6011 matches found
Findsploit - Find Exploits In Local And Online Databases Instantly
Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit ie. ./copysploit 1337.c &&...
gOSINT - Open Source Intelligence Framework
gOSINT is a small OSINT framework in golang, it's actually in development and still not ready for production if you want, feel free to contribute! What gOSINT can do Find mails from git repository Find Dumps for mail address Search for mail address linked to domain/mail address in PGP keyring...
BlueMaho v090417 - Bluetooth Security Testing Suite
BlueMaho is GUI-shell interface for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice...
GOSINT - Open Source Threat Intelligence Gathering and Processing Framework
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...
PortEx - Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...
SimpleWall - Simple tool to configure Windows Filtering Platform (WFP)
Simple tool to configure Windows Filtering Platform WFP which can configure network activity on your computer. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For...
TorWall - Transparent Tor for Windows
Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. Any traffic that cannot be handled by Tor, e.g. UDP, is blocked. Tallow also intercepts and handles DNS requests preventing potential leaks. Tallow has several applications,...
Wifite 2 - A complete re-write of Wifite (Automated Wireless Attack Tool)
A complete re-write of wifite, a Python script for auditing wireless networks. What's new? Lots of files instead of "one big script". Cleaner process management -- No longer leaves processes running in the background. UX: Target access points are refreshed every second instead of every 5 seconds...
Ironsquirrel - Encrypted Exploit Delivery for the Masses
This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...
CipherScan - Find out which SSL ciphersuites are supported by a target
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl sclient command line. Cipherscan is meant to run on all...
dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names
dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...
theZoo - A repository of LIVE malwares for your own joy and pleasure
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and saf...
Algo VPN - Set up a personal IPSEC VPN in the cloud
Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. Features Supports only IKEv2 with strong crypto: AES-GCM, SHA2, and P-256...
SweetSecurity - Network Security Monitoring on Raspberry Pi type devices
Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device. Getting Sweet Security Either download the Github repository manually, or clone the repo with the following command: $ git clone https://github.com/travisfsmith/sweetsecurity Prerequisites Mos...
LinEnum v0.6 - Scripted Local Linux Enumeration and Privilege Escalation Checks
LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...
Plasma - An Interactive Disassembler for x86/ARM/MIPS
PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api see an example below. The project is still in big development. wiki : TODO list and some documentation. It supports : architectures ...
CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. 1. Misconfigured DNS scan usin...
Airachnid Burp Extension - A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
A Burp extension to test applications for vulnerability to the Web Cache Deception attack. Once the extension has been loaded, it can be accessed in the Target - Sitemap tab and right click on the resource that should be tested. A context sensitive menu item called "Airachnid Web Cache Test" will...
Acunetix Release Web Site Security Pen Testing Tools Free
HTTP editor, fuzzer and sniffer tools help pen testers identify vulnerabilities London, UK – January 2016 – Hot on the release of Acunetix Version 11, pioneering web application security software Acunetix, now delivering Manual Pen Testing Tools at no cost. Penetration testers can make use of an...
F-Scrack - A Single File Bruteforcer Supports Multi-Protocol
F-Scrack is a single file bruteforcer supports multi-protocol, no extra library requires except python standard library, which is ideal for a quick test. Currently support protocol: FTP, MySQL, MSSQL,MongoDB,Redis,Telnet,Elasticsearch,PostgreSQL. Compatible with OSX, Linux, Windows, Python 2.6+...
Metasploitable3 - An Intentionally Vulnerable Machine for Exploit Testing
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit . Metasploitable3 is released under a BSD-style license. See COPYING for more details. Building Metasploitable 3...
PowerLurk - Malicious WMI Events using PowerShell
PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. The goal is to make WMI events easier to fire off during a penetration test or red team engagement. Please see my post Creeping on Users with WMI Events: Introducing PowerLurk for more detailed information:...
Cartero - Social Engineering Framework
A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn't do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and...
Whonix 13 - Anonymous Operating System
Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside...
SideDoor - Debian/Ubuntu Backdoor Using A Reverse SSH Tunnel
sidedoor maintains a reverse tunnel to provide a backdoor. sidedoor can be used to remotely control a device behind a NAT. sidedoor is packaged for Debian-based systems with systemd or upstart. It has been used on Debian 8 jessie and Ubuntu 14.04 LTS trusty. The sidedoor user has full root access...
Flashlight - Automated Information Gathering Tool for Penetration Testers
Pentesters spend too much time during information gathering phase. Flashlight Fener provides services to scan network/ports and gather information rapidly on target networks. So Flashlight should be the choice to automate discovery step during a penetration test. In this article, usage of Flashli...
SpiderFoot v2.6.1 - Open Source Intelligence Automation
SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target. Purpose There are three main areas where SpiderFoot can be useful: 1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the tes...
Security Onion - Linux Distro For Intrusion Detection, Network Security Monitoring, And Log Management
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an...
Pupy - Multi-Platform Remote Administration Tool
Pupy is an opensource, multi-platform Remote Administration Tool written in Python. On Windows, Pupy uses reflective dll injection and leaves no traces on disk. Features : On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy doe...
Windows Spy Keylogger - Software to Log Keystrokes in Stealth Mode for 32-bit/64-bit processes on Windows XP/Vista/7/8/10
Windows Spy Keylogger is the free software to help you covertly monitor all activities on your computer. It intercepts everything that is typed on keyboard and stores into one log file which you can view it anytime later. You can track logins , passwords , emails , chats and all other secret thin...
ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications
The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...
Wfuzz - The Web Application Bruteforcer
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections SQL, XSS, LDAP,etc, bruteforce Forms parameters User/Password, Fuzzing,etc...
Netsparker Cloud - Online Web Application Security Scanner
Netsparker Cloud is an online web application security scanner built around the advanced scanning technology of Netsparker Web Application Security Scanner; the only false positive free automated desktop based web vulnerability scanner. Benefit from the Cloud AFFORDABLE AND MAINTENANCE FREE WEB...
BackBox Linux 4.3 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable...
KeyBox - A web-based SSH console that centrally manages administrative access to systems
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can login...
Nikto2 - Web Server Scanner
Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...
ShellCheck - Automatically Detects Problems with sh/bash Scripts and Commands
ShellCheck is a static analysis and linting tool for sh/bash scripts. It's mainly focused on handling typical beginner and intermediate level syntax errors and pitfalls where the shell just gives a cryptic error message or strange behavior, but it also reports on a few more advanced issues where...
Password Cracking Suite
How To Use It: git clone https://github.com/TecnoHack/Password-Cracking-Suite.git chmod +x csuit.py ./csuit.py Dics Path: In this path, you can add any dictionary you would like to use. Tools Path: In this path, the script will install 3rd party tools. You can download some here:...
XSSYA v2.0 - Cross Site Scripting Scanner & Vulnerability Confirmation
XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation written in python scripting language confirm the XSS Vulnerability in two method first work by execute the payload encoded to bypass Web Application Firewall which is the first method request and responseif it respond 200 it turn...
Windows Password Kracker - Free Windows Password Recovery Software
Windows Password Kracker is a free software to recover the lost or forgotten Windows password. It can quickly recover the original windows password from either LM LAN Manager or NTLM NT LAN Manager Hash. Windows encrypts the login password using LM or NTLM hash algorithm. Since these are one way...
Isowall - A mini-firewall that completely isolates a target device from the local network
This is a mini-firewall that completely isolates a target device from the local network. This is for allowing infected machines Internet access, but without endangering the local network. Building This project depends upon libpcap, and of course a C compiler. On Debian, the following should work:...
FBHT v3.0 - Facebook Hacking Tool (Like flood, Note DDoS attack, FBFriendlyLogout, more...)
FBHTFacebook Hacking Tool is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform The tool provides: 1 Create accounts 2 Delete all accounts for a given user 3 Send friendship requests Test Accounts 4 Accept friendship requests Test Accounts 5...
NetHogs - Small 'net top' tool
NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and...
Netsparker v3.5.5 - Web Application Security Scanner
Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...
Inxi - A newer, better system information script for irc, administration, and system troubleshooters
A newer, better system information script for irc, administration, and system troubleshooters. Inxi Options Inxi has a wide range of options and custom triggers, along with useful defaults like -b or -F. Plain inxi, no options, prints a single line of basic system information. Here is a screensho...
NoVirusThanks File Governor - Unlock locked files and folders
NoVirusThanks File Governor is an advanced program which allows for files and folders within the system to be unlocked so that normal file I/O operations can be completed when normally they would not be able to be due to operating system restrictions for files currently in use. Once a file or...
Dirs3arch - HTTP(S) Directory/File Brute Forcer
dirs3arch is a simple command line tool designed to brute force directories and files in websites. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked .htaccess, web.config, etc. Recursive brute forcing Usage: dirs3arch.py -u|--url target...
Hooker - Automated Dynamic Analysis of Android Applications
Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls a...
BluetoothLogView - Creates a log of Bluetooth devices activity around you
BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following...
[SSLsplit] Transparent and scalable SSL/TLS interception
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original...