6011 matches found
Free Cynet Threat Assessment for Mid-sized and Large Organizations
If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...
Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner
celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...
Firework - Leveraging Microsoft Workspaces in a Penetration Test
Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it. This tool may...
Dnsmorph - Domain Name Permutation Engine Written In Go
DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...
Kali Linux 2018.2 Release - The Best Penetration Testing Distribution
This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, which allows for encrypting virtual...
GPG Reaper - Obtain/Steal/Restore GPG Private Keys From Gpg-Agent Cache/Memory
Obtain/Steal/Restore GPG Private Keys from gpg-agent cache/memory This POC demonstrates method for obtaining GPG private keys from gpg-agent memory under Windows. Normally this should be possible only within 10 minutes time frame --default-cache-ttl value. Unfortunately housekeeping function whic...
CBM - Car Backdoor Maker
A hardware-backdoor for CAN bus - by @UnaPibaGeek & @holesec For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a...
roxysploit - Penetration Testing Suite
roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field. Some containing Plugins in roxysploit Scan is a automated Information gathering plugin it gives the user the ability to have a rest while t...
CryKeX - Linux Memory Cryptographic Keys Extractor
CryKeX - Linux Memory Cryptographic Keys Extractor Properties: Cross-platform Minimalism Simplicity Interactivity Compatibility/Portability Application Independable Process Wrapping Process Injection Dependencies: Unix - should work on any Unix-based OS BASH - the whole script root privileges...
SimplyEmail - Email Recon Made Fast And Easy
This tool was based on the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. MAJOR CALLOUTS: @laramies - Developer of theHarvester...
Cowrie - SSH/Telnet Honeypot
Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is developed by Michel Oosterhof. Features Some interesting features: Fake filesystem with the ability to add/remove files. A full fake filesystem...
myLG - Network Diagnostic Tool
myLG is an open source software utility which combines the functions of the different network probes in one network diagnostic tool. Features Popular looking glasses ping/trace/bgp: Telia, Level3 More than 200 countries DNS Lookup information Local ping and real-time trace route Packet analyzer -...
BruteXSS - Cross-Site Scripting Bruteforcer
BruteXSS - Cross-Site Scripting BruteForcer Author: Shawar Khan The BruteXSS project is sponsored and supported by Netsparker Web Application Security Scanner Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for...
Striptls - Proxy POC Implementation Of STARTTLS Stripping Attacks
poc implementation of STARTTLS stripping attacks SMTP SMTP.StripFromCapabilities - server response capability patch SMTP.StripWithInvalidResponseCode - client STARTTLS stripping, invalid response code SMTP.UntrustedIntercept - STARTTLS interception client and server talking ssl requires server.pe...
Gophish - Open-Source Phishing Toolkit
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. One-Click Installation Download and Extract the ZIP - Gophish binaries are provided for...
RouterhunterBR 2.0 - Automated Tool for Testing in Vulnerable Routers
The RouterhunterBR is an automated security tool que finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability...
GoAccess - Real-time Web Log Analyzer and Interactive Viewer
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...
Antak WebShell - A webshell which utilizes PowerShell
Antak is a webshell written in C.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands like...
[Bugtroid] Pentesting for Android
Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools PRO for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find:...
[Pentoo 2013.0 RC1.1] Security-Focused live CD based on Gentoo
Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more. Pentoo 2013.0 RC1.1 features : Changes saving CUDA/OpenCL Enhanced cracking software John the ripper Hashcat Suite of tools Kernel 3.7.5 and all...
BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs HookChecker.exe in all folders and subfolders of a given path. You need to have HookChecker.exe on the same folder of...
Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...
SharpCovertTube - Youtube As Covert-Channel - Control Windows Systems Remotely And Execute Commands By Uploading Videos To Youtube
SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube. The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The QR codes in the videos can use...
Metahub - An Automated Contextual Security Findings Enrichment And Impact Evaluation Tool For Vulnerability Management
MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context...
Sekiryu - Comprehensive Toolkit For Ghidra Headless
This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. This toolkit provides a wide range of scripts that can be executed both inside and alongside Ghidra, enabling users to perform tasks such as...
DorXNG - Next Generation DorX. Built By Dorks, For Dorks
DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...
HEDnsExtractor - Raw Html Extractor From Hurricane Electric Portal
HEDnsExtractor Raw html extractor from Hurricane Electric portal Features Automatically identify IPAddr ou Networks through command line parameter or stdin Extract networks based on IPAddr. Extract domains from networks. Installation go install -v...
Columbus-Server - API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features
Columbus Project is an API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features. Columbus returned 638subdomains of tesla.com in 0.231 sec. Usage By default Columbus returns only the subdomains in a JSON string array: curl...
Mapsdumper - Dump Place Details From Google Maps Like Phone, Email, Website, And Reviews
MAPSDUMPER Demo • Installation • Feature • Credits A tool for dumping place details from Google Maps such as phone numbers, emails, websites, and reviews. Demo Run / Installation How to run ? node index.js" dir="auto" git clone https://github.com/tegal1337/mapsdumper cd mapsdumper npm install nod...
Artemis - A Modular Web Reconnaissance Tool And Vulnerability Scanner
A modular web reconnaissance tool and vulnerability scanner based on Karton https://github.com/CERT-Polska/karton. The Artemis project has been initiated by the KN Cyber science club of Warsaw University of Technology and is currently being maintained by CERT Polska. Artemis is experimental...
XSS-Exploitation-Tool - An XSS Exploitation Tool
XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against real environment Features Technical Data about victim browser Geolocation of the victim Snapshot of the...
Aws-Security-Assessment-Solution - An AWS Tool To Help You Create A Point In Time Assessment Of Your AWS Account Using Prowler And Scout As Well As Optional AWS Developed Ransomware Checks
Self-Service Security Assessment too l Cybersecurity remains a very important topic and point of concern for many CIOs, CISOs, and their customers. To meet these important concerns, AWS has developed a primary set of services customers should use to aid in protecting their accounts. Amazon...
REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations
REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...
DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files
An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get...
Pycrypt - Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products Important: 1. Make Sure your payload file have all the libraries import and it will be a valid payload file How To Use: 1. Find Any Python Based Backdoor/RAT on github. 2. Crypt its payload with pycrypt 3. Now Convert crypted...
Kubeeye - Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems
KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources by OPA , cluster components, cluster nodes by Node-Problem-Detector and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins...
Shomon - Shodan Monitoring Integration For TheHive
ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listener Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to...
Parrot 5.1 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
Parrot OS 5.1 is officially released. We're proud to say that the new version of Parrot OS 5.1 is available for download; this new version includes a lot of improvements and updates that makes the distribution more performing and more secure. How do I get Parrot OS? You can download Parrot OS by...
PSAsyncShell - PowerShell Asynchronous TCP Reverse Shell
PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool...
Toxssin - An XSS Exploitation Command-Line Interface And Payload Generator
toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting XSS vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool toxin.js. This...
Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates. The highlights for Kali’s 2022.3’s release: Discord Server - Kali’s new community real-time chat option has launched! Test Lab Environment - Quickly create a test bed to learn, practice, and...
DOMDig - DOM XSS Scanner For Single Page Applications
DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...
BITB - Browser In The Browser (BITB) Templates
Browser templates for Browser In The Browser BITB attack. More information: https://mrd0x.com/browser-in-the-browser-phishing-attack/ Usage Each folder has a index.html file which has 4 variables that must be modified: XX-TITLE-XX - The title that shows up for the page e.g. Sign in to your accoun...
ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...
Xolo - Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph
Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises. Requirements: Requests==2.18.4 Flask==0.12.2 Json Pypyodbc beautifulsoup4==4.6.0 lxml==4.1.0 Example: pip...
Ad-Honeypot-Autodeploy - Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically
Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirt with QEMU/KVM but it can be customized easily for cloud-based solutions. Used for painlessly set up a small Windows Domain from scratch...
Smuggler - An HTTP Request Smuggling / Desync Testing Tool
An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT...
Swego - Swiss Army Knife Webserver In Golang
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port default "8080" -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -da...
0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)
0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...
Freki - Malware Analysis Platform
Freki is a free and open-source malware analysis platform. Goals 1. Facilitate malware analysis and reverse engineering; 2. Provide an easy-to-use REST API for different projects; 3. Easy deployment via Docker; 4. Allow the addition of new features by the community. Current features Hash...