6011 matches found
Presshell - Quick And Dirty Wordpress Command Execution Shell
presshell Quick & dirty Wordpress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at /wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to Wordpress and can install plugins...
Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers
Litefuzz is meant to serve a purpose: fuzz and triage on all the major platforms, support both CLI/GUI apps, network clients and servers in order to find security-related bugs. It simplifies the process and makes it easy to discover security bugs in many different targets, across platforms, while...
HybridTestFramework - End To End Testing Of Web, API And Security
Full-fledged WEB, API and Security testing framework using selenium,ZAP OWASP proxy and rest-assured Supported Platforms This framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual...
SMBSR - Lookup For Interesting Stuff In SMB Shares
Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...
Registry-Spy - Cross-platform Registry Browser For Raw Windows Registry Files
Registry Spy is a free, open-source cross-platform Windows Registry viewer. It is a fast, modern, and versatile explorer for raw registry files. Features include: Fast, on-the-fly parsing means no upfront overhead Open multiple hives at a time Searching Hex viewer Modification timestamps...
ThreatBox - A Standard And Controlled Linux Based Attack Platform
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why no...
Androidqf - (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise
androidqf Android Quick Forensics is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of Snoopdroid, re-written in Go and leveraging official adb binaries. androidqf is intended to provide a simple and portable cross-platform utility ...
Invoke-DNSteal - Simple And Customizable DNS Data Exfiltrator
Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator. This tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay. Also, allows you to avoid detections by using random domains in each of your queries and you c...
A2P2V - Automated Attack Path Planning and Validation
Automated Attack Path Planning and Validation A2P2V is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific attacker goal. The aim of the tool is to simplify process so that non-security experts can generate clear,...
Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets
Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets. It breaks down data to small sections and uses pattern recognition and machine learning models to identify adversaries behaviour and their possible locations in compromised Window...
AnonX - An Encrypted File Transfer Via AES-256-CBC
An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one week and shall remove from the server. AnonX encrypts the directory before uploading it to the server. The download function requires the download id and AES password ...
Sigurls - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine
sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h | | / | |/ | | | | '| / | \ \ | | | || | | | \ \ |/|, |,|| ||/ v1.3.1 |/ USAGE: sigurls...
UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)
A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a vulnerability, so th...
Wp_Hunter - Static Analysis Of Wordpress Plugins
Static analysis to search for vulnerabilities in Wordpress plugins. / \ / \ / | \ / | \ // /| / \ | / \ / \ \ \ / | | \ Y / | / | \ | \ /| | / /\ / ||| /|/|| /| \ | / // / / / | Author: @JosueEncinar Starting the process Total plugins 87509 Starting the analisys How to add a module The...
NFCGate - An NFC Research Toolkit Application For Android
NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic modifications. Notice This application was developed for security research purposes by student...
PowerShell-Red-Team - Collection Of PowerShell Functions A Red Teamer May Use To Collect Data From A Machine
Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the...
JWT-Hack - Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)
jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast crackingdict/brutefoce Installation go-getdev version $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $...
MZAP - Multiple Target ZAP Scanning
Multiple target ZAP Scanning / mzap is a tool for scanning NN in ZAP. Concept Installation go-get $ go get -u github.com/hahwul/mzap snapcraft $ sudo snap install mzap --devmode homebrew $ brew tap hahwul/mzap $ brew install mzap Usage Usage: mzap command Available Commands: ajaxspider Add...
SET v8.0.1 - The Social-Engineer Toolkit
Copyright 2019 The Social-Engineer Toolkit SET Written by: David Kennedy ReL1K Company: TrustedSec DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period. Please read the LICENSE under readme/LICENSE for...
SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed
Small IoT Internet of Things to notify users via Twitter, whenever someone accesses their laptop. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on Linux. The purpose of this application is to warn the user via various...
Dirhunt - Find Web Directories Without Bruteforce
Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors , directories where an empty inde...
MSDAT - Microsoft SQL Database Attacking Tool
MSDAT M icros oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...
Grok-backdoor - Backdoor With Ngrok Tunnel Support
Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate windows, linux and mac binaries using Pyinstaller. Disclaimer: All the code provided on this repository is for educational/research purposes only. Any actions and/or activities...
Arjun - Tool To Find Hidden GET & POST Parameters
Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. Dependencies requests threading Usages Here's how you can scan a webpage for get parameters python arjun.py -u http://example.com/index.php --get For POST, just use the --post flag. To specify the number...
ADRecon - Tool Which Gathers Information About The Active Directory
ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...
NMapGUI - Advanced Graphical User Interface for NMap
NMapGUI is an advanced graphical user interface for NMap network analysis tool. It allows to extend and ease the typical usage of NMap by providen a visual and fast interface with the application. If you have any questions about NMapGUI usage or want to get in contact with me, please visit: Twitt...
iWant - CLI Based Decentralized Peer To Peer File Sharing
A commandline tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easydiscovery of files: As easy as searching for something in Google. File download from...
Volatility 2.6 - Advanced Memory Forensics Framework
In 2007, the first version of The Volatility Framework was released publicly at Black Hat DC. The software was based on years of published academic research into advanced memory analysis and forensics. Up until that point, digital investigations had focused primarily on finding contraband within...
PloitKit - The Hacker's ToolBox
PloitKit is a Python based GUI tool designed as one-stop for all other softwares. I was facing these kinds of problem, when I need to switch to different system, or I lost my pen-drive. I have to go to google, and search every tool and download every tool and so on. So I decided to create a tool,...
OONI - Open Observatory of Network Interference
OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software FL/OSS to share observations and data about the various types, methods, and amounts of network tampering in...
Clair - Vulnerability Static Analysis for Containers
Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten...
Skydive - An Open Source Real-Time Network Topology and Protocols Analyzer
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. Al...
Pentestly - Python and Powershell internal Penetration Testing Framework
Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python. Blog post: Pentestly Framework: When Pentesting Meets Python and Powershell Author:...
Malware-Jail - Sandbox for semi-automatic Javascript malware analysis and payload extraction
Sandbox for semi-automatic Javascript malware analysis and payload extraction. Written for Node.js malware-jail is written for Node's 'vm' sandbox . Currently implements WScript Windows Scripting Host context env/wscript.js , at least the part frequently used by malware. Internet browser context ...
Kali Linux 2.0 - The Best Penetration Testing Distribution
So, what’s new in Kali 2.0? There’s a new 4.0 kernel, now based on Debian Jessie, improved hardware and wireless driver coverage, support for a variety of Desktop Environments gnome, kde, xfce, mate, e17, lxde, i3wm, updated desktop environment and tools – and the list goes on. Kali Linux is Now ...
InstaRecon - Automated Digital Reconnaissance
Automated basic digital reconnaissance. Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do: DNS direct, PTR, MX, NS lookups Whois domains and IP lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire...
Argus v3.0.6 - Real Time Auditing Network Activity
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitte...
[IDSwakeup] Collection of Tools to test network intrusion detection systems
IDSwakeup is a collection of tools that allows to test network intrusion detection systems. The main goal of IDSwakeup is to generate false attack that mimic well known ones, in order to see if NIDS detects them and generates false positives. This release of IDSwakeup includes: IDSwakeup The main...
Lobo Guará - Cyber Threat Intelligence Platform
Lobo Guará is a platform aimed at cybersecurity professionals, with various features focused on Cyber Threat Intelligence CTI. It offers tools that make it easier to identify threats, monitor data leaks, analyze suspicious domains and URLs, and much more. Features 1. SSL Certificate Search Allows...
Bugsy - Command-line Interface Tool That Provides Automatic Security Vulnerability Remediation For Your Code
Bugsy is a command-line interface CLI tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is designed to help developers quickly identify and...
Windiff - Web-based Tool That Allows Comparing Symbol, Type And Syscall Information Of Microsoft Windows Binaries Across Different Versions Of The OS
WinDiff is an open-source web-based tool that allows browsing and comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to include information from the latest Windows updates...
Bread - BIOS Reverse Engineering And Advanced Debugging
BREAD BIOS Reverse Engineering & Advanced Debugging is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code on real HW from another PC via serial cable. Introduction BREAD emerged from many failed attempts to reverse engineer legacy BIOS. Given that the vast majority -- ...
Red Canary Mac Monitor - An Advanced, Stand-Alone System Monitoring Tool Tailor-Made For macOS Security Research
Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research, malware triage, and system troubleshooting. Harnessing Apple Endpoint Security ES, it collects and enriches system events, displaying them graphically, with an expansive feature set...
CloudPulse - AWS Cloud Landscape Search Engine
During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible ways to get in an organization. CloudPulse is a powerful tool that simplifies and enhances the analysis of SSL certificate data. It leverage...
Blacklist3r - Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks
The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these...
Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp
This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...
Pinacolada - Wireless Intrusion Detection System For Hak5's WiFi Coconut
Pinacolada looks for typical IEEE 802.11 attacks and then informs you about them as quickly as possible. All this with the help of Hak5's WiFi Coconut, which allows it to listen for threats on all 14 channels in the 2.4GHz range simultaneously. Supported 802.11 Attacks Attack | Type | Status...
ThunderCloud - Cloud Exploit Framework
Cloud Exploit Framework Usage python3 tc.py -h | | | | | / | | | | | | | | | | | | | | | | | | | ' | | | | ' \ / |/ \ '| | | |/ | | | |/ | | | | | | | || | | | | | | / | | || | | || | | | / || ||,|| ||,||| ||/ ,|,| usage: tc.py -h -ce COGNITOENDPOINT -reg REGION -accid AWSACCOUNTID...
Java-Remote-Class-Loader - Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API
This tool allows you to send Java bytecode in the form of class files to your clients or potential targets to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written ...
Aura - Python Source Code Auditing And Static Analysis On A Large Scale
Source code auditing and static code analysis Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on...