6011 matches found
4-ZERO-3 - 403/401 Bypass Methods + Bash Automation
Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple 200 Ok/bypasses as output, you must check the Content-Length. If the content-length is same for multiple 200 Ok/bypasses means false positive. Reason can be...
FakeDataGen - Full Valid Fake Data Generator
FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts in Spanish format with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt...
Nanobrok - Web Service For Control And Protect Your Android Device Remotely
Web Service write in Python for control and protect yourandroid device remotely. The official app can be found on the PlayStore: NanobrokPro Nanobrok Community Overview Nanobrok-Server is powerful opensource webservice for control and protect your android device, written in Python, that allow and...
Crawlergo - A Powerful Browser Crawler For Web Vulnerability Scanners
crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. Th...
Shisho - Lightweight Static Analyzer For Several Programming Languages
Shisho is a lightweight static analyzer for developers. Please seethe usage documentation for further information. Try at Playground You can try Shisho at our playground. Try with Docker You can try shisho in your machine as follows: echo "func testv string int return lenv + 1; " | docker run -i...
FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles
A Cobalt Strike Beacon Object File BOF project which uses direct system calls to enumerate processes for specific modules or process handles. What is this repository for? Use direct systems calls within Beacon Object files to enumerate processes for specific loaded modules e.g. winhttp.dll,...
Ronin - A Ruby Platform For Vulnerability Research And Exploit Development
Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits, Payloads, Scanners, etc, via Repositories. Console Ronin provides users with a powerful Ruby Console, pre-loaded with powerful convenience method...
Nethive-Project - Restructured And Collaborated SIEM And CVSS Infrastructure
The Nethive Project provides a Security Information and Event Management SIEM insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection Detection Server-side XSS Detection based on Chrome's XSS Auditor Post-exploitation Detection powered by Auditbea...
Offering Users More For Their Activity - Similar Items Upon Checkout
The shopping isn't finished once you've purchased your item. If you've ever done shopping online, then you know all about being presented with related items to the one you just purchased. This feature is common for online retail websites and quite useful for both the consumer and the producers. I...
Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing
Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn't hide commands fro...
Business Secure: How AI is Sneaking into our Restaurants
Prior to pandemic days, the restaurant industry talked of computers that might end up taking over their daily responsibilities. They’d joke about how a kiosk can communicate orders to the kitchen, much like they can. Well, now that we live in a global world that will be reluctant to dine with...
GCPBucketBrute - A Script To Enumerate Google Storage Buckets, Determine What Access You Have To Them, And Determine If They Can Be Privilege Escalated
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script optionally accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will th...
AutoMacTC - Automated Mac Forensic Triage Collector
This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for analysis. The output may provide valuable insights for incident response in a macOS environment. Automactc can be run against a live...
Vim.Wasm - Vim Editor Ported To WebAssembly
This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen. Try it with your browser NOTICES Please access from a desktop browser Chrome/Firefox/Safari/Edge. Safari seems the best on macOS. Please avoid slow networks. Your browser wil...
Orbit - Cryptocurrency Wallets Relationship Visualizer
Give it a blockchain based crypto wallet address and it will crawl 3 levels deep in transaction data to plot a graph out of the information. Usage Run orbit.py with python3 as follows python3 orbit.py Enter the wallet address | | | ' | || | | | | Enter a wallet address: xxxxxxxxxxxxxxx Now orbit...
RiskySPN - Detect And Abuse Risky SPNs
RiskySPNs is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs Service Principal Name. This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory. For...
Takeover - SubDomain TakeOver Vulnerability Scanner
Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...
Nipe - A Script To Make TOR Network Your Default Gateway
Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes...
Otseca - Security Auditing Tool To Search And Dump System Configuration
Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...
DCSYNCMonitor - Monitors For DCSYNC And DCSHADOW Attacks And Create Custom Windows Events For These Events
This tool is an application/service that can be deployed on Domain controllers to alert on Domain Controller Syncronization attempts. When an attempt is detected, the tool will write an event to the Windows Event Log. These events can be correlated in a SIEM. In addition, this tool can take a lis...
Apktool - A Tool For Reverse Engineering Android APK Files
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like...
Invoke-Obfuscation - PowerShell Obfuscator
Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. Purpose Attackers and commodity malware have started using extremely basic obfuscation techniques to hide the majority of the command from the command line arguments of powershell.exe. I developed this...
OWASP DependencyCheck - A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration CPE identifier for a given dependency. If found, it will generate a report linking to the associate...
Tunna - Set Of Tools Which Will Wrap And Tunnel Any TCP Communication Over HTTP
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. SUMMARY TLDR: Tunnels TCP connections over HTTP In a fully firewalled inbound and outbound connections restricted - except the...
iOSRestrictionBruteForce - Crack iOS Restriction Passcodes with Python
This version of the application is written with Python programming language,which is used to crack the Restriction PassCode of iphone/ipad. Brute Force 1. Get the Base64 key and salt from the backup file in Computer. 2. Decode the Base64 key and salt. 3. Try from 1 to 9999 to with the...
WhatWaf - Detect And Bypass Web Application Firewalls And Protection Systems
WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass or two for said firewall, on the specified target. Features Ability to run on a single URL with the...
Parrot Security 3.10 - Security Oriented GNU/Linux Distribution
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...
CALDERA - Automated Adversary Emulation System
CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge ATT&CK...
LaZagne v2.2 - Credentials Recovery Project
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...
EvilAbigail - Automated Linux Evil Maid Attack
Automated Linux evil maid attack Scenario Laptop left turned off with FDE turned on Attacker boots from USB/CD/Network Script executes and backdoors initrd User returns to laptop, boots as normal Backdoored initrd loads: Debian/Ubuntu/Kali .so file into /sbin/init on boot, dropping a shell...
Samplicator - Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing
This small program receives UDP datagrams on a given port, and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually for each receiver, which will then only receive one in N of the received packets. INSTALLATION This distribution...
ShellStack - A PHP Based Tool That Helps You To Manage All Your Backdoored Websites Efficiently
ShellStack is a PHP based backdoor management tool. This Tool comes handy for "HACKERS" who wish to keep a track of every website they hack. The tool generates a backdoor file which you just have to upload to the site and put the backdoor URL in the shells.txt present in the tool's directory. Wit...
OpenSnitch - GNU/Linux port of the Little Snitch application firewall
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. Requirements You'll need a GNU/Linux distribution with iptables, NFQUEUE and ftrace kernel support. Install sudo apt-get install build-essential python3-dev python3-setuptools libnetfilter-queue-dev python3-pyqt5 python3-gi...
NSEarch - Nmap Scripting Engine Search
Nsearch, is a tool that helps you to find scripts that are used by nmap nse , you can search the scripts using differents keyword as the name, category and author, even using all the keyword in a single query,it is also possible to see the documentation of the scripts founded. Requeriments $ pip...
Truehunter - Tool to detect TrueCrypt containers
The goal of Truehunter is to detect TrueCrypt containers using a fast and memory efficient approach. It was designed as a PoC some time ago as I couldn't find any open source tool with the same functionality. Installation Just use with Python 2.7, it does not need any additional libraries. usage:...
Sherlock - Tool to find missing Windows patches for Local Privilege Escalation Vulnerabilities
PowerShell script to quickly find missing Microsoft patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page...
Linux Kodachi3 - Secure Open Source Linux Distribution
Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. Kodachi is very easy to use all you have to do is...
OWASP Security Knowledge Framework - An expert system application that uses OWASP Application Security Verification Standard
Security Knowledge Framework is an expert system application that uses OWASP Application Security Verification Standard, code examples, helps developers in pre-development and post-development. Introduction Our experience taught us that the current level of security the current web-applications...
iptodomain - This tool extract domains from IP address based in the information saved in virustotal
This tool allows you to extract domains from a IP range, using the historic information archived in Virustotalusing API key. It is usefull if you want to know what domains are behind of this IP address, for example in bug bounty programs one of the first steps is to extract subdomains, this tool...
Lobotomy - Android Reverse Engineering
Lobotomy is a command line based Android reverse engineering tool. What is in the repo, is currently in development. You should assume nothing works as expected until the official 2.0 release is finished. Version | Development ---|--- Author | Benjamin Watson rotlogix Features Feature | Descripti...
King Phisher 1.5.2 - Phishing Campaign Toolkit
King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...
sudo-snooper - Python script to fool sudo users
sudo-snooper acts like the original sudo binary to fool users into entering their passwords. It will show a fake prompt just like the original to the user to enter their sudo password. This can be useful in penetration tests or security evaluations for testing user knowledge. Installation steps...
Cloakify - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Evade AV Detection
Cloakify Toolset - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type e.g. executables, Office, Zip, images into a list of everyday strings. Ve...
tomcatWarDeployer - Apache Tomcat auto WAR Deployment & Pwning Penetration Testing Tool
tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell...
Parrot OS 3.0 (Lithium) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
Shellsploit - New Generation Exploit Development Kit
Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Install/Uninstall If you want to use Shellsploit, you have to install Capstone first. For the Capstone's installation: root$ sudo pip install...
EhTrace - Tool for Tracing Execution of Binaries on Windows
Eh'Trace pronounced ATrace is a binary tracing tool for Windows. Implemented in C but has some interesting properties that may make it suitable for tracing binaries when other methods are not sufficient, in particular EhTrace does not require changes to a binary to enable traces, despite being ab...
SQLMap - Automatic SQL Injection And Database Takeover Tool
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Smod - MODBUS Penetration Testing Framework
smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x. Feel free to make pull requests, if...
Ares - Python Botnet and Backdoor
Ares is made of two main programs: A Command aNd Control server, which is a Web interface to administer the agents An agent program, which is run on the compromised host, and ensures communication with the CNC The Web interface can be run on any server running Python. You need to install the...