
0d1n - Tool For Automating Customized Attacks Against Web Applications
Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...
ZIB - The Open Tor Botnet
General information and instructions. The Open Tor Botnet requires the installation and configuration of bitcoind, however I neglect to detail this here out of a lack of time. This bot-net is fully undetectable and bypasses all antivirus through running on top of Python27's pyinstaller, which is...
Weeman - HTTP Server for Phishing
HTTP server for phishing in python. Weeman has support for most of the bigest websites. Usually you will want run Weeman with DNS spoof attack. see dsniff, ettercap. Weeman will do the following steps: 1. Create fake html page. 2. Wait for clients 3. Grab the data POST. 4. Try to login the client...
REMnux v6 - A Linux Toolkit for Reverse-Engineering and Analyzing Malware
REMnux is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locat...
Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)
Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...
AVCaesar - Malware Analysis Engine and Repository
AVCaesar is a malware analysis engine and repository, developed by malware.lu within the FP7 project CockpitCI. Functionalities AVCaesar can be used to: Perform an efficient malware analysis of suspicious files based on the results of a set of antivirus solutions, bundled together to reach the...
Dshell - Network Forensic Analysis Framework
An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04 Python...
PwnPi - A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...
The Mole - Automatic SQL Injection Exploitation Tool
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...
[ChromeAnalysis] Tool for analysing Google Chrome web browser
ChromeAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Google Chrome web browser. The main features are described below: Extract History Extract history regarding bookmarks, cookies, downloads, favicons, logins, most visited sites, search terms,...
[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes
What's VSD? VSD Virtual Section Dumper is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header , dump a given range of memory or even list and dump every virtual...
[Scylla] v1 Penetration Testing Tool - Because there's no patch for human stupidity
When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works. Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning misconfiguration bugs...
Telegram-Nearby-Map - Discover The Location Of Nearby Telegram Users
Telegram Nearby Map uses OpenStreetMap and the official Telegram library to find the position of nearby users. Please note: Telegram's API was updated a while ago to make nearby user distances less precise, preventing exact location calculations. Therefore, Telegram Nearby Map displays users...
CryptoChat - Beyond Secure Messaging
Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the...
QuadraInspect - Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications
The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile platform, the need for effective tools to assess its security has also increased. In response to this need, a ne...
Gmailc2 - A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions Note: This RAT communicates Via Gmail SMTP or u can use any other smtps as well but Gmail SMTP is valid because most of the companies block unknown traffic so gmail...
GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database
Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...
OSRipper - AV Evading OSX Backdoor And Crypter Framework
OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows yet at least and for now i will not focus on windows. You can also PM me on discord for support or...
modDetective - Tool That Chronologizes Files Based On Modification Time In Order To Investigate Recent System Activity
modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in CTF's in order to pinpoint where escalation and attack vectors may exist. To see the tool in its most useful form, try running the command as...
Scout - Lightweight URL Fuzzer And Spider: Discover A Web Server'S Undisclosed Files, Directories And VHOSTs
Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire! Usage Discover URLs on a given web server. version Display scout version...
Stunner - Tool To Test And Exploit STUN, TURN And TURN Over TCP Servers
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chats WebRTC. If you find a misconfigured server you can use this tool to open a local socks proxy that relays all traffic via the TURN protocol into the...
Fb_Friend_List_Scraper - OSINT Tool To Scrape Names And Usernames From Large Friend Lists On Facebook, Without Being Rate Limited
OSINT tool to scrape names and usernames from large friend lists on Facebook, without being rate limited. Getting started: Install using pip: python -m pip install fb-friend-list-scraper Script is now installed as fbfriendlistscraper Run with -h or --help to show usage information. Usage: usage:...
IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts
IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace. IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues...
Scemu - X86 32bits Emulator, For Securely Emulating Shellcodes
x86 32bits emulator, for securely emulating shellcodes. Features rust safety, good for malware. All dependencies are in rust. zero unsafe blocks. very fast emulation much faster than unicorn 3,000,000 instructions/second 100,000 instructions/second printing every instruction -vv. powered by...
SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...
Xmap - A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scannin...
CrowdSec - An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster Go vs Python, uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineere...
Burpsuite-Copy-As-XMLHttpRequest - Copy As XMLHttpRequest BurpSuite Extension
The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's XmlHttpRequest, which simplifies PoC development when exploiting XSS. Installation download the latest JAR from releases or build manually add JAR to burpsuite using tabs: "Extender" -...
Kubestriker - A Blazing Fast Security Auditing Tool For Kubernetes
Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale. kubestriker is Platform agnostic and works equally wel...
OpenWifiPass - An Open Source Implementation Of Apple's Wi-Fi Password Sharing Protocol In Python
An open source implementation of the grantor role in Apple's Wi-Fi Password Sharing protocol. Disclaimer OpenWifiPass is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project. The code serves solely documentary and educational purposes. It is...
N1QLMap - The Tool Exfiltrates Data From Couchbase Database By Exploiting N1QL Injection Vulnerabilities
N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attacks via CURL. More information can be found here: https://labs.f-secure.com/blog/n1ql-injection-kind-of-sql-injection-in-a-nosql-database. Usage Help usage:...
Oregami - IDA Plugins And Scripts For Analyzing Register Usage Frame
""" What is this register used for? Hmm.. I'll just rename it to veryuniquename, do a textual search, and find all references! Ok.. Waiting for the search to end.. any minute now.. Done! Now I just need to understand which of the search result is relevant to the current usage frame of the registe...
Wave-Share - Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser. Nearby devices negotiate the WebRTC connection by exchanging the necessary Session Description Protocol SDP data via a sequence of audio tones. Upon successful...
SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...
IoT-PT - A Virtual Environment For Pentesting IoT Devices
A new pentesting virtual environment for IoT Devices Download Link : https://drive.google.com/open?id=1XwGqkLax2irSPpwEpeAqypl9vEywzw3D MD5 : d9c20057b14cfa3fb25f744813b828df ; SHA1: 8828d693dc6c809377bab40d2bc26f525685e287 OS info and Requirements Base OS : Lubuntu 18.04 LTS Processors : 2 By...
Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API
commit-stream drinks commit logs from the Github event firehose exposing the author details name and email address associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code...
Free Cynet Threat Assessment for Mid-sized and Large Organizations
If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...
Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner
celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...