OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer

Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your server logs. Stay ahead of potential threats with features that include: Features 1. Attac...

HackerInfo - Infromations Web Application Security

Infromations Web Application Security install : sudo apt install python3 python3-pip pip3 install termcolor pip3 install google pip3 install optioncomplete pip3 install bs4 pip3 install prettytable...

NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected

NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs...

GAP-Burp-Extension - Burp Extension To Find Potential Endpoints, Parameters, And Generate A Custom Target Wordlist

This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing. The full Help documentation can b...

BounceBack - Stealth Redirector For Your Red Team Operation Security

BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from...

DynastyPersist - A Linux Persistence Tool!

A Linux persistence tool! A powerful and versatile Linux persistence script designed for various security assessment and testing scenarios. This script provides a collection of features that demonstrate different methods of achieving persistence on a Linux system. Features 1. SSH Key Generation:...

WebSecProbe - Web Security Assessment Tool, Bypass 403

A cutting-edge utility designed exclusively for web security aficionados, penetration testers, and system administrators. WebSecProbe is your advanced toolkit for conducting intricate web security assessments with precision and depth. This robust tool streamlines the intricate process of...

TEx - Telegram Monitor

TEx is a Telegram Explorer tool created to help Researchers, Investigators and Law Enforcement Agents to Collect and Process the Huge Amount of Data Generated from Criminal, Fraud, Security and Others Telegram Groups. BETA VERSION Please note that this project has been in beta for a few weeks, so...

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

Sekiryu - Comprehensive Toolkit For Ghidra Headless

This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. This toolkit provides a wide range of scripts that can be executed both inside and alongside Ghidra, enabling users to perform tasks such as...

HEDnsExtractor - Raw Html Extractor From Hurricane Electric Portal

HEDnsExtractor Raw html extractor from Hurricane Electric portal Features Automatically identify IPAddr ou Networks through command line parameter or stdin Extract networks based on IPAddr. Extract domains from networks. Installation go install -v...

Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework

Documentation What is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash...

ProtectMyTooling - Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry

Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more...

AoratosWin - A Tool That Removes Traces Of Executed Applications On Windows OS

AoratosWin is a tool that removes traces of executed applications on Windows OS which can easily be listed with tools such as ExecutedProgramList by Nirsoft. Feel free to decompile, reverse, redistribute, etc. Supported OS Tested On Windows 7 x86, x64 Windows 8 x86, x64 Windows 8.1 x86, x64 Windo...

FISSURE - Frequency Independent SDR-based Signal Understanding and Reverse Engineering

Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability...

Peetch - An eBPF Playground

peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections. Currently, peetch includes two subcommands. The first called dump aims to sniff network traffic by associating information about the source process with each packet. The secon...

Skanuvaty - Dangerously Fast DNS/network/port Scanner

Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains from root domain Finds IPs for subdomains Checks what ports are open on those IPs Notice: not yet implemented Outputs a handy .json file with all the data for...

StayKit - Cobalt Strike Kit For Persistence

StayKit is an extension for Cobalt Strike persistence by leveraging the executeassembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load...

HybridTestFramework - End To End Testing Of Web, API And Security

Full-fledged WEB, API and Security testing framework using selenium,ZAP OWASP proxy and rest-assured Supported Platforms This framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual...

SentryPeer - A Distributed Peer To Peer List Of Bad Actor IP Addresses And Phone Numbers Collected Via A SIP Honeypot

A distributed list of bad actor IP addresses and phone numbers collected via a SIP Honeypot. Introduction This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to bloc...

SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...

Whatfiles - Log What Files Are Accessed By Any Linux Process

Whatfiles is a Linux utility that logs what files another program reads/writes/creates/deletes on your system. It traces any new processes and threads that are created by the targeted process as well. Rationale: I've long been frustrated at the lack of a simple utility to see which files a proces...

Narthex - Modular Personalized Dictionary Generator

Narthex Greek: Νάρθηξ, νάρθηκας is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C and Shell. It contains autonomous Unix-style programs for the creation of personalised dictionaries that can be used for password recovery & security assessment. The...

ADenum - A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos

AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking john -jp path John binary path -w wordList The path of the wordlist to be used john Default:...

Androidqf - (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise

androidqf Android Quick Forensics is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of Snoopdroid, re-written in Go and leveraging official adb binaries. androidqf is intended to provide a simple and portable cross-platform utility ...

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365...

ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy

ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be...

AnonX - An Encrypted File Transfer Via AES-256-CBC

An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one week and shall remove from the server. AnonX encrypts the directory before uploading it to the server. The download function requires the download id and AES password ...

Wp_Hunter - Static Analysis Of Wordpress Plugins

Static analysis to search for vulnerabilities in Wordpress plugins. / \ / \ / | \ / | \ // /| / \ | / \ / \ \ \ / | | \ Y / | / | \ | \ /| | / /\ / ||| /|/|| /| \ | / // / / / | Author: @JosueEncinar Starting the process Total plugins 87509 Starting the analisys How to add a module The...

Amlsec - Automated Security Risk Identification Using AutomationML-based Engineering Data

This prototype identifies security risk sources i.e., threats and vulnerabilities and types of attack consequences based on AutomationML AML artifacts. The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber attacks that...

Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures TTPs and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an...

PowerShell-Red-Team - Collection Of PowerShell Functions A Red Teamer May Use To Collect Data From A Machine

Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the...

PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple...

Server Side Template Injection Payloads

Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template...

Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog,...

SET v8.0.1 - The Social-Engineer Toolkit

Copyright 2019 The Social-Engineer Toolkit SET Written by: David Kennedy ReL1K Company: TrustedSec DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period. Please read the LICENSE under readme/LICENSE for...

SafeText - Script To Remove Homoglyphs And Zero-Width Characters To Allow For Safe Distribution Of Documents From Anonymous Sources

Tool to sanitize text to allow for safe distribution of documents from anonymous sources by removing zero-width characters and homoglpyhs. Individuals attempting to leak an email or other text file face the risk of identification through fingerprinting. Fingerprinting often occurs when the origin...

Dirhunt - Find Web Directories Without Bruteforce

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors , directories where an empty inde...

Grok-backdoor - Backdoor With Ngrok Tunnel Support

Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate windows, linux and mac binaries using Pyinstaller. Disclaimer: All the code provided on this repository is for educational/research purposes only. Any actions and/or activities...

Arjun - Tool To Find Hidden GET & POST Parameters

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. Dependencies requests threading Usages Here's how you can scan a webpage for get parameters python arjun.py -u http://example.com/index.php --get For POST, just use the --post flag. To specify the number...

Protobuf-Inspector - Tool To Reverse-Engineer Protocol Buffers With Unknown Definition

Simple program that can parse Google Protobuf encoded blobs version 2 or 3 without knowing their accompanying definition. It will print a nice, colored representation of their contents. Example: As you can see, the field names are obviously lost, together with some high-level details such as:...

RedLogin - SSH Brute-force Tools

Red Login: SSH Brute-force Tools. Features: High speed and precision CLI Console based Run the arbitrary command after the attack is successful Default 'Uname -a' Telegram messanger support for sending reports via bot API Usage: Redlogin.exe Optional -telegram == List of targets ip list == List o...

Linux Soft Exploit Suggester - Search Exploitable Software On Linux

linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities. python linux-soft-exploit-suggester.py -h | | | | | |·| || |/ | || |- //| || |·|- | || | / |- /| ||| |||/...

Zeus Scanner - Advanced Dork Searching Utility

Zeus is a advanced dork searching tool that is capable of bypassing search engine API calls, search engine captchas, and IP address blocking from sending many requests to the search engine itself. Zeus can use three different search engines to do the search default is Google. Zeus has a powerful...

Vulnreport - Pentesting Management And Automation Platform

Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever oth...

WMD (Weapon of Mass Destruction) - Python framework for IT security tools

This is a python tool with a collection of IT security software. The software is incapsulated in "modules". The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command "use modulecall", e.g. "use apsniff", to activate the module. ...

Rupture - A framework for BREACH and other compression-based crypto attacks

Rupture is a framework for easily conducting BREACH and other compression-based attacks. For more information, please visit Rupture's home page: RuptureIt Authors Rupture is developed by: Dimitris Karakostas [email protected] Dionysis Zindros [email protected] Eva Sarafianou...

pDNS2 - Passive DNS V2

pDNS2 is yet another implementation of a passive DNS tool working with Redis as the database. pDNS2 means ‘passive DNS version2’ and favors speed in query over other database features. pDNS2 is based on Florian Weimer’s original dnslogger with improved features for speed and specialization for...

Skydive - An Open Source Real-Time Network Topology and Protocols Analyzer

Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. Al...