6011 matches found
BSF - Botnet Simulation Framework
BSF provides a discrete simulation environment to implement and extend peer-to-peer botnets, tweak their settings and allow defenders to evaluate monitoring and countermeasures. Synopsis In the arms race between botmasters and defenders, the botmasters have the upper hand, as defenders have to...
Fsociety - A Modular Penetration Testing Framework
Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety -h -i -s A Penetration Testing Framework optional arguments: -h, --help show this help message and exit -i, --info gets fsociety info -s, --suggest suggest a tool Develop git clone...
AutoMacTC - Automated Mac Forensic Triage Collector
This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for analysis. The output may provide valuable insights for incident response in a macOS environment. Automactc can be run against a live...
Orbit - Cryptocurrency Wallets Relationship Visualizer
Give it a blockchain based crypto wallet address and it will crawl 3 levels deep in transaction data to plot a graph out of the information. Usage Run orbit.py with python3 as follows python3 orbit.py Enter the wallet address | | | ' | || | | | | Enter a wallet address: xxxxxxxxxxxxxxx Now orbit...
SubOver v1.1.1 - A Powerful Subdomain Takeover Tool
Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it's redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang...
Nipe - A Script To Make TOR Network Your Default Gateway
Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes...
Prowler - Distributed Network Vulnerability Scanner
Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon - HackSmith v1.0. Capabilities Scan a network a particular subnet or a list of IP addresses for all IP addresses associated with active network devices...
Galileo - Web Application Audit Framework
Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. Installation $ git clone https://github.com/m4ll0k/Galileo.git galileo $ cd galileo Install requirements $ pip...
Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser
Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...
Lynis 2.6.2 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...
BruteSpray v1.6.0 - Brute-Forcing from Nmap output (Automatically attempts default creds on found services)
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Installation pip install -r requirements.txt On Kali: apt-get install brutespray Usage First do an nmap...
OWASP ZSC - Shellcode/Obfuscate Code Generator
OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python. Usage of shellcodes Shellcodes are small codes in Assembly language which could be used as...
ShellStack - A PHP Based Tool That Helps You To Manage All Your Backdoored Websites Efficiently
ShellStack is a PHP based backdoor management tool. This Tool comes handy for "HACKERS" who wish to keep a track of every website they hack. The tool generates a backdoor file which you just have to upload to the site and put the backdoor URL in the shells.txt present in the tool's directory. Wit...
Sherlock - Tool to find missing Windows patches for Local Privilege Escalation Vulnerabilities
PowerShell script to quickly find missing Microsoft patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page...
Snuck - Automatic XSS filter bypass
snuck is an automated tool that can definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection reflection context and relies on ...
WinMACSpoofer - Windows Tool For Spoofing The Mac Address
Windows application for spoofing the MAC address and host name. Usage The program must be run in "administrator mode" for the functions to work properly 1. Set a new Random MAC address Press the randomize button to generate a random MAC address Click the random radio button and hit "Set New Mac" ...
sudo-snooper - Python script to fool sudo users
sudo-snooper acts like the original sudo binary to fool users into entering their passwords. It will show a fake prompt just like the original to the user to enter their sudo password. This can be useful in penetration tests or security evaluations for testing user knowledge. Installation steps...
Cloakify - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Evade AV Detection
Cloakify Toolset - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type e.g. executables, Office, Zip, images into a list of everyday strings. Ve...
Parrot OS 3.1 (Defcon) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
tomcatWarDeployer - Apache Tomcat auto WAR Deployment & Pwning Penetration Testing Tool
tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell...
Parrot OS 3.0 (Lithium) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
Weeman v1.7 - HTTP Server for Phishing
HTTP server for phishing in python. and framework Usually you will want to run Weeman with DNS spoof attack. see dsniff, ettercap. Press 1.7 - is out 25-03-2016 Added profiles Weeman framework 0.1 is out !!! Added command line options. Beautifulsoup dependency removed. Weeman will do the followin...
Xiaopan OS - Pentesting Distribution for Wireless Security Enthusiasts
Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced tools to penetrate wireless networks. Based on the Tiny Core Linux TCL operating system OS, it has a slick graphical user interface GUI requiring no need for typing Linux commands. Xiaopan O...
Speedtest - Command Line Interface for Testing Internet Bandwidth
speedtest-cli is a command line interface for testing internet bandwidth using speedtest.net Installation pip / easyinstall pip install speedtest-cli or easyinstall speedtest-cli Github pip install git+https://github.com/sivel/speedtest-cli.git or git clone...
FireMasterCracker - Firefox Master Password Cracking Software
FireMasterCracker is the FREE software to Crack the Firefox Master Password. It is the GUI Version of FireMaster, FIRST ever tool to recover the lost Master Password of Firefox. Firefox browser uses Master password to protect the stored login passwords for all visited websites. If the master...
SubDomain Analyzer - Get detailed information of a domain
The "SubDomain Analyzer" tool written in Python language. The purpose of "SubDomain Analyzer" getting full detailed information of selected domain. The "SubDomain Analyzer" gets data from domain by following steps: 1. Trying to get the zone tranfer file. 2. Gathers all information from DNS record...
SQLMAP-Web-GUI - Web GUI to drive near full functionality of SQLMAP
PHP Frontend to work with the SQLMAP JSON API Server sqlmapapi.py to allow for a Web GUI to drive near full functionality of SQLMAP! Here is a few quick videos to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI. Demo against: Windows 2003...
AppUse - Android Pentest Platform Unified Standalone Environment
AppUse Virtual Machine, developed by AppSec Labs, is a unique and free system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools. Faster & More Powerful The system is a blessing to security teams, who from now on can easily...
zANTI 2.0 - Android Network Toolkit
zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to...
SmartSPLAT - Tool to troubleshoot Checkpoint firewall issues and perform management tasks
Smart SPLAT is a freeware software to troubleshoot Checkpoint firewall issues and perform management tasks. It periodically checks for an update and when a new release is published, updates itself via the SmartSPLAT web site. SmartSPLAT lets you connect to your firewall via secure channel SSH...
[AdwCleaner] Removal Tool for Adware, Toolbars and Hijacker
AdwCleaner is a free removal tool for : Adware ads softwares PUP/LPI Potentially Undesirable Program Toolbars Hijacker Hijack of the browser's homepage It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall". It's compatible with Windows XP, Vista, 7, 8, 8....
[Nsdtool] Toolset of scripts used to detect netgear switches in local networks
Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP Netgear Switch Discovery Protocol, which is implemented to support security tests on the...
[XSS Shell] XSS Backdoor and Zombie Manager
XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by βXSS-Proxy β http://xss-proxy.sourceforge.net/β. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page...
[THC-Hydra v7.6] Fast Parallel Network Logon Cracker
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...
[NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage
What is NoSQLMap? NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to...
[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)
ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan can perform the following functions: Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by...
[HashTag] Password Hash Type Identification (Identify Hashes)
HashTag.py is a Python script written to parse and identify the password hash type used. HashTag supports the identification of over 250 hash types along with matching them to over 110 hashcat modes use the command line switch -hc to output the hashcat modes. It is also able to identify a single...
[THC-Hydra v7.5] Fast network logon cracker
CHANGELOG for 7.5 =================== Moved the license from GPLv3 to AGPLv3 see LICENSE file Added module for Asterisk Call Manager Added support for Android where some functions are not available hydra main: - reduced the screen output if run without -h, full screen with -h - fix for ipv6 and...
[SpiderFoot v2.0] The Open Source Footprinting tool
SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...
[Hash Kracker Console] Tool to find out the password from the Hash
Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash. Currently it supports password recovery from following popular Hash types MD5 SHA1 SHA256 SHA384 SHA512 Also it offers 4 types of Password Recovery methods based on the complexity of password Dictiona...
[WS_FTP Password Decryptor] Recover FTP login passwords stored by WS_FTP
WSFTP Password Decryptor is the FREE software to instantly recover FTP login passwords stored by WSFTP - one of the popular FTP client application. WSFTP stores the password for all the past FTP sessions in the "wsftp.ini" file so that user don't have to enter it every time. WSFTP Password...
Telegram-Story-Scraper - A Python Script That Allows You To Automatically Scrape And Download Stories From Your Telegram Friends
A Python script that allows you to automatically scrape and download stories from your Telegram friends using the Telethon library. The script continuously monitors and saves both photos and videos from stories, along with their metadata. Important Note About Story Access β οΈ Due to Telegram API...
Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions
This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT currently working on implementing this for RPM and other package managers. This is...
CloudRecon - Finding assets from certificates
CloudRecon Finding assets from certificates! Scan the web! Tool presented @DEFCON 31 Install You must have CGO enabled, and may have to install gcc to run CloudRecon sudo apt install gcc go install github.com/g0ldencybersec/CloudRecon@latest Description CloudRecon CloudRecon is a suite of tools f...
Nysm - A Stealth Post-Exploitation Container
A stealth post-exploitation container. Introduction With the raise in popularity of offensive tools based on eBPF, going from credential stealers to rootkits hiding their own PID, a question came to our mind: Would it be possible to make eBPFinvisible in its own eyes? From there, we created nysm,...
Py-Amsi - Scan Strings Or Files For Malware Using The Windows Antimalware Scan Interface
py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface AMSI API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antiviru...
NimExec - Fileless Command Execution For Lateral Movement In Nim
Basically, NimExec is a fileless remote command execution tool that uses The Service Control Manager Remote Protocol MS-SCMR. It changes the binary path of a random or given service run by LocalSystem to execute the given command on the target and restores it later via hand-crafted RPC packets...
Padre - Blazing Fast, Advanced Padding Oracle Exploit
padre is an advanced exploiter for Padding Oracle attacks against CBC mode encryption Features: blazing fast, concurrent implementation decryption of tokens encryption of arbitrary data automatic fingerprinting of padding oracles automatic detection of cipher block length HINTS! if failure occurs...
KaliPackergeManager - Kali Packerge Manager
kalipm.sh is a powerful package management tool for Kali Linux that provides a user-friendly menu-based interface to simplify the installation of various packages and tools. It streamlines the process of managing software and enables users to effortlessly install packages from different categorie...
Gato - GitHub Self-Hosted Runner Enumeration And Attack Tool
Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization. The tool also allows searching for and thoroughly enumerating publ...