6011 matches found
Whapa - WhatsApp DataBase Parser Tool
Whapa is a whatsapp database parser that automates the process. The main purpose of whapa is to present the data handled by the Sqlite database in a way that is comprehensible to the analyst. The Script is written in Python 2.x The software is divided into three modes: Message Mode : It analyzes...
Crowbar - Brute Forcing Tool (SSH, OpenVPN, RDP, VNC)
Crowbar formally known as Levye is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH...
magicRecon - A Powerful Shell Script To Maximize The Recon And Data Collection Process Of An Objective And Finding Common Vulnerabilities
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats. The new version of MagicRecon has a large number of new too...
Tool-X - A Kali Linux Hacking Tool Installer
What is Tool-X ? Tool-X is a kali linux hacking Tool installer. Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices. In the Tool-X there are almost 240 hacking tools available for termux app and GNURoot Debian...
DNSMonster - Passive DNS Capture/Monitoring Framework
Passive DNS collection and monitoring built with Golang, Clickhouse and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket, and can be used to index and store thousands of DNS queries per second it has shown...
Damn-Vulnerable-Bank - Vulnerable Banking Application For Android
Damn Vulnerable Bank Android Application aims to provide an interface for everyone to get a detailed understanding with internals and security aspects of android application. How to Use Application Clone the repository and run the Backend Server as per instructions in the link. We have released t...
CrossC2 - Generate CobaltStrike's Cross-Platform Payload
A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms Linux / MacOS / ..., supports custom modules, and includes some commonly used penetration modules. Only for internal use by enterprises and organizations, this framework has...
HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities and also aids exploitation by handling cumbersome offset-tweaking for you. Install The...
ReconSpider - Most Advanced Open Source Intelligence (OSINT) Framework For Scanning IP Address, Emails, Websites, Organizations
ReconSpider is most Advanced Open Source Intelligence OSINT Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources. ReconSpider can be used by Infosec Researchers, Penetration Testers, Bug Hunters and Cyber Crime Investigators to find de...
EXOCET - AV-evading, Undetectable, Payload Delivery Tool
EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode Galois/Counter Mode. Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, i...
subjack - Hostile Subdomain Takeover tool written in Go
subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule...
Maigret - OSINT Username Checker. Collect A Dossier On A Person By Username From A Huge Number Of Sites
The Commissioner Jules Maigret is a fictional French police detective, created by Georges Simenon. His investigation method is based on understanding the personality of different people and their interactions. About Purpose of Maigret - collect a dossier on a person by username only , checking fo...
Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams
Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for webcams penetration testing. Getting started Entropy installation cd entropy chmod +x install.sh ./install.sh Entropy uninstallation cd entropy chmod +x uninstall.sh ./uninstall.sh Entro...
GiveMeSecrets - Use Regular Expressions To Get Sensitive Information From A Given Repository (GitHub, Pip Or Npm)
Use regular expressions to get sensitive information from a given repository GitHub, pip or npm. Dependencies You only need to have python 3.6 or higher installed to launch this script. In addition you must have installed in the system git, pip and npm. How to use It's very easy to use, just run...
Tracgram - Use Instagram Location Features To Track An Account
Trackgram Use Instagram location features to track an account Usage At this moment the usage of Trackgram is extremly simple: 1. Download this repository 2. Go through the instalation steps 3. Change the parameters in the tracgram main method directly: + Mandatory: - NICKNAME: your username on...
WiFi Bruteforcer - Android application to brute force WiFi passwords (No Root Required)
WARNING: This project is still under development and by installing the app may misconfigure the Wi-Fi settings of your Android OS, a system restore may be necessary to fix it. Android application to brute force WiFi passwords without requiring a rooted device. Download WiFi Bruteforcer...
Sharperner - Simple Executable Generator With Encrypted Shellcode
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv...
Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail
Cloudcheck is made to be used in the same folder as CloudFail. Make sure all files in this repo are in the same folder before using. Also create a empty text file called none.txt in the data folder, that way it doesn't do a subdomain brute when testing. Cloudcheck will automatically change your...
Fluxion 0.23 - WPA/WPA2 Security Hacked Without Brute Force
Fluxion is a remake of linset by vk496 with hopefully less bugs and more functionality. It's compatible with the latest release of Kali rolling. Latest builds stable and beta can be found here here . If you're new, or just don't understand much about the project, have a look at the wiki . The...
Top 20 Most Popular Hacking Tools in 2020
Although 2020 has been the worst year since 1945, as last year, this year we made a ranking with the most popular tools between January and December 2020. Topics of the tools focus on Phishing, Information Gathering, Android Hacking Tools, Automation Tools,, among others. Without going into furth...
FinalRecon - OSINT Tool For All-In-One Web Reconnaissance
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features FinalRecon provides detailed information such as : Header Information WHOIS SSL Certificate Details Found Flag in SSL Certificate -...
Memcrashed-DDoS-Exploit - DDoS Attack Tool For Sending Forged UDP Packets To Vulnerable Memcached Servers Obtained Using Shodan API
This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io Prerequisites The only thing you need installed is Python 3.x apt-get install python3 You also require to have Scapy and Shodan modules installed pip install scapy pip install shodan Using Shodan API This...
Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...
dnSpy - .NET Debugger And Assembly Editor
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing a...
Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux
Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially...
Sooty - The SOC Analysts All-In-One CLI Tool To Automate And Speed Up Workflow
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty is now proudly...
AES-Killer v3.0 - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
BurpsuitePlugin to decrypt AES Encrypted traffic on the fly. Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses. Bu...
XssPy - Web Application XSS Scanner
XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After that, it starts scanning each and...
LazyCSRF - A More Useful CSRF PoC Generator
LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, this does not suppor...
CloudUnflare - Reconnaissance Real IP Address For Cloudflare Bypass
Reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first. Input your email and password on CompleteDNSLogin variable in cloudunflare.bash. 2. Dependencies Needed curl dig whois Debian Based apt-get install curl...
Nmap 7.70 - Free Security Scanner: Better service and OS detection, 9 new NSE scripts, new Npcap, and much more
Nmap "Network Mapper" is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets...
B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF
Toolkit to detect and keep track on Blind XSS, XXE & SSRF. SETUP Upload the files to your server. Create a Database and upload database.sql file to it. Change the DB Credentials in db.php file. Ready. USAGE BLIND XSS BLIND XXE %ext; SSRF GET /testssrf.php=http://mysite.com/bxssrf/request.php...
Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering
Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools. Slides from the talk can be...
Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions
Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...
WhatWeb v0.5.0 - Next Generation Web Scanner
Developed by Andrew Horton urbanadventurer and Brendan Coles bcoles Latest Release: v0.5.0. June 9th, 2019 License: GPLv2 This product is subject to the terms detailed in the license agreement. For more information about WhatWeb visit: Homepage: https://www.morningstarsecurity.com/research/whatwe...
Gurp - Golang command-line interface to Burp Suite's REST API
Requirements BurpSuite Professional v2.0.0beta or greater from PortSwigger Dependencies go get -u -v github.com/fatih/color go get -u -v github.com/integrii/flaggy go get -u -v github.com/tidwall/gjson go get -u -v github.com/grokify/html-strip-tags-go Binaries Latest version available here...
Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line. Both Linux and macOS is supported, with Windows support 'partially working'. Inspiration for gowitness comes from Eyewitness. If you are looking...
Kirjuri - Web Application For Managing Cases And Physical Forensic Evidence Items
Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large or small! number of...
SSTImap - Automatic SSTI Detection Tool With Interactive Interface
SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection...
Archerysec - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynami...
WiFiPhisher v1.2 - Automated victim-customized phishing attacks against Wi-Fi clients
Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an ea...
Email-Prediction-Asterisks - Script That Allows You To Identify The Emails Hidden Behind Asterisks
Email prediction asterisks is a script that allows you to identify the emails hidden behind asterisks. It is a perfect application for osint analysts and security forces. It allows to intelligently predict, using Intelx leaks, which emails are related to the person we are looking for. It also...
CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux. Download CarbonCopy...
OffensiveRust - Rust Weaponization For Red Team Engagements
My experiments in weaponizing Rust for implant development and general offensive operations. Why Rust? It is faster than languages like C/C++ It is multi-purpose language, bearing excellent communities It has an amazing inbuilt dependency build management called Cargo It is LLVM based which makes...
DNSlivery - Easy Files And Payloads Delivery Over DNS
Easy files and payloads delivery over DNS. Acknowledgments This project has been originally inspired by PowerDNS and Joff Thyer's technical segment on the Paul's Security Weekly podcast 590 youtu.be/CP6cIwFJswQ. Description TL;DR DNSlivery allows delivering files to a target using DNS as the...
mimikatz 2.1.1 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory
Mimikatz is a post-exploitation tool written by Benjamin Delpy gentilkiwi. After the initial exploitation phase, attackers may want to get a firmer foothold on the computer/network. Doing so often requires a set of complementary tools. Mimikatz is an attempt to bundle together some of the most...
ReconCobra - Complete Automated Pentest Framework For Information Gathering
ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options with full automation with powerful information gathering capability In-Action !https://blogger.googleuser...
Virtuailor - IDAPython Tool For Creating Automatic C++ Virtual Tables In IDA Pro
Virtuailor is an IDAPython tool that reconstructs vtables for C++ code written for intel architecture, both 32bit and 64bit code and AArch64 New!. The tool constructed from 2 parts, static and dynamic. The first is the static part, contains the following capabilities: Detects indirect calls. Hook...
Simplify - Generic Android Deobfuscator
Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. Before and...
WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering
WordPress Vulnerability Scanner - Scan for vulnerabilities, version, themes, plugins and much more! WPintel allows you to scan self hosted WordPress sites. With WPintel you can detect the following: Version Version vulnerabilities Plugins Themes Users and much more! Although WPintel is designed f...