SharpAppLocker - C# Port Of The Get-AppLockerPolicy PS Cmdlet

C port of the Get-AppLockerPolicy PS cmdlet / | | / \ | | | | \ --.| | / /\ \ | | | | --. \ ' \ / | '| ' | | ' | ' | | / \ / | |/ / \ '| // / | | | | | | | | | | | | | | | | || | | / | /|| ||,|| | ./| |/ ./| ./// ||\|| | | | | | | || || || V1.0.0 - by Flangvik & JeanMaes1994 Usage: -h,...

Kubebox - Terminal And Web Console For Kubernetes

Terminal and Web console for Kubernetes Features Configuration from kubeconfig files KUBECONFIG environment variable or $HOME/.kube Switch contexts interactively Authentication support bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digit...

Steganographer - Hide Files Or Data In Image Files

This Module will hide files inside images currenlty PNG and export the modified image to disk The maximum size of file which can be hidden inside an image depends on the dimension of the image. maxfilesize = heightofimage widthofimage 6 / 8 bytes '100k words.txt' is hidden in 'originalimage.png'...

Converting MBOX to Outlook Easily

Mail transfer is a common search query. Most commonly, users may migrate due to personal preferences, corporate policies, or support issues. Systems based on the MBOX format are tricky: you may easily export the files, but direct import to Outlook is impossible. That is unless you use the right...

DroidTracker - Script To Generate An Android App To Track Location In Real Time

Script to generate an Android App to track location in real time Features: Custom App Name 2 Port Forwarding options Ngrok or using SSH Tunneling with Serveo.net Obfuscated URL by Tinyurl Fully Undetectable Legal disclaimer: Usage of DroidTracker for attacking targets without prior mutual consent...

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...

Sheepl - Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments

Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current...

Trackerjacker - Like Nmap For Mapping Wifi Networks You'Re Not Connected To, Plus Device Tracking

Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring. PyPI page: https://pypi.python.org/pypi/trackerjacker Install pip3 install trackerjacker Supported platforms : Linux tested on Ubuntu, Kali, and RPi and macOS...

LSB-Steganography - Python program to steganography files into images using the Least Significant Bit

Python program based on stegonographical methods to hide files in images using the Least Significant Bit technique. I used the most basic method which is the least significant bit. A colour pixel is composed of red, green and blue, encoded on one byte. The idea is to store information in the firs...

IP-Biter - The Hacker-friendly E-Mail Tracking Framework

IP-Biter is an open source, easy to deploy, tracking framework that generate high configurables and uniques tracking images and links to embed in e-mails, sites or chat systems and visualize, in an hacker-friendly dashboard, high detailed reports of the tracked users who visualize the image or op...

enum4linux - Tool for Enumerating Information from Windows and Samba Systems

A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Enum4linux is a tool for enumerating information from Windows and Samba systems. It is written in Perl and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup. Key features RID...

ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...

Pentest-Tools-Auto-Installer - A Simple Tool For Installing Pentest Tools And Forensic Tools On Debian / Ubuntu Based OS

A Simple tool for installing pentest tools and forensic tools on Debian / Ubuntu Based OS Tested on Linux Mint And Kali Linux I Want To Get This How To Do ?? Change Your Privileges Terminal to Root Mode your@terminal:$ sudo su And Then Clone This your@terminal: git clone...

Vanquish - Kali Linux based Enumeration Orchestrator

Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged f...

HoneypotBuster - Microsoft PowerShell Module to Find HoneyPots and HoneyTokens in the Network

Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. CodeExecution Execute code on a target machine using Import-Module. Invoke-HoneypotBuster HoneypotBuster is a tool designed to spot Honey Tokens, Honey Bread Crumbs...

Pybelt - The Hackers Tool Belt

Pybelt is an open source hackers tool belt complete with: A port scanner SQL injection scanner Dork checker Hash cracker Hash type verification tool Proxy finding tool XSS scanner It is capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching...

PenBox v2.2 - A Penetration Testing Framework (The Hacker's Repo)

A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs. Information Gathering : nmap Setoolkit Port Scanning Host To IP wordpress user enumeration CMS scanner XSStracer - checks remote web servers for Clickjacking,...

Ranger - Tool To Access And Interact With Remote Microsoft Windows Based Systems

A tool to support security professionals access and interact with remote Microsoft Windows based systems. This project was conceptualized with the thought process, we did not invent the bow or the arrow, just a more efficient way of using it. Ranger is a command-line driven attack and penetration...

Ruby-Nmap - A Rubyful interface to the Nmap exploration tool and security / port scanner

A Ruby interface to nmap , the exploration tool and security / port scanner. Features Provides a Ruby interface for running nmap. Provides a Parser for enumerating nmap XML scan files. Examples Run Nmap from Ruby: require 'nmap/program' Nmap::Program.scan do |nmap| nmap.synscan = true...

netool.sh - MitM Pentesting Opensource T00lkit

netool.sh toolkit provides a fast and easy way For new arrivals to IT security pentesting and also to experience users to use allmost all features that the Man-In-The-Middle can provide under local lan, since scanning, sniffing and social engeneering attacks "spear phishing attacks"... DESCRIPTIO...

LINSET - WPA/WPA2 Hack Without Brute Force

How it works Scan the networks. Select network. Capture handshake can be used without handshake We choose one of several web interfaces tailored for me thanks to the collaboration of the users Mounts one FakeAP imitating the original A DHCP server is created on FakeAP It creates a DNS server to...

RCEer - Simple Remote Command Execution scanner

Simple Remote Command Execution scanner written in Python 2.7 Download RCEer...

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

[Zexplo] Penetration Testing Toolkit

Zexplo is a python based Penetration Testing toolkit with simple and cool interface. This first version of Zexplo has 6 enumeration modules for various network scanning operations such as zping, zarpcache, ztcpscan, znmapport etc and 1 exploit filecopa. In addition to this it also has some exciti...

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat, curl, printf...

Raven - CI/CD Security Analyzer

RAVEN Risk Analysis andVulnerability Enumeration for CI/CD is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to identify...

Windiff - Web-based Tool That Allows Comparing Symbol, Type And Syscall Information Of Microsoft Windows Binaries Across Different Versions Of The OS

WinDiff is an open-source web-based tool that allows browsing and comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to include information from the latest Windows updates...

Bread - BIOS Reverse Engineering And Advanced Debugging

BREAD BIOS Reverse Engineering & Advanced Debugging is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code on real HW from another PC via serial cable. Introduction BREAD emerged from many failed attempts to reverse engineer legacy BIOS. Given that the vast majority -- ...

Aws-Waf-Header-Analyzer - The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers

The purpose of the project is to create rate limit in AWS WaF based on HTTP headers. Golang is a dependencie to build the binary. See the documentation to install: https://go.dev/doc/install make sudo make install The rules configuration is very simple, for example, the threshold is the limited o...

PatchaPalooza - A Comprehensive Tool That Provides An Insightful Analysis Of Microsoft's Monthly Security Updates

A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. IF you are interested in seing all this data in a live website, visit: https://patchapalooza.com PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security updat...

Electron_Shell - Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron's Features For Command Injection And Combining It With Remote Control Methods

Electronshell Developing a more covert Remote Access Trojan RAT tool by leveraging Electron's features for command injection and combining it with remote control methods. Read More: AOH 024探索将Shell寄生于Electron程序的自动化实现 Features Supports almost all operating systems mac linux windows Supports almost...

DNSWatch - DNS Traffic Sniffer and Analyzer

DNSWatch is a Python-based tool that allows you to sniff and analyze DNS Domain Name System traffic on your network. It listens to DNS requests and responses and provides insights into the DNS activity. Features Sniff and analyze DNS requests and responses. Display DNS requests with their...

hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

A Linux Bash script to discover the netblocks, or ranges, in CIDR notation owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries RIRs: ARIN North America RIPE Europe/Asia/Middle East...

RedditC2 - Abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.  Disclaimer: Use of this project is for Educational/Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is...

QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems

This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption...

crAPI - Completely Ridiculous API

c ompletely r idiculous API crAPI will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first...

Dumpscan - Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats

Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key PKCS 8/PKCS 1 parsing SymCrypt parsing Supported structures SYMCRYPTRSAKEY - Determines if the key...

Aiodnsbrute - DNS Asynchronous Brute Force Utility

A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It's fast. Benchmarks on small VPS hosts put around 100k DNS resoultions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid...

Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it ca...

DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords

Daily alert when a new domain name is registered and contains your keywords. Description DomainAlerting tool allows you to perform two main actions for educational purposes only: Download newly registered domains Send automatic email alert You can setup a wordlist and be alerted by email when you...

Dive - A Tool For Exploring Each Layer In A Docker Image

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run dive with an image tag/id/digest: dive or if you want to build your image then jump straight into analyzing it: dive build -t . Building on...

Skrull - A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It's a...

ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...

ForgeCert - "Golden" Certificates

ForgeCert uses the BouncyCastle C API and a stolen Certificate Authority CA certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ...

LittleCorporal - A C# Automated Maldoc Generator

LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...

WWWGrep - OWASP Foundation Web Respository

WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused single, multiple file based URLs and recursive with respect to root domain or not searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was...

Link - A Command And Control Framework Written In Rust

link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list...

XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically

Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too Installation Become root sudo su Install Node.js and npm https://www.npmjs.com/get-npm or sudo apt install npm Download this repo files or gi...

ToRat - A Remote Administation Tool Written In Go Using Tor As A Transport Mechanism And RPC For Communication

A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients. How to How to use ToRat Preview Current Features RPC Remote procedure Call based communication for easy addition of new functionallity Automatic upx...

paradoxiaRAT - Native Windows Remote Access Tool

Paradoxia Remote Access Tool. Features Paradoxia Console Feature | Description ---|--- Easy to use | Paradoxia is extremely easy to use, So far the easiest rat! Root Shell | - Automatic Client build | Build Paradoxia Client easily with or without the icon of your choice. Multithreaded |...