6011 matches found
Wotop - Web On Top Of Any Protocol
WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTPS traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic possibly after ...
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...
Sheepl - Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments
Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current...
Ducky-Exploit - Arduino Rubber Ducky Framework
Ducky Exploit is python framework which helps as to code Digispark as Rubber Ducky. This script has been tested on KaliLinux 18.2 Ubuntu 18.04 Windows Works with both Python2 and Python3 Installation Ubuntu and Kali Usage git clone https://github.com/itsmehacker5/Ducky-Exploit.git cd Ducky-Exploi...
Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More
Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...
Nix Auditor - Nix Audit Made Easier (RHEL, CentOS)
CIS Audit made easier RHEL, CentOS Usage: 1. Make it executable 2. Execute it. 3. https://the-infosec.com/2017/03/20/auditing-linux-unix-os-in-120-seconds-flat/ Nix Auditor 2.0: Change Log: Added color variables BLUE, RED, NC NO COLOR and GREEN on lines 210 - 213 Applied color variables to "passe...
ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying
Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...
Pentest-Tools-Auto-Installer - A Simple Tool For Installing Pentest Tools And Forensic Tools On Debian / Ubuntu Based OS
A Simple tool for installing pentest tools and forensic tools on Debian / Ubuntu Based OS Tested on Linux Mint And Kali Linux I Want To Get This How To Do ?? Change Your Privileges Terminal to Root Mode your@terminal:$ sudo su And Then Clone This your@terminal: git clone...
BruteSpray - Brute-Forcing from Nmap output (Automatically attempts default creds on found services)
BruteSpray takes nmap GNMAP output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Usage First do an nmap scan with '-oA nmap.gnmap'. Command: python brutespray.py -h Example: python...
PenBox v2.2 - A Penetration Testing Framework (The Hacker's Repo)
A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs. Information Gathering : nmap Setoolkit Port Scanning Host To IP wordpress user enumeration CMS scanner XSStracer - checks remote web servers for Clickjacking,...
Parrot OS 3.1 (Defcon) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)
Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...
Gitminer - Automatic Search For GitHub
Advanced search tool and automation in Github. This tool aims to facilitate research by code or code snippets on github through the site's search page. MOTIVATION Demonstrates the fragility of trust in public repositories to store codes with sensitive information. REQUERIMENTS argparse requests...
SFTPfuzzer - Simple FTP Fuzzer
SFTPfuzzer Simple FTP Fuzzer is a very simple software written in Python 2.7 by 0x8b30cc, that allows you to easily fuzz username and password field in an FTP Server , looking for a buffer overflow vulnerability. SFTPfuzzer is written in a very simple way, and the code is well commented, allowing...
AntiCuckoo - A Tool to Detect and Crash Cuckoo Sandbox
A tool to detect and crash Cuckoo Sandbox. Tested in Cuckoo Sandbox Official and Accuvant's Cuckoo version. Features Detection: Cuckoo hooks detection all kind of cuckoo hooks. Suspicius data in own memory without APIs, page per page scanning. Crash Execute with arguments out of a sandbox these...
WAIDPS - Wireless Auditing, Intrusion Detection & Prevention System
WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit penetration testing networks, detect wireless intrusion WEP/WPA/WPS attacks and also intrusion prevention stopping station from associating to access point...
Socat - Multipurpose relay (SOcket CAT)
Socat is a utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices terminal or modem, etc., sockets Unix, IP4, IP6 - raw, UDP, TCP, a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes...
RCEer - Simple Remote Command Execution scanner
Simple Remote Command Execution scanner written in Python 2.7 Download RCEer...
Cuckoo Sandbox v1.1 - Automated Malware Analysis
Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Cuckoo generates a handful of differen...
Mylar - Platform for building secure web applications
Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server e.g., an attacker, a curious administrator, or a government can obtain all of the data stored there. Mylar protects data confidentiality even when an attacker gets full...
[Haveged] A simple Entropy Daemon
The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers...
[APKinspector] Powerful GUI tool to analyze the Android applications
The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps: CFG Call Graph Static...
[DotDotPwn v3.0.1] The Directory Traversal Fuzzer
The latest version of DotDotPwn v3.0.1 released. DotDotPwn is a flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. It's written in perl programming language and can be run either unde...
RansomwareSim - A Simulated Ransomware
Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...
Pantheon - Insecure Camera Parser
Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras. Functionalities Pantheon allows users to execute an API crawler. There was original functionality without the use of...
RecycledInjector - Native Syscalls Shellcode Injector
Currently Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails. To remain stealthy and keep entropy on the final...
S4UTomato - Escalate Service Account To LocalSystem Via Kerberos
Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early exploitation techniques of "Potato" are almost identical:...
NTLMRecon - A Tool For Performing Light Brute-Forcing Of HTTP Servers To Identify Commonly Accessible NTLM Authentication Endpoints
NTLMRecon is a Golang version of the original NTLMRecon utility written by Sachin Kamath AKA pwnfoo. NTLMRecon can be leveraged to perform brute forcing against a targeted webserver to identify common application endpoints supporting NTLM authentication. This includes endpoints such as the Exchan...
hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization
A Linux Bash script to discover the netblocks, or ranges, in CIDR notation owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries RIRs: ARIN North America RIPE Europe/Asia/Middle East...
QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems
This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption...
Monomorph - MD5-Monomorphic Shellcode Packer - All Payloads Have The Same MD5 Hash
════════════════════════════════════╦═══ ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗ ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩ ╠═╝═╩ ╩═ ════════════════════════════════╩═══════ By Retr0id ═══ MD5-Monomorphic Shellcode Packer ═ ══ USAGE: python3 monomorph.py inputfile outputfile payloadfile What does it do? It...
YATAS - A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration
Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that i...
Octosuite - Advanced Github OSINT Framework
A framework fro gathering osint on GitHub users, repositories and organizations Wiki Refer to the Wiki for installation instructions, in addition to all other documentation. Features Fetches an organization's profile information Fetches an oganization's events Returns an organization's repositori...
autoSSRF - Smart Context-Based SSRF Vulnerabiltiy Scanner
autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSR...
TeamFiltration - Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally...
Nim-RunPE - A Nim Implementation Of Reflective PE-Loading From Memory
A Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory - which I ported to Nim. You'll need to install the following dependencies: nimble install ptrmath winim I did test this with Nim Version 1.6.2 only, so use that version for testing or...
Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory
Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...
Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers
A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...
Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations
Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...
Jfscan - A Super Fast And Customisable Port Scanner, Based On Masscan And NMap
Killing features Scan with nmap fast! Allows you to scan targets with Masscan and run Nmap on discovered ports with possibility of custom options. Nmap on steroids. Allows to scan targets in multiple formats. Can output results in domain:port format. Works in stdin/stdout mode, so you can pipe...
Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc
Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...
DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords
Daily alert when a new domain name is registered and contains your keywords. Description DomainAlerting tool allows you to perform two main actions for educational purposes only: Download newly registered domains Send automatic email alert You can setup a wordlist and be alerted by email when you...
Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc
Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scyll...
Skrull - A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It's a...
ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...
LittleCorporal - A C# Automated Maldoc Generator
LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...
Red-Shadow - Lightspin AWS IAM Vulnerability Scanner
Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups discovered by Lightspin's Security Research Team. The tool detects the misconfigurations in the following IAM Objects: Managed Policies Users Inline Policies Groups Inli...
InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool
InveighZero is a C LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features elevated admin...
XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically
Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too Installation Become root sudo su Install Node.js and npm https://www.npmjs.com/get-npm or sudo apt install npm Download this repo files or gi...
RadareEye - A Tool Made For Specially Scanning Nearby devices [BLE, Bluetooth And Wifi] And Execute Our Given Command On Our System When The Target Device Comes In-Between Range
A tool made for speciallyscanning nearby devicesBLE,Bluetooth & Wifi and execute our given command on our system when the target device comes in between range. NOTE:- RadareEye Owner will be not responsible if any user performs malicious activities using this tool. Use it for Learning purpose onl...