DLLHijackingScanner - This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dllhijackingcandidates.csv that can be found here:...

ClusterFuzzLite - Simple Continuous Fuzzing That Runs In CI

ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration CI workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they...

Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...

Webdiscover - The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits

The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools dependencies are installed during script execution: seclist ffuf namelist dnsrecon subfinder whatweb gospider nuclei searchsploit go-exploitdb It creates a directory with the scan...

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts

SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...

InlineExecute-Assembly - A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

InlineExecute-Assembly is a proof of concept Beacon Object File BOF that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entr...

Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomainse.g more than 10k. It is not possible to test each manually or with traditional requests or...

SitRep - Extensible, Configurable Host Triage

SitRep is intended to provide a lightweight, extensible host triage alternative. Checks are loaded dynamically at runtime from stand-alone files. This allows operators to quickly modify existing checks, or add new checks as required. Checks are grouped by category and can be marked as OpSec...

Invoker - Penetration Testing Utility

Penetration testing utility. The goal is to use this tool when access to some Windows OS features through GUI is restricted. Some features require administrative privileges. Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a...

wePWNise - Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies SRPs and EMET mitigations and...

Homoglyphs - Get Similar Letters, Convert To ASCII, Detect Possible Languages And UTF-8 Group

Homoglyphs -- python library for getting homoglyphs and converting to ASCII. Features It's smarter version of confusablehomoglyphs: Autodect or manual choosing category aliases from ISO 15924. Auto or manual load only needed alphabets in memory. Converting to ASCII. More configurable. More stable...

AutoSploit v2.2 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

Pip3Line - The Swiss Army Knife Of Byte Manipulation

Pip3line is a raw bytes manipulation utility, able to apply well known and less well known transformations from anywhere to anywhere almost. Its main usefulness lies in pentesting and reverse-engineering / binary analysis purposes. Current transformations list include classic decoders such as...

LogonTracer - Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name or an IP address and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occur...

Webkiller - Tool Information Gathering Write By Python.

Tool Information Gathering Write With Python. ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗ ██████╔╝█████╔╝ ██║██║ ██║ █████╗ ██████╔╝ ██║███╗██║██╔══╝ ██╔══██╗██╔═██╗ ██║██║ ██║ ██╔══╝ ██╔══██╗...

THRecon - Threat Hunting Reconnaissance Toolkit

Collect endpoint information for use in incident response triage / threat hunting / live forensics using this toolkit. When a security alert raises concern over a managed system, this toolkit aims to empower the analyst with as much relevant information as possible to help determine if a compromi...

TP-Link-defaults - Python Script For Trying Default Passwords For Some TP-Link Hotspots

Python script for trying default passwords for some TP-Link Hotspots Inspired by Usage usage: scan.py -h -p Python script for trying default passwords for some TP-Link Hotspots optional arguments: -h, --help show this help message and exit -p, --print-all print all found ssid's FOR EDUCATIONAL US...

Idisagree - Control Remote Computers Using Discord Bot

Control remote computers using discord bot and python 3. ! If your target is a windows system, you may want to compile your payload. Do this with py2exe or pyinstaller. MAINTAINERS Alisson Moretto | Twitter: @A1S0N Github: @A1S0N PREREQUISITES Python 3.x pip3 subprocess from python3 Discord from...

Omnibus - Open Source Intelligence Collection, Research, And Artifact Management

An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command...

Hash-Buster v2.0 - Tool Which Uses Several APIs To Perform Hash Lookups

Features Automatic hash type identification Supports MD5, SHA1, SHA2 Can extract & crack hashes from a file Can find hashes from a directory, recursively 6 robust APIs As powerful as Hulk, as intelligent as Bruce Banner Single Hash You don't need to specify the hash type. Hash Buster will identif...

Sn1per v4.4 - Automated Pentest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. DEMO VIDEO: FEATURES: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates...

PAVELOW - Exploit Toolbox

PAVELOW helps you with your exploiting and vulnerability searching adventures on KALI Linux by using a few different pre-installed tools among several others that PAVELOW will installed & setup for youthey all can be found right here on Github too. FEATURES 1. Passive Recon Menu DORK OSINT Extern...

Wordpress Exploit Framework v1.9.2 - Framework For Developing And Using Modules Which Aid In The Penetration Testing Of WordPress Powered Websites And Systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby = 2.4.3 installed on your system and then install all required dependencies by opening a command prompt / terminal ...

PortWitness - Tool For Checking Whether A Domain Or Its Multiple Sub-Domains Are Up And Running

PortWitness is a bash tool designed to find out active domain and subdomains of websites using port scanning. It helps penetration testers and bug hunters collect and gather information about active subdomains for the domain they are targeting.PortWitness enumerates subdomains using Sublist3r and...

WhoAmIMailBot - A Service To Mask Your Email

What is it? A service to mask your e-mails, it was inspired by Blur service, where you create a alias for your e-mail, and use it to signup on applications, but the problem on Blur, is that all e-mails pass trough they infraestructure, and I don't need anybody looking on my e-mails, to solve that...

CLOUDKiLL3R - Bypasses Cloudflare Protection Service Via TOR Browser

CLOUDKiLL3R bypasses Cloudflare protection service via TOR Browser ! CLOUDKiLL3R Requirements : TOR Browser to scan as many sites as you want : Python Compiler CLOUDKiLL3R Installation ? Make sure that TOR Browser is up and running while working with CLOUDKiLL3R . Make sure that the IP AND PORT a...

Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...

sdrtrunk - Tool For Decoding, Monitoring, Recording And Streaming Trunked Mobile And Related Radio Protocols Using Software Defined Radios (SDR)

A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios SDR. Getting Started User's Manual Version 0.3.0 Download Support Figure 1: sdrtrunk Version 0.3.0 Application Screenshot End User...

GOSINT - Open Source Threat Intelligence Gathering and Processing Framework

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...

Breacher - Tool To Find Admin Login Pages And EAR Vulnerabilites

A script to find admin login pages and EAR vulnerabilites. Features Multi-threading on demand Big path list 798 paths Supports php, asp and html extensions Checks for potential EAR vulnerabilites Checks for robots.txt Support for custom patns Usages Check all paths with php extension python...

XFLTReaT - Tunnelling Framework

This is just one thing of many things that was missing from the Internet. If you got tired of trying several tunnelling tools for each protocols, this must be your tool framework. Available modules TCP UDP ICMP SOCKS v4, 4a, 5 HTTP CONNECT DNS A/CNAME, PRIVATE, NULL - Proof of Concept Available...

SET v7.7 - The Social-Engineer Toolkit “Blackout”

The Social-Engineer Toolkit SET was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two...

Magic Wormhole - Get Things From One Computer To Another, Safely

This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories or short pieces of text from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine...

Truehunter - Tool to detect TrueCrypt containers

The goal of Truehunter is to detect TrueCrypt containers using a fast and memory efficient approach. It was designed as a PoC some time ago as I couldn't find any open source tool with the same functionality. Installation Just use with Python 2.7, it does not need any additional libraries. usage:...

Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices

The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES. Requirements Raspberry Pi Raspberry Pi Radio Hack Box shield a LCD, some LEDs, and some buttons nRF24LU1+ USB radio dongle...

vsaudit - VOIP Security Audit Framework

This is an opensource tool to perform attacks to general voip services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them. Install dependencies To start using...

FiercePhish - A Full-Fledged Phishing Framework To Manage All Phishing Engagements

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notificati...

brut3k1t - Server-side Brute-force Module (ssh, ftp, smtp, facebook, and more)

Server-side brute-force module. Brute-force dictionary attack, jk attack that supports multiple protocols and services. 1. Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:...

BBQSQL - A Blind SQL Injection Exploitation Tool

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is...

sshhipot - High-Interaction MitM SSH Honeypot

High-interaction SSH honeypot ok, it's really a logging ssh proxy. Still more or less a work-in-progress. Feel free to go install this repository if you'd like to try it. Run it with -h to see more options. In particular, logging is kinda rough. One of these days there'll be better documentation,...

libenom - Make Fast and Easy Payloads with MSFvenom

Libenom is a tool created for make more easy and fast the creation of payloads with MSFvenom and get all the data generated ordered. Requirements A linux distribution for pentesting or Ubuntu, Debian, Mint Recommended Kali Linux 2.0 sana or 2016.1 rolling, Parrot OS, Blackarch, Dracos ,Lionsec...

HatDBG - Minimal WIN32 Debugger in Powershell

The HatDBG is A pure Powershell win32 debugging abstraction class. The goal of this project is to make a powershell debugger. It is intended to be used during internal penetration tests and red team engagements. This is exclusively for educational purposes. The debugger objects implementing a...

Lynis 2.3.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Fierce - A DNS Reconnaissance Tool for Locating Non-Contiguous IP Space

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/ . This is simply a conversion to Python 3 to simplify and modernize the codebase. The original description was very apt, so I'll include it here: Fierce is a semi-lightweight scann...

lisa.py - An Exploit Dev Swiss Army Knife

lisa.py An Exploit Dev Swiss Army Knife. Installation Copy lisa.py and .lldbinit to / Use the following commands: ant4g0nist$ cp lisa.py /lisa.py ant4g0nist$ cp lldbinit /.lldbinit ant4g0nist$ lldb lllllll iiii l:::::l i::::i l:::::l iiii l:::::l l::::l iiiiiii ssssssssss aaaaaaaaaaaaa l::::l...

RSPET - Python Reverse Shell and Post Exploitation Tool

RSPET Reverse Shell and Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 4431 Built-in File/Binary transfer both...

V3n0M-Scanner - Popular SQLi and Pentesting Scanner

V3n0M runs on Python3 Live Project - Readding old features back in and improved for Python3 v3n0m is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is fo...

credmap - The Credential Mapper

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. Help Menu Usage: credmap.py --email EMAIL | --user USER |...

Bluto - DNS Recon, DNS Zone Transfer, and Email Enumeration

BLUTO DNS recon | Brute forcer | DNS Zone Transfer | Email Enumeration The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto wil...

KeeFarce - Extracts Passwords From A Keepass 2.X Database, Directly From Memory

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData% General Design KeeFarce uses DLL injection to execute code within the context of a runnin...