6011 matches found
RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting
Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machin...
JoomScan 0.0.7 - OWASP Joomla Vulnerability Scanner Project
OWASP Joomla! Vulnerability Scanner JoomScan is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations,...
cSploit Android - The most complete and advanced IT security professional toolkit on Android
cSploit is a free/libre and open source GPLed Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to perform network security assessments on a mobile device. See more at www.cSploit.org. Features Map you...
Tweetshell - Multi-thread Twitter BruteForcer In Shell Script
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords/min using 20 threads. Legal disclaimer: Usage of TweetShell for attacking targets without...
BruteDum - Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack
BruteDum is a SSH, FTP, Telnet, PostgreSQL, RDP, VNC brute forcing tool with Hydra, Medusa and Ncrack. BruteDum can work with aany Linux distros if they have Python 3. Features of BruteDum SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra recommended SSH, FTP, Telnet, PostgreSQL, RDP, VNC with...
[DEFT 7] Distribution with the best freeware Windows Computer Forensic tools
DEFT 7 is based on the new Kernel 3 Linux side and the DART Digital Advanced Response Toolkit with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manage...
PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage
Many usefull offensive CSharp Projects wraped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new...
Steghide - Brute Force Attack to Find Hide Information and Password in a file
Execute a brute force attack with Steghide to file with hide information and password established. How it work Cloning this repo to your computer and typing in your terminal: git clone https://github.com/Va5c0/Steghide-Brute-Force-Tool.git To launch the script by typing: python stegbrute.py optio...
SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
WakeMeOnLan v1.71 - Turn on computers on your network with Wake-on-LAN packet
This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN WOL packet to the remote computers. When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list into...
Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
/\ / | / \ | \ | || | | | | / | /| |/ |/ |/ ,/; ; ; ,'/|; ,/,/, ,'/ |;/,/,/,/| ,/; |;|/,/,/,/,/| ,/'; |;|,/,/,/,/,/| ,/'; |;|/,/,/,/,/,/|, / ; |;|,/,/,/,/,/,/| / ,'; |;|/,/,/,/,/,/,/| /,/'; |;|,/,/,/,/,/,/,/| /;/ '; |;|/,/,/,/,/,/,/,/| ██████╗ ███████╗ ██████╗ █████╗ ███████╗██╗ ██╗███████╗...
Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops
This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Up and running 1. Install Docker for MacOS or Windows. You'll need to create a Docker account if you don't already have one. 2. git clone git://github.com/ScaleSec/vulnado 3. cd...
Sliver - Implant Framework
Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTPS, and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant a...
Dex-Oracle - A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Before After sha1: a68d5d2da7550d35f7dbefc21b7deebe3f4005f3 md5: 2dd2eeeda08ac8c15be8a9f2d01adbe8 Installation Step 1. Install Smali /...
PhoneSploit-Pro - An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session
An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB Android Debug Bridge and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create , Install , and Run payload on the target device using...
Shodan-Eye - Tool That Collects All The Information About All Devices Directly Connected To The Internet Using The Specified Keywords That You Enter
This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. The types of devices that are indexed can vary enormously: from small desktops, refrigerators to nuclear power plants...
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. 1.1 Why Metarget? During security researches, we might find that the deployment of...
BeRoot For Linux - Privilege Escalation Project
BeRoot is a post exploitation tool to check common misconfigurations on Linux and Mac OS to find a way to escalate our privilege. To understand privilege escalation on these systems, you should understand at least two main notions: LOLBins this name has been given for Windows binaries but it shou...
VulnLab - A Web Vulnerability Lab Project
VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross Site Scripting XSS Command Injection Insecure Direct Object References IDOR Cross Site Request Forgery CSRF XML External Entity XXE Insecure Deserialization File Upload File Inclusion Broken...
Kiterunner - Contextual Content Discovery Tool
For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Over time,...
ScoutSuite - Multi-Cloud Security Auditing Tool
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of...
Telewreck - A Burp Extension To Detect And Exploit Versions Of Telerik Web UI Vulnerable To CVE-2017-9248
A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. This extension is based on the original exploit tool written by Paul Taylor @bao7uo which is available at https://github.com/bao7uo/dpcrypto. Credits and big thanks to him. A related blog post on how to...
Strelka - Scanning Files At Scale With Python And ZeroMQ
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects see: related projects, Strelka's purpose is to perform file extraction and metadata collection at huge...
Hashcat v4.0 - World's Fastest and Most Advanced Password Recovery Utility
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...
BloodyAD - An Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM with password or NTLM hashes and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a...
oclHashcat v1.2 - GPGPU-based Multi-hash Cracker
oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...
IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request
Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...
log4j-scan - A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more than 60 HTTP request headers not only 3-4 headers as previously seen tools. Fuzzing for HTTP POST Data parameters. Fuzzing for JSON data parameters. Supports...
ThreadStackSpoofer - PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode'S Memory Allocation From Scanners And Analysts
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique...
CrackerJack - Web GUI for Hashcat
Web Interface for Hashcat by Context Information Security Demo / StartCracking in Under 5 Minutes Introduction CrackerJack is a Web GUI for Hashcat developed in Python. Architecture This project aims to keep the GUI and Hashcat independent. In a nutshell, here's how it works: User uploads hashes,...
Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Recommended Windows 10 80+ GB Hard Drive 4+ GB RAM 2 network adapters...
Aircrack-ng 1.4 - Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...
GPS-SDR-SIM - Software-Defined GPS Signal Simulator
GPS-SDR-SIM generates GPS baseband signal data streams, which can be converted to RF using software-defined radio SDR platforms, such as bladeRF, HackRF, and USRP. Windows build instructions 1. Start Visual Studio. 2. Create an empty project for a console application. 3. On the Solution Explorer ...
BruteShark - Network Analysis Tool
BruteShark is a Network Forensic Analysis Tool NFAT that performs deep processing and inspection of network traffic mainly PCAP files, but it also capable of directly live capturing from a network interface. It includes: password extracting, building a network map, reconstruct TCP sessions, extra...
DVNA - Damn Vulnerable NodeJS Application
Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...
Vulmap - Online Local Vulnerability Scanners Project
Vulmap is an open source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these...
Ikeext-Privesc - Windows IKEEXT DLL Hijacking Exploit Tool
This tool is intended for automatically detecting and exploiting the IKE and AuthIP IPsec Keyring Modules Service IKEEXT Missing DLL vulnerability. Description A major weakness is present in Windows Vista, 7, 8, Server 2008, Server 2008 R2 and Server 2012, which allows any authenticated user to...
MassBleed - Mass SSL Vulnerability Scanner
USAGE sh massbleed.sh CIDR|IP single|port|subnet port proxy ABOUT This script has four main functions with the ability to proxy all connections: 1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp https example: sh massbleed.sh 192.168.0.0/16 2. To scan any CIDR range for...
Php-Jpeg-Injector - Injects Php Payloads Into Jpeg Images
Injects php payloads into jpeg images. Related to this post. Use Case You have a web application that runs a jpeg image through PHP's GD graphics library. Description This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image...
Hacktronian - All In One Hacking Tool For Linux & Android
Pentesing Tools That All Hacker Needs. HACKTRONIAN Menu : Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation Install The HACKTRONIAN Information Gathering: Nmap Setoolkit Port Scanning Host To IP wordpre...
Diamorphine - LKM Rootkit for Linux Kernels 2.6.x/3.x/4.x
Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x Features When loaded, the module starts invisible; Hide/unhide any process by sending a signal 31; Sending a signal 63to any pid makes the module become invisible; Sending a signal 64to any pid makes the given user become root; Files or...
Kali NetHunter App Store - The New Android Store Dedicated to Free Security Apps
The Kali NetHunter App Store is a one-stop-shop for security relevant Android applications. It is the ultimate alternative to the Google Play store for any Android device, whether rooted or not, NetHunter or stock. If you are after any security application for your Android device, the NetHunter...
MobaXterm - Terminal for Windows with X11 server, tabbed SSH client, network tools and much more...
MobaXterm is your ultimate toolbox for remote computing. In a single Windows application, it provides loads of functions that are tailored for programmers, webmasters, IT administrators and pretty much all users who need to handle their remote jobs in a more simple fashion. MobaXterm provides all...
SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality
SharpDPAPI is a C port of some DPAPI functionality from @gentilkiwi's Mimikatz project. I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work fro...
Kalitorify - Transparent Proxy Through Tor For Kali Linux OS
kalitorify is a shell script for Kali Linux which use iptables settings for transparent proxy through Tor, the program also allows you to perform various checks like checking the external ip, or if Tor has been configured correctly. What is Transparent Proxy? Also known as an intercepting proxy,...
Wesng - Windows Exploit Suggester
WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported...
Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL
A simple shell utility for encrypting and decrypting files using OpenSSL. Installation git clone https://github.com/nodesocket/cryptr.git ln -s "$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptr Bash tab completion Add tools/cryptr-bash-completion.bash to your tab completion file directory...
DarkScrape - OSINT Tool For Scraping Dark Websites
OSINT Tool to find Media Links in Tor Sites. Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux Installation git clone https://github.com/itsmehacker/DarkScrape.git pip3 install -r requirements.txt Features Download Media Scrape From Single Url Scraping From Files Txt Csv Excel Inspired...
DKMC - Malicious Payload Evasion Tool
Don't kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode. The idea is to avoid sandbox analysis since it's a simple "legit" image. For now the tool rely on PowerShell the execute the final...
Sitadel - Web Application Security Scanner
Sitadel is basically an update for WAScan making it compatible for python = 3.4 It allows more flexibility for you to write new modules and implement new features : Frontend framework detection Content Delivery Network detection Define Risk Level to allow for scans Plugin system Docker image...