6011 matches found
Croc - Easily And Securely Send Things From One Computer To Another
croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool does all of the following: allows any two computers to transfer data using a relay provides end-to-end encryption using PAKE enables easy cross-platform...
Anchore Engine - A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification
For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore Documentation The Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore...
ezEmu - Simple Execution Of Commands For Defensive Tuning/Research
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...
Steganographer - Hide Files Or Data In Image Files
This Module will hide files inside images currenlty PNG and export the modified image to disk The maximum size of file which can be hidden inside an image depends on the dimension of the image. maxfilesize = heightofimage widthofimage 6 / 8 bytes '100k words.txt' is hidden in 'originalimage.png'...
X64Dbg - An Open-Source X64/X32 Debugger For Windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...
Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots
Give those screenshots of yours a quick eyeballing. Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal EyeWitness or GoWitness and then run the...
Lynis 2.6.7 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages
Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...
iOSRestrictionBruteForce v2.1.0 - Crack iOS Restriction Passcodes With Python
This version of the application is written in Python, which is used to crack the restriction passcode of an iPhone/iPad takes advantage of a flaw in unencrypted backups allowing the hash and salt to be discovered. DEPENDENCIES This has been tested with Python 2.7 and Python 3.6 Requires Passlib...
Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers
Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...
Airpydump - Analyze Wireless Packets On The Fly. Currently Supporting Three Working Modes (Reader, Live, Stealth)
Analyze Wireless Packets on the fly. Currently supporting three working Modes Reader, Live, Stealth Description airpydump is a wireless packet analyzer, providing the interface most likely that of airodump-ng from aircrack suite. It currently provides three working modes which are Reader, Stealth...
Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser
Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...
TrevorC2 - Command and Control via Legitimate Behavior over HTTP
TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 - the client and the server. The client can be...
wig - WebApp Information Gatherer
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score being...
OWASP ZAP 2.6.0 - Penetration Testing Tool for Testing Web Applications
The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...
Viproy - VoIP Penetration Testing and Exploitation Kit
Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support,...
OWASP Security Shepherd - Web And Mobile Application Security Training Platform
The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...
mitmAP - Simple Tool to Create a Fake AP and Sniff Data
| / \ | \ | | / /\ | |/ / | ' | | | ' | || / | | | | | | | || | | | | | | | || | || || ||||| || || |/| 2.1 A python program to create a fake AP and sniff data. new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Features: SSLstrip2 Driftnet...
Hijacker - Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an android device with a wireless adapter that...
Auto_EAP - Automated Brute-Force Login Attacks Against EAP Networks
AutoEAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Director...
DMitry - Deepmagic Information Gathering Tool
DMitry Deepmagic Information Gathering Tool is a UNIX/GNULinux Command Line Application coded in C language. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan,...
WifiChannelMonitor - Monitor APs and Wifi clients on selected channel (Monitor Mode) for Window
WifiChannelMonitor is a utility for Windows that captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver in monitor mode, and displays extensive information about access points and the wifi clients connected to them. WifiChannelMonitor also allows you to vi...
PenQ - The Security Testing Browser Bundle
PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and many more. PenQ is not just ...
SSLyze - Fast And Full-Featured SSL Scanner
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. Key features include: Multi-processed and multi-threaded...
PyScan-Scanner - Vulnerability Scanner With Custom Payload
REQUIRE urllib2 BeautifulSoup requests START Change database information $bdd = new PDO'mysql:host=localhost;dbname=pyscan', 'user', 'password'; Update a Python gate panelurl = "http://localhost/pyscan/" gatescraper = "cmd/gate.php" gatescanner = "cmd/scan.php" gatevuln = "cmd/vuln.php" gatepaylo...
Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites
Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...
ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network
Decentralized websites using Bitcoin crypto and the BitTorrent network - http://zeronet.io Why? We believe in open, free, and uncensored network and communication. No single point of failure: Site remains online so long as at least 1 peer serving it. No hosting costs: Sites are served by visitors...
Woodpecker hash Bruteforce - Multithreaded program to perform a brute-force attack against a hash
Woodpecker hash Bruteforce is a fast and easy-to-use multithreaded program to perform a brute-force attack against a hash. It supports many common hashing algorithms such as md5, sha1, etc. It runs on Windows and Mac OS. You can use dictionary, alphabet-based or random bruteforce. Here you can...
SubBrute - Subdomain Bruteforcer
SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting https://www.us-cert.gov/ncas/alerts/TA13-088A. This desig...
Instant PDF Password Remover v3.5 - Free PDF Password & Restrictions Removal Tool
Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc. Often we receive password protected PDF documents in the form of mobile...
[Responder] a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server
Responder is a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. This tool is first an LLMNR and NBT-NS responder, it will answer to specific NBT-NS NetBIOS Name...
[Watcher] passive Web-security scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
[SSLDigger v1.02] Tool to assess the strength of SSL
SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure. Features: full Browser Support using Microsoft Internet Explorer Browser Control support for operating the tool in batch modefor operating on multiple...
[Dradis Pro v1.7] Framework to enable effective information sharing
Dradis Pro is framework to enable effective information sharing, specially during security assessments. Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead. Changelog v1.7 This is the...
36 Windows Tools For Penetration Testing
Most penetration testers are using either a Mac or a Linux-based platform in order to perform their penetration testing activities.However it is always a good practice to have and a Windows virtual machine with some tools ready to be used for the engagement.The reason for this is that although...
Gtfocli - GTFO Command Line Interface For Easy Binaries Search Commands That Can Be Used To Bypass Local Security Restrictions In Misconfigured Systems
GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in misconfigured systems. Installation Using go: go install github.com/cmd-tools/gtfocli@latest Using homebrew: brew tap cmd-tools/homebrew-tap brew install gtfocli Using...
Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes
Find authentication authn and authorization authz security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue: 2021 OWASP Top 10 1 - Broken...
Linpmem - A Physical Memory Acquisition Tool For Linux
Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any physical address, including reserved memory and memory holes , but it can also be used for normal memory dumping. Furthermore, the driver offers a variety of access modes to...
Kali Linux 2023.4 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2023.4. This release has various impressive updates. The summary of the changelog since the 2023.3 release from August is: Cloud ARM64 - Now marketplaces on Amazon AWS and Microsoft Azure have ARM64 option Vagrant Hyper-V - Our Vagrant offering...
Pyxamstore - Python Utility For Parsing Xamarin AssemblyStore Blob Files
This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and repackaging assemblies.blob and assemblies.manifest Xamarin files from an APK. Installing Run the installer script: python setup.py install You can then use the tool by calling...
Promptmap - Automatically Tests Prompt Injection Attacks On ChatGPT Instances
Prompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance. By injecting malicious prompts into the system, an attacker can force the ChatGPT instance to do unintended actions. promptmap is a tool that automatically tests prompt...
AD_Enumeration_Hunt - Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment
Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory AD penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer...
Wallet-Transaction-Monitor - This Script Monitors A Bitcoin Wallet Address And Notifies The User When There Are Changes In The Balance Or New Transactions
This script monitors a Bitcoin wallet address and notifies the user when there are changes in the balance or new transactions. It provides real-time updates on incoming and outgoing transactions, along with the corresponding amounts and timestamps. Additionally, it can play a sound notification o...
MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD
MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...
auditpolCIS - CIS Benchmark Testing Of Windows SIEM Configuration
CIS Benchmark testing of Windows SIEM configuration This is an application for testing the configuration of Windows Audit Policy settings against the CIS Benchmark recommended settings. A few points: The tested system was Windows Server 2019, and the benchmark used was also Windows Server 2019. T...
SilentMoonwalk - PoC Implementation Of A Fully Dynamic Call Stack Spoofer
PoC Implementation of a fully dynamic call stack spoofer TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from control flow. Authors This PoC is the...
Ator - Authentication Token Obtain and Replace Extender
The plugin is created to help automated scanning using Burp in the following scenarios: 1. Access/Refresh token 2. Token replacement in XML,JSON body 3. Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become...
Graphicator - A GraphQL Enumeration And Extraction Tool
Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...
Invoke-Transfer - PowerShell Clipboard Data Transfer
Invoke-Transfer Invoke-Transfer is a PowerShell Clipboard Data Transfer. This tool helps you to send files in highly restricted environments such as Citrix, RDP, VNC, Guacamole.. using the clipboard function. As long as you can send text through the clipboard, you can send files in text format, i...
Popeye - A Kubernetes Cluster Resource Sanitizer
Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects...