6011 matches found
Skanuvaty - Dangerously Fast DNS/network/port Scanner
Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains from root domain Finds IPs for subdomains Checks what ports are open on those IPs Notice: not yet implemented Outputs a handy .json file with all the data for...
Searpy - Search Engine Tookit
1. Install git clone https://github.com/j3ers3/Searpy pip install -r requirement.txt 配置API及账号 ./config.py python Searpy -h 2. Help baidu Engine --google Using google Engine --so Using 360so Engine --bing Using bing Engine --shodan Using shodan Engine --fofa Using fofa Engine --zoomeye Using...
Whatfiles - Log What Files Are Accessed By Any Linux Process
Whatfiles is a Linux utility that logs what files another program reads/writes/creates/deletes on your system. It traces any new processes and threads that are created by the targeted process as well. Rationale: I've long been frustrated at the lack of a simple utility to see which files a proces...
Onionservice - Manage Your Onion Services Via CLI Or TUI On Unix-like Operating System With A POSIX Compliant Shell
Feature-rich Onion Service manager for UNIX-like operating systems written in POSIX conformant shellscript A collection of Onion Services features implemented for Unix-like systems following the Portable Operating System Interface standard. WARNING:do not trust this repo yet, backup your hs keys ...
Toutatis - A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more Prerequisite Python 3 ️ Installation With PyPI pip install toutatis With Github git clone https://github.com/megadose/toutatis.git cd toutatis/ python3 setup.py install ...
Nosferatu - Lsass NTLM Authentication Backdoor
Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate, located in NtlmShared.dll. In the pursuit of not being detected, the hooked function will call...
DorkScout - Golang Tool To Automate Google Dork Scan Against The Entiere Internet Or Specific Targets
dokrscout is a tool to automate the finding of vulnerable applications or secret files around the internet throught google searches, dorkscout first starts by fetching the dorks lists from https://www.exploit-db.com/google-hacking-database and then it scans a given target or everything it founds...
WWWGrep - OWASP Foundation Web Respository
WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused single, multiple file based URLs and recursive with respect to root domain or not searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was...
SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools
New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...
Wp_Hunter - Static Analysis Of Wordpress Plugins
Static analysis to search for vulnerabilities in Wordpress plugins. / \ / \ / | \ / | \ // /| / \ | / \ / \ \ \ / | | \ Y / | / | \ | \ /| | / /\ / ||| /|/|| /| \ | / // / / / | Author: @JosueEncinar Starting the process Total plugins 87509 Starting the analisys How to add a module The...
Amlsec - Automated Security Risk Identification Using AutomationML-based Engineering Data
This prototype identifies security risk sources i.e., threats and vulnerabilities and types of attack consequences based on AutomationML AML artifacts. The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber attacks that...
NoSQLi - NoSql Injection CLI Tool
NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to...
MEDUZA - A More Or Less Universal SSL Unpinning Tool For iOS
"MEDUZA" "медуза" means "jellyfish" in Ukrainian What is MEDUZA? It's a Frida-based tool, my replacement for SSLKillSwitch. I created it for in-house use, but then decided to opensource it. TBH, I hate open source, but the world is full of compromises... : How does it work? It's simple. First tim...
Bbrecon - Python Library And CLI For The Bug Bounty Recon API
Bug Bounty Recon bbrecon is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets. It comes with an ergonomic CLI and Python library. This...
RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
SafeText - Script To Remove Homoglyphs And Zero-Width Characters To Allow For Safe Distribution Of Documents From Anonymous Sources
Tool to sanitize text to allow for safe distribution of documents from anonymous sources by removing zero-width characters and homoglpyhs. Individuals attempting to leak an email or other text file face the risk of identification through fingerprinting. Fingerprinting often occurs when the origin...
Powershell-RAT - Python Based Backdoor That Uses Gmail To Exfiltrate Data Through Attachment
Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This...
SpiderFoot 2.12 - Automates OSINT to find out everything possible about your target
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources OSINT to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will...
Peanalyzer - Advanced Portable Executable File Analyzer And Disassembler
Advanced Portable Executable File Analyzer Python 3.6.4 Tested Working Usage python pyanalyzer.py --file file.exe --show all python pyanalyzer.py --file file.exe --disassemble all Video Dos Header File Header Optional Header Section Headers...
Protobuf-Inspector - Tool To Reverse-Engineer Protocol Buffers With Unknown Definition
Simple program that can parse Google Protobuf encoded blobs version 2 or 3 without knowing their accompanying definition. It will print a nice, colored representation of their contents. Example: As you can see, the field names are obviously lost, together with some high-level details such as:...
sshLooter - Script To Steal Passwords From SSH
Script to steal passwords from SSH. Install git clone https://github.com/mthbernardes/sshLooter.git cd sshLooter Configuration Edit the script on install.sh, and add your telegram bot api, and your userid. Call the @botfather on telegram to create a bot and call the @userinfobot to get your user...
RedLogin - SSH Brute-force Tools
Red Login: SSH Brute-force Tools. Features: High speed and precision CLI Console based Run the arbitrary command after the attack is successful Default 'Uname -a' Telegram messanger support for sending reports via bot API Usage: Redlogin.exe Optional -telegram == List of targets ip list == List o...
CyberScan - Tool To Analyse Packets, Decoding , Scanning Ports, And Geolocation
CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including latitude, longitude , region , country ... Operating Systems Supported Windows XP/7/8/8.1/10 GNU/Linux MacOSX Installation You can download CyberSc...
Nzyme - Collects 802.11 Management Frames And Sends Them To A Graylog Setup For Wifi Ids, Monitoring, And Incident Response
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog Open Source log management setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode. Think about this like a long-term months or years...
Dradis Framework - Collaboration and reporting for IT Security teams
Dradis is an open-source collaboration framework, tailored to InfoSec teams. Goals Share the information effectively. Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. Flexible: with a powerful and simple extensions interface. Small and portable. You...
BloodHound - Six Degrees of Domain Admin
BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks can...
Sn1per - Automated PenTest Recon Scanner
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. DEMO VIDEO: FEATURES: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates...
Vulnreport - Pentesting Management And Automation Platform
Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever oth...
MSF-Remote-Console - A Remote Msfconsole To Connect To The Msfrcpd Server Of Metasploit
A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to use it locally wi...
DyMerge - Dynamic Dictionary Merger
A simple, yet powerful tool - written purely in python - which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based or bruteforce attack. Compatible with Python 2.6+. Author: Nikolaos Kamarinakis nikolaskama.me...
Rupture - A framework for BREACH and other compression-based crypto attacks
Rupture is a framework for easily conducting BREACH and other compression-based attacks. For more information, please visit Rupture's home page: RuptureIt Authors Rupture is developed by: Dimitris Karakostas [email protected] Dionysis Zindros [email protected] Eva Sarafianou...
pDNS2 - Passive DNS V2
pDNS2 is yet another implementation of a passive DNS tool working with Redis as the database. pDNS2 means ‘passive DNS version2’ and favors speed in query over other database features. pDNS2 is based on Florian Weimer’s original dnslogger with improved features for speed and specialization for...
Nipe - Script To Redirect All Traffic From The Machine To The Tor Network
Script to redirect all the traffic from the machine to the Tor network. + AUTOR: Vinicius Gouvea + EMAIL: [email protected] + BLOG: https://medium.com/viniciusgouvea + GITHUB: https://github.com/HeitorG + FACEBOOK: https://fb.com/viniciushgouvea Installing: git clone...
JexBoss - Jboss Verify And Exploitation Tool
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. Requirements Python = 2.7.x Installation To install the latest version of JexBoss, please use the following commands: git clone https://github.com/joaomatosf/jexboss.git cd jexboss python jexboss.py Features...
PortDog - Simple Python Script to Detect Port Scanning Techniques
PortDog is a network anomaly detector aimed to detect port scanning techniques. It is entirely written in python and has easy-to-use interface. It was tested on Ubuntu 15. Please note that, it is not working on Windows OS due to suffering from capturing RAW packets.I am working on to write this...
netool.sh - MitM Pentesting Opensource T00lkit
netool.sh toolkit provides a fast and easy way For new arrivals to IT security pentesting and also to experience users to use allmost all features that the Man-In-The-Middle can provide under local lan, since scanning, sniffing and social engeneering attacks "spear phishing attacks"... DESCRIPTIO...
CMSmap - Scanner to detect security flaws of the most popular CMSs (WordPress, Joomla and Drupal)
CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment, CMSs supported by CMSmap are WordPress, Joomla...
PhEmail - Automate Sending Phishing Emails
PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test. The main purpose of PhEmail is to send a bunch of phishing emails and prove who clicked on them without attempting to exploit the web browser or email...
WirelessNetView - Wireless Network Monitoring Tool
WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you. For each detected network, it displays the following information: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher...
Wireless Network Watcher v1.72 - Show who is connected to your wireless network
Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...
[WakeMeOnLan] Turn on computers on your network with Wake-on-LAN packet
This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN WOL packet to the remote computers. When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list into...
[Patator] Brute-Force Attack And Dns Reverse And Forward Lookup
Patator is developed by Sebastien Macke. In this video I will show you how to use Patator for a Brute-Force Attack and DNS Forward and reverse lookup. Patator is a multi-purpose brute-force, with a modular design and a flexible usage. http://code.google.com/p/patator...
Extrude - Analyse Binaries For Missing Security Features, Information Disclosure And More...
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE Windows binaries will be supported soon. Usage Usage: extrude flags file Flags: -a, --all Show details of all test...
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICEN...
VolWeb - A Centralized And Enhanced Memory Analysis Platform
VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...
SharpShares - Multithreaded C# .NET Assembly To Enumerate Accessible Network Shares In A Domain
Multithreaded C .NET Assembly to enumerate accessible network shares in a domain Built upon djhohnstein's SharpShares project .\SharpShares.exe help Usage: SharpShares.exe /threads:50 /ldap:servers /ou:"OU=Special Servers,DC=example,DC=local" /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose...
Aws-Waf-Header-Analyzer - The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers
The purpose of the project is to create rate limit in AWS WaF based on HTTP headers. Golang is a dependencie to build the binary. See the documentation to install: https://go.dev/doc/install make sudo make install The rules configuration is very simple, for example, the threshold is the limited o...
TrafficWatch - TrafficWatch, A Packet Sniffer Tool, Allows You To Monitor And Analyze Network Traffic From PCAP Files
TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more. Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP,...
PatchaPalooza - A Comprehensive Tool That Provides An Insightful Analysis Of Microsoft's Monthly Security Updates
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. IF you are interested in seing all this data in a live website, visit: https://patchapalooza.com PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security updat...
DakshSCRA - Source Code Review Assist
Daksh SCRA Source Code Review Assist tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers. Rather than indiscriminately flagging everything as a potential issue, Daksh SCRA promotes thoughtful analysis,...