Croc - Easily And Securely Send Things From One Computer To Another

croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool does all of the following: allows any two computers to transfer data using a relay provides end-to-end encryption using PAKE enables easy cross-platform...

DLInjector-GUI - DLL Injector Graphical User Interface

DLInjector for Graphical User Interface. Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. USAGE DLInjector usage a very simple. Firstly, enter the target...

X64Dbg - An Open-Source X64/X32 Debugger For Windows

An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...

ParamSpider - Mining Parameters From Dark Corners Of Web Archives

ParamSpider : Parameter miner for humans. Key Features : Finds parameters from web archives of the entered domain. Finds parameters from subdomains as well. Gives support to exclude urls with specific extensions. Saves the output result in a nice and clean manner. It mines the parameters from web...

Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack

A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll. See our writeup at: https://windows-internals.com/faxing-your-way-to-system/ How to use Build Ualapi.dll and place in c:\windows\system32 Start the Fax service, which will load the DLL and call the export...

TuxResponse - Linux Incident Response

TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems and enable you to triage systems quickly, while not compromising with the results. Usually corporate systems would have some kind of monitoring and control, but...

Ducky-Exploit - Arduino Rubber Ducky Framework

Ducky Exploit is python framework which helps as to code Digispark as Rubber Ducky. This script has been tested on KaliLinux 18.2 Ubuntu 18.04 Windows Works with both Python2 and Python3 Installation Ubuntu and Kali Usage git clone https://github.com/itsmehacker5/Ducky-Exploit.git cd Ducky-Exploi...

Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages

Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...

Nix Auditor - Nix Audit Made Easier (RHEL, CentOS)

CIS Audit made easier RHEL, CentOS Usage: 1. Make it executable 2. Execute it. 3. https://the-infosec.com/2017/03/20/auditing-linux-unix-os-in-120-seconds-flat/ Nix Auditor 2.0: Change Log: Added color variables BLUE, RED, NC NO COLOR and GREEN on lines 210 - 213 Applied color variables to "passe...

TrevorC2 - Command and Control via Legitimate Behavior over HTTP

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 - the client and the server. The client can be...

BruteSpray - Brute-Forcing from Nmap output (Automatically attempts default creds on found services)

BruteSpray takes nmap GNMAP output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Usage First do an nmap scan with '-oA nmap.gnmap'. Command: python brutespray.py -h Example: python...

DblTekGoIPPwn - Tool to check if an IP of a DblTek GoIP is vulnerable to a challenge-response login system, execute remote commands botnet style, and generate responses to challenges

Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host. The Vulnerability On March 2nd, 2017, Trustwave...

PloitKit - The Hacker's ToolBox

PloitKit is a Python based GUI tool designed as one-stop for all other softwares. I was facing these kinds of problem, when I need to switch to different system, or I lost my pen-drive. I have to go to google, and search every tool and download every tool and so on. So I decided to create a tool,...

MSF-Remote-Console - A Remote Msfconsole To Connect To The Msfrcpd Server Of Metasploit

A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to use it locally wi...

dhcpoptinj - DHCP Option Injector

Have you ever wanted to intercept DHCP requests and squeeze in a few extra DHCP options, unbeknownst to the sender? Probably not. However, should the need ever come, dhcpoptinj will hopefully help you. Why There can be many a reason to mangle DHCP requests, although chances are you ought to look...

ArchStrike - Security Layer for Arch Linux

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x8664, ARMv6, and ARMv7. ArchStrike is a penetration testing and security layer on top of Arch Linux. We follow the Arch Linux standards very closely in order to keep our packages clean,...

DET - Data Exfiltration Toolkit

DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service. Slides DET has been presented at BSides Ljubljana on the 9th of March 2016 and the...

SSLyze - Fast And Full-Featured SSL Scanner

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. Key features include: Multi-processed and multi-threaded...

SFTPfuzzer - Simple FTP Fuzzer

SFTPfuzzer Simple FTP Fuzzer is a very simple software written in Python 2.7 by 0x8b30cc, that allows you to easily fuzz username and password field in an FTP Server , looking for a buffer overflow vulnerability. SFTPfuzzer is written in a very simple way, and the code is well commented, allowing...

PyScan-Scanner - Vulnerability Scanner With Custom Payload

REQUIRE urllib2 BeautifulSoup requests START Change database information $bdd = new PDO'mysql:host=localhost;dbname=pyscan', 'user', 'password'; Update a Python gate panelurl = "http://localhost/pyscan/" gatescraper = "cmd/gate.php" gatescanner = "cmd/scan.php" gatevuln = "cmd/vuln.php" gatepaylo...

Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites

Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...

ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network

Decentralized websites using Bitcoin crypto and the BitTorrent network - http://zeronet.io Why? We believe in open, free, and uncensored network and communication. No single point of failure: Site remains online so long as at least 1 peer serving it. No hosting costs: Sites are served by visitors...

AntiCuckoo - A Tool to Detect and Crash Cuckoo Sandbox

A tool to detect and crash Cuckoo Sandbox. Tested in Cuckoo Sandbox Official and Accuvant's Cuckoo version. Features Detection: Cuckoo hooks detection all kind of cuckoo hooks. Suspicius data in own memory without APIs, page per page scanning. Crash Execute with arguments out of a sandbox these...

WAIDPS - Wireless Auditing, Intrusion Detection & Prevention System

WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit penetration testing networks, detect wireless intrusion WEP/WPA/WPS attacks and also intrusion prevention stopping station from associating to access point...

Socat - Multipurpose relay (SOcket CAT)

Socat is a utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices terminal or modem, etc., sockets Unix, IP4, IP6 - raw, UDP, TCP, a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes...

WiFi software Acrylic WiFi Free v2.1 - WiFi analyzer software and WLAN scanner for network analysts

Acrylic WiFi Professional is the best WiFi analyzer software to identify access points and wifi channels, and to analyze and resolve incidences on 802.11a/b/g/n/ac wireless networks in real time. It is a perfect tool for advanced users and professional WiFi network analysts and administrators to...

[Burp Co2] A collection of enhancements for Portswigger's popuplar Burp Suite web penetration testing tool

Co2 includes several useful enhancements bundled into a single Java-based Burp Extension. The extension has it's own configuration tab with multiple sub-tabs for each Co2 module. Modules that interact with other Burp tools can be disabled from within the Co2 configuration tab, so there is no need...

[Mail Password Sniffer] Email Password Recovery and Sniffing Software

Mail Password Sniffer is the free Email Password Sniffing and Recovery Software to recover mail account passwords passing through the network. It automatically detects the Email authentication packets passing through network and decodes the passwords for all Mail Protocols including POP3 , IMAP ,...

[PDFMiner] Python PDF parser and analyzer

PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF...

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat, curl, printf...

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

ST Smart Things Sentinel - Advanced Security Tool To Detect Threats Within The Intricate Protocols utilized By IoT Devices

ST Smart Things Sentinel is an advanced security tool engineered specifically to scrutinize and detect threats within the intricate protocols utilized by IoT Internet of Things devices. In the ever-expanding landscape of connected devices, ST Smart Things Sentinel emerges as a vigilant guardian,...

SwaggerSpy - Automated OSINT On SwaggerHub

SwaggerSpy is a tool designed for automated Open Source Intelligence OSINT on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is...

SharpShares - Multithreaded C# .NET Assembly To Enumerate Accessible Network Shares In A Domain

Multithreaded C .NET Assembly to enumerate accessible network shares in a domain Built upon djhohnstein's SharpShares project .\SharpShares.exe help Usage: SharpShares.exe /threads:50 /ldap:servers /ou:"OU=Special Servers,DC=example,DC=local" /filter:SYSVOL,NETLOGON,IPC$,PRINT$ /verbose...

Uscrapper - Powerful OSINT Webscraper For Personal Data Collection

Introducing Uscrapper 2.0, A powerfull OSINT webscrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames...

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

Metahub - An Automated Contextual Security Findings Enrichment And Impact Evaluation Tool For Vulnerability Management

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context...

Elevationstation - Elevate To SYSTEM Any Way We Can! Metasploit And PSEXEC Getsystem Alternative

Elevation Station Stealing and Duplicating SYSTEM tokens for fun & profit! We duplicate things, make twin copies, and then ride away. You have used Metasploit's getsystem and SysInternals PSEXEC for getting system privs, correct? Well, here's a similar standalone version of that...but without the...

Aws-Waf-Header-Analyzer - The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers

The purpose of the project is to create rate limit in AWS WaF based on HTTP headers. Golang is a dependencie to build the binary. See the documentation to install: https://go.dev/doc/install make sudo make install The rules configuration is very simple, for example, the threshold is the limited o...

Qu1Ckdr0P2 - Quicky Serve Files Over Http Or Https Using Flask

Rapidly host payloads and post-exploitation bins over HTTP or HTTPS. Designed to be used on exams like OSCP / PNPT or CTFs HTB / etc. Pull requests and issues welcome. As are any contributions. Qu1ckdr0p2 comes with an alias and search feature. The tools are located in the qu1ckdr0p2-tools...

Xcrawl3R - A CLI Utility To Recursively Crawl Webpages

xcrawl3r is a command-line interface CLI utility to recursively crawl webpages i.e systematically browse webpages' URLs and follow links to discover linked webpages' URLs. Features Recursively crawls webpages for URLs. Parses URLs from files .js, .json, .xml, .csv, .txt & .map. Parses URLs from...

auditpolCIS - CIS Benchmark Testing Of Windows SIEM Configuration

CIS Benchmark testing of Windows SIEM configuration This is an application for testing the configuration of Windows Audit Policy settings against the CIS Benchmark recommended settings. A few points: The tested system was Windows Server 2019, and the benchmark used was also Windows Server 2019. T...

YATAS - A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that i...

ExchangeFinder - Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version

ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange. ExchangeFinder can identify the exact version of Microsoft Exchange starting from Microsoft Exchange 4.0 to Microsoft Exchange...

autoSSRF - Smart Context-Based SSRF Vulnerabiltiy Scanner

autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSR...

FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...

Pybatfish - Python Client For Batfish (Network Configuration Analysis Tool)

Pybatfish is a Python client for Batfish. What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configuration...

Presshell - Quick And Dirty Wordpress Command Execution Shell

presshell Quick & dirty Wordpress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at /wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to Wordpress and can install plugins...

ICMP-TransferTools - Transfer Files To And From A Windows Host Via ICMP In Restricted Network Environments

ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files, consisting of a python server and powershell client for each transfer direction Download & Upload. The only dependen...