6011 matches found
KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output
Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a list of legacy Skype users identified through Microsoft Teams enumeration. Finally, it also creates a nice clean list for future usage, all conduct...
Mantra - A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
The tool in question was created in Go and its main objective is to search for API keys in JavaScript files and HTML pages. It works by checking the source code of web pages and script files for strings that are identical or similar to API keys. These keys are often used for authentication to...
Certwatcher - Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL
CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze websites using regular expression patterns and is designed for ease of use by security professionals and researchers. Certwatcher continuously monitors the...
MSI Dump - A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could...
Utkuici - Nessus Automation
Today, with the spread of information technology systems, investments in the field of cyber security have increased to a great extent. Vulnerability management, penetration tests and various analyzes are carried out to accurately determine how much our institutions can be affected by cyber threat...
SharpImpersonation - A User Impersonation Tool - Via Token Or Shellcode Injection
This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from: https://github.com/0xbadjuju/Tokenvator A blog post for the intruduction can be foun...
Aiodnsbrute - DNS Asynchronous Brute Force Utility
A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It's fast. Benchmarks on small VPS hosts put around 100k DNS resoultions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid...
Authcov - Web App Authorisation Coverage Scanning
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...
Zi - A Swiss Army Knife for Zsh - Unix Shell
A Swiss Army Knife for Zsh - Unix Shell. Roadmap See the open issues for a list of proposed features and known issues. Top Feature Requests Add your votes using the reaction Top issues Add your votes using the reaction Newest issues Contributing First off, thanks for taking the time to...
KrbRelay - Framework For Kerberos Relaying
Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html This should be working on most fully patched Windows systems. There may ...
Octosuite - Advanced Github OSINT Framework
Simply gatherOSINT on Github users and organizations like a god FEATURES Fetches organization info Fetches user info Fetches repository info Returns contents of a path from a repository Returns a list of repos owned by an organization Returns a list of repos owned by a user Returns a list of...
FastFinder - Incident Response - Fast Suspicious File Finder
FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias: file path / name md5 / sha1 / sha256 checksum simple string content match complex...
Nuclei-Burp-Plugin - Nuclei Plugin For BurpSuite
A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are...
IOC Scraper - A Fast And Reliable Service That Enables You To Extract IOCs And Intelligence From Different Data Sources
IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs. Whitelist...
truffleHog - Searches Through Git Repositories For High Entropy Strings And Secrets, Digging Deep Into Commit History
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. Join The Slack Have questions? Feedback? Jump in slack and hang out with me...
Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP And Wiretap A Network
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...
SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner
SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...
Reconky - A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It
Reconky is a script written in bash to automate the task of recon and information gathering.This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Usage ./reconky.sh Main-Features It will Gathers Subdomains wi...
Zuthaka - An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools
A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2. Explore the docs » About the project Problem Statement The current C2s ecosystem has rapidly grown in order to adapt to modern red team...
PEzor - Open-Source Shellcode And PE Packer
Read the blog posts here: https://iwantmore.pizza/posts/PEzor.html https://iwantmore.pizza/posts/PEzor2.html https://iwantmore.pizza/posts/PEzor3.html https://iwantmore.pizza/posts/PEzor4.html Installation The install.sh is designed to work on a Kali Linux distro. ---------------- \ / \ //\ \ |/|...
ThreatMapper - Identify Vulnerabilities In Running Containers, Images, Hosts And Repositories
The Deepfence Runtime Threat Mapper is a subset of the Deepfence cloud native workload protection platform, released as a community edition. This community edition empowers the users with following features: 1. Visualization: Visualize kubernetes clusters, virtual machines, containers and images,...
Octopus WAF - Web Application Firewall Made In C Language And Use Libevent
OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections. First step Instal lib-pcre, if you use RPM based distros search pcre-devel package, in BSD based search in ports or brew... Need libevent-dev, on RPM distros libevent-devel,...
PowerShell-Red-Team - Collection Of PowerShell Functions A Red Teamer May Use To Collect Data From A Machine
Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for the commands that are included in the RedTeamEnum module. This will allow you to easily find and use only one command if that is all you want. If you want the...
SSJ - Your Everyday Linux Distribution Gone Super Saiyan
SSJ is s silly little script that relies on docker installed on your everyday Linux distribution Ubuntu, Debian, etc. and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance as containers utilize the host kernel and thus is a...
Simple-Live-Data-Collection - Simple Live Data Collection Tool
How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd server python main.py Admin cd...
Enum4Linux - A Linux Alternative To Enum.Exe For Enumerating Data From Windows And Samba Hosts
A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com. It is written in Perl and is basical...
Safety - Check Your Installed Dependencies For Known Security Vulnerabilities
Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but can be upgraded to use pyup.io's Safety API using the --key option. Installation Install safety with pip. Keep in mind that we support only Python...
Server Side Template Injection Payloads
Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template...
DroidTracker - Script To Generate An Android App To Track Location In Real Time
Script to generate an Android App to track location in real time Features: Custom App Name 2 Port Forwarding options Ngrok or using SSH Tunneling with Serveo.net Obfuscated URL by Tinyurl Fully Undetectable Legal disclaimer: Usage of DroidTracker for attacking targets without prior mutual consent...
PivotSuite - A Network Pivoting Toolkit
PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. PivotSuite as a Server : If the...
SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed
Small IoT Internet of Things to notify users via Twitter, whenever someone accesses their laptop. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on Linux. The purpose of this application is to warn the user via various...
Faraday v3.2 - Collaborative Penetration Test and Vulnerability Management Platform
Here is a list of all the goodies in Faraday v3.2: Workspace names- with numbers! With this new version, workspaces’ names are now allowed to start with numbers before they could only start with letters. Search unconfirmed vulns In this version was added the filter to be able to show unconfirmed...
Cangibrina v0.8.7 - A Fast And Powerfull Dashboard (Admin) Finder
Dashboard Finder Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap --nmap TOR --tor Install: Linux git clone...
Trackerjacker - Like Nmap For Mapping Wifi Networks You'Re Not Connected To, Plus Device Tracking
Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring. PyPI page: https://pypi.python.org/pypi/trackerjacker Install pip3 install trackerjacker Supported platforms : Linux tested on Ubuntu, Kali, and RPi and macOS...
MSDAT - Microsoft SQL Database Attacking Tool
MSDAT M icros oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...
Fi6S - IPv6 Network Scanner Designed To Be Fast
fi6s is a IPv6 port scanner designed to be fast. This is achieved by sending and processing raw packets asynchronously. The design and goal is pretty similar to Masscan, though it is not as full-featured yet. Building Building should be fairly easy on up-to-date distros. On Ubuntu 16.04 xenial it...
Envizon - Network Visualization Tool With Focus On Red / Blue Team Requirements
This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, 'envizon'. We hope your feedback will help to improve and hone i...
IP-Biter - The Hacker-friendly E-Mail Tracking Framework
IP-Biter is an open source, easy to deploy, tracking framework that generate high configurables and uniques tracking images and links to embed in e-mails, sites or chat systems and visualize, in an hacker-friendly dashboard, high detailed reports of the tracked users who visualize the image or op...
RedSnarf - A Pen-Testing / Red-Teaming Tool For Windows Environments
RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf functionality includes: Retrieval of local SAM hashes Enumeration of user/s running with elevated syste...
Pybelt - The Hackers Tool Belt
Pybelt is an open source hackers tool belt complete with: A port scanner SQL injection scanner Dork checker Hash cracker Hash type verification tool Proxy finding tool XSS scanner It is capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching...
Fluxion - WPA/WPA2 Security Hacked Without Brute Force
Fluxion is a remake of linset by vk496 with less bugs and more features. It's compatible with the latest release of Kali Rolling. Latest builds stable and beta HERE . If you new, please start reading the wiki Fluxion GUI How it works Scan the networks. Capture a handshake can't be used without a...
dhcpoptinj - DHCP Option Injector
Have you ever wanted to intercept DHCP requests and squeeze in a few extra DHCP options, unbeknownst to the sender? Probably not. However, should the need ever come, dhcpoptinj will hopefully help you. Why There can be many a reason to mangle DHCP requests, although chances are you ought to look...
Raptor WAF v0.2 - Web Application Firewall using DFA
Raptor WAF is a simple web application firewall made in C, using KISS principle, to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal. No more words, look at the following : WAF...
ArchStrike - Security Layer for Arch Linux
An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x8664, ARMv6, and ARMv7. ArchStrike is a penetration testing and security layer on top of Arch Linux. We follow the Arch Linux standards very closely in order to keep our packages clean,...
Faraday v1.0.20 - Collaborative Penetration Test and Vulnerability Management Platform
Faraday introduces a new concept - IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. A brand new Faraday version is ready! Faraday v1.0.20 Community, Pro &...
HostedNetworkStarter - Wifi Hotspot Creator for Windows 10/8/7
HostedNetworkStarter is a simple tool for Windows 7 and later that allows you to easily create a wifi hotspot with your wireless network adapter, using the Wifi hosted network feature of Windows operating system. With the wifi hotspot created by this tool, you can allow any device with wifi suppo...
Ranger - Tool To Access And Interact With Remote Microsoft Windows Based Systems
A tool to support security professionals access and interact with remote Microsoft Windows based systems. This project was conceptualized with the thought process, we did not invent the bow or the arrow, just a more efficient way of using it. Ranger is a command-line driven attack and penetration...
Ruby-Nmap - A Rubyful interface to the Nmap exploration tool and security / port scanner
A Ruby interface to nmap , the exploration tool and security / port scanner. Features Provides a Ruby interface for running nmap. Provides a Parser for enumerating nmap XML scan files. Examples Run Nmap from Ruby: require 'nmap/program' Nmap::Program.scan do |nmap| nmap.synscan = true...
BruteX - Automatically Brute Force all Services Running on a Target
Automatically brute force all services running on a target including: Open ports DNS domains Web files Web directories Usernames Passwords USAGE ./brutex target DEPENDENCIES NMap Hydra Wfuzz SNMPWalk DNSDict To brute force multiple hosts, use brutex-massscan and include the IP's/hostnames to scan...
LINSET - WPA/WPA2 Hack Without Brute Force
How it works Scan the networks. Select network. Capture handshake can be used without handshake We choose one of several web interfaces tailored for me thanks to the collaboration of the users Mounts one FakeAP imitating the original A DHCP server is created on FakeAP It creates a DNS server to...