6011 matches found
AutoSploit - Automated Mass Exploiter
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of...
Salamandra - Spy Microphone Detection Tool
Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the microphone and the amount of noise and overlapped frequencies. Based on the generated noise it can estimate how close or far away you are from the...
Parrot Security 3.10 - Security Oriented GNU/Linux Distribution
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...
psad - Intrusion Detection and Log Analysis with iptables
The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set o...
ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)
Discover and fingerprint IKE hosts IPsec VPN Servers. Building and Installing ike-scan uses the standard GNU autoconf and automake tools, so installation is the normal process: Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code Run cd ike-scan to enter source...
EggShell - iOS/macOS Remote Administration Tool
EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...
Cansina - Web Content Discovery Tool
Cansina is a Web Content Discovery Application. It is well known Web applications don't publish all their resources or public links, so the only way to discover these resources is requesting for them and check the response. Cansina duty is to help you making requests and filtering the responses t...
ShodanHat - Search For Hosts Info With Shodan
Search For Hosts Info With Shodan. Dependencies You need to install shodan with pip install shodan or easyinstall shodan. You need to install python-nmap with pip install python-nmap. You need to set your API Key in the 'constantes.py' file. Options -h, --help show this help message and exit -i I...
crackle - Crack Bluetooth Smart (BLE) Encryption
crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...
KickThemOut - Kick Devices Off Your Network
A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them off your local area network. Compatible with Python 2.6 & 2.7. Authors: Nikolaos Kamarinakis & David Schütz Installation You can download...
Parrot Security 3.3 - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...
Radium-Keylogger - Python keylogger with multiple features
Python keylogger with multiple features. Features Applications and keystrokes logging Screenshot logging Drive tree structure Logs sending by email Password Recovery for Chrome Mozilla Filezilla Core FTP CyberDuck FTPNavigator WinSCP Outlook Putty Skype Generic Network Cookie stealer Keylogger st...
Limon - Sandbox for Analyzing Linux Malwares
Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...
Wildpwn - Unix Wildcard Attack Tool
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often. First things first! Read: https://www.exploit-db.com/papers/33930/ Basic usage It goes something like...
Parrot OS 3.0 (Lithium) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
EhTrace - Tool for Tracing Execution of Binaries on Windows
Eh'Trace pronounced ATrace is a binary tracing tool for Windows. Implemented in C but has some interesting properties that may make it suitable for tracing binaries when other methods are not sufficient, in particular EhTrace does not require changes to a binary to enable traces, despite being ab...
Litesploit - Library and Intepreter for Penetration Testing Tools
Litesploit is a library and intepreter for penetration testing tools. This includes exploits, tools and litepreter. Litesploit support for Linux like ubuntu or debian, and more distro penetration testing like BackBox and Kali Linux. Platform | Support ---|--- Linux Ubuntu | Yes Linux Debian | Yes...
GEF - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers
GEF is aimed to be used mostly by exploiters and reverse-engineers. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis or exploit development. GEF fully relies on GDB API and other Linux specific source of information such as /proc/pid . A...
Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands
Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly...
Venom - Metasploit Shellcode Generator / Compiler / Listenner
The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python "the python funtion will execute the shellcode in ram" and uses compilers like: gcc gnu cross compiler or...
Phan - Static Analyzer For PHP
Phan is a static analyzer for PHP. Getting it running Phan requires PHP 7+ with the php-ast extension loaded. The code you analyze can be written for any version of PHP. To get phan running; 1. Clone the repo 2. Run composer install to load dependencies 3. Run ./test to run the test suite 4. Test...
Katoolin - Automatically install all Kali Linux tools
Automatically install all Kali linux tools Features Add Kali linux repositories Remove kali linux repositorie Install Kali linux tools Requirements Python 2.7 An operating system tested on Ubuntu Instalation sudo su git clone https://github.com/LionSec/katoolin.git && cp katoolin/katoolin.py...
Snitch - Information Gathering via dorks
Snitch is a tool which automate dorking process for specified domain. Using build-in dork categories, this tool helps gather informations about domain which can be found using search engines. It can be quite useful in early phases of pentest. Examples devil@hell:/snitch/$ python snitch.py // / / ...
Sentry - Bruteforce Attack Blocker (ssh, FTP, SMTP, and more)
Sentry detects and prevents bruteforce attacks against sshd using minimal system resources. SAFE To prevent inadvertant lockouts, Sentry manages a whitelist of IPs that have connected more than 3 times and succeeded at least once. Never again will that forgetful colleague behind the office NAT...
AppUse - Android Pentest Platform Unified Standalone Environment
AppUse Virtual Machine, developed by AppSec Labs, is a unique and free system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools. Faster & More Powerful The system is a blessing to security teams, who from now on can easily...
Android Studio - The official Android IDE
Android Studio is the official IDE for Android application development, based on IntelliJ IDEA. On top of the capabilities you expect from IntelliJ, Android Studio offers: Flexible Gradle-based build system Build variants and multiple apk file generation Code templates to help you build common ap...
Unicorn - Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage is simple, just run Magic...
ProcessThreadsView - View process threads information On Windows
ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. Wh...
[THC-Hydra 7.5] Fast Parallel Network Logon Cracker
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...
[WiFi Password Remover] Wireless (WEP/WPA/WPA2) Password/Profile Removal Software
WiFi Password Remover is the Free software to quickly recover and remove Wireless account passwords stored on your system. For each recovered Wi-Fi account, it displays following details, WiFi Name SSID Security Settings WEP-64/WEP-128/WPA2/AES/TKIP Password Type Password in Hex format Password i...
[Smbexec v2.0] A rapid tool based on psexec style attack with samba tools
A rapid tool based on psexec style attack with samba tools. Key features Enumerate systems with domain admin logged in Grab hashes Extract cached creds based on cachedump Remote Login Validation Dump cleartext credentials Pop shells Includes smbexec.sh installer.sh patches to compile binaries...
[Resolver 1.0.9] Reverse DNS Lookup for a range of IP’s
Resolver is a windows based tool which designed to preform a reverse DNS Lookup for a given IP address or for a range of IP’s in order to find its PTR. Updated to Version 1.0.3 added dns records brute force. Version 1.0.4 added stop button. Features Resolve a single IP address Resolve a C class I...
[ADEL] Android Data Extractor Lite
ADEL which is meant as an abbreviation of “Android Data Extractor Lite ”. ADEL was developed for versions 2.x of Android and is able to automatically dump selected SQLite database files from Android devices and extract the contents stored within the dumped files. In this section we describe the...
[DLink Password Decryptor] Tool to recover the Login Password of D-Link modem/router
DLink Password Decryptor is a free desktop tool to instantly recover the Login Password of D-Link modem/router. If you have lost login authentication password of your D-link modem and you have backup configuration file then you can use this tool to quickly get back your password. It supports dual...
[JSQL v0.3] Java Tool for Automatic Database Injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.2 features: GET, POST, header, cookie methods normal, error based, blind, time based algorithms automatic...
Py-Amsi - Scan Strings Or Files For Malware Using The Windows Antimalware Scan Interface
py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface AMSI API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antiviru...
MaccaroniC2 - A PoC Command And Control Framework That Utilizes The Powerful AsyncSSH
MaccaroniC2 is a proof-of-concept Command and Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration. This tool is inspired for a specific scenario whe...
ICS-Forensics-Tools - Microsoft ICS Forensics Framework
Microsoft ICS Forensics Tools is an open source forensic framework for analyzing Industrial PLC metadata and project files. it enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. open source...
KaliPackergeManager - Kali Packerge Manager
kalipm.sh is a powerful package management tool for Kali Linux that provides a user-friendly menu-based interface to simplify the installation of various packages and tools. It streamlines the process of managing software and enables users to effortlessly install packages from different categorie...
Redeye - A Tool Intended To Help You Manage Your Data During A Pentest Operation
This project was built by pentesters for pentesters. Redeye is a tool intended to help you manage your data during a pentest operation in the most efficient and organized way. The Developers Daniel Arad - @dandanarad && Elad Pticha - @eladpt Overview The Server panel will display all added server...
REcollapse Is A Helper Tool For Black-Box Regex Fuzzing To Bypass Validations And Discover Normalizations In Web Applications
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the REcollapse blog post. The goal of this tool is to...
MacOSThreatTrack - Bash Tool Used For Proactive Detection Of Malicious Activity On macOS Systems
The tool is being tested in the beta phase, and it only gathers MacOS system information at this time. The code is poorly organized and requires significant improvements. Description Bash tool used for proactive detection of malicious activity on macOS systems. I was inspired by Venator-Swift and...
Stegowiper - A Powerful And Flexible Tool To Apply Active Attacks For Disrupting Stegomalware
Over the last 10 years, many threat groups have employed stegomalware or other steganography-based techniques to attack organizations from all sectors and in all regions of the world. Some examples are: APT15/Vixen Panda, APT23/Tropic Trooper, APT29/Cozy Bear, APT32/OceanLotus, APT34/OilRig,...
nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services
nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...
RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check
0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex re...
Findwall - Check If Your Provider Is Blocking You!
FindWall is Python script that allows to understand if your network provider is limiting your access to the Internet by blocking any TCP/UDP port. In order to perform this check FindWall needs to connect a public VPS of your property. FindWall performs the following actions: 1. Connects to the VP...
Lupo - Malware IOC Extractor. Debugging Module For Malware Analysis Automation
Debugging module for Malware Analysis Automation For a step by step post on how to use Lupo, with images and instructions, please see this post: https://medium.com/@vishalthakur/lupo-malware-ioc-extractor-cc86ae76b85d Introduction Working on security incidents that involve malware, we come across...
Uncover - Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine
uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan , censys , and fofa search engine...
LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly
A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag CTF competitions to generate a range of reverse shel...
PurplePanda - Identify Privilege Escalation Paths Within And Across Different Clouds
This tool fetches resources from different cloud/saas applications focusing on permissions in order to identifyprivilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privilegesescalation paths within a platform and across...