LFiFreak - An automated LFi Exploiter with Bind/Reverse Shells

LFiFreak is a tool for exploiting local file inclusions using PHP Input, PHP Filter and Data URI methods. Features Works with Windows, Linux and OS X Includes bind and reverse shell for both Windows and Linux Written in Python 2.7 Dependencies BeautifulSoup Download LFiFreak...

NMapGUI - Advanced Graphical User Interface for NMap

NMapGUI is an advanced graphical user interface for NMap network analysis tool. It allows to extend and ease the typical usage of NMap by providen a visual and fast interface with the application. If you have any questions about NMapGUI usage or want to get in contact with me, please visit: Twitt...

D0xk1t - Web-based OSINT and Active Reconaissance Suite

Active reconnaissance, information gathering and OSINT built in a portable web application. 1.0 Introduction 1. What is this? D0xk1t is an open-source , self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers. Based off of the prior command-line script,...

WSSiP - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa

Short for "WebSocket/Socket.io Proxy", this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...

CookieCatcher - Tool to assist in the exploitation of XSS

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

ASTo - An IoT Network Security Analysis Tool and Visualizer

ASTo is security analysis tool for IoT networks. It is developed to support the Apparatus security framework. ASTo is based on electron and cytoscape.js. The icons are provided by Google's Material Design. The application is still in prototyping stage, which means a lot of functionality is being...

LARE - [L]ocal [A]uto [R]oot [E]xploiter is a Bash Script That Helps You Deploy Local Root Exploits

L ocal A uto R oot E xploiter is a simple bash script that helps you deploy local root exploits from your attacking machine when your victim machine do not have internet connectivity. The script is useful in a scenario where your victim machine do not have an internet connection eg. while you piv...

Major Update of Acunetix Online

Acunetix Online has undergone a mammoth update, now enjoying all the features and benefits found in Acunetix On Premise, including: Integrated vulnerability management, greater manageability of threats and targets and the integration of popular WAFs and Issue Tracking systems. Acunetix Online als...

InfectPE - Inject Custom Code into PE File

Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files. Why you need InjectPE? You can test your security products. Use in a phishing campaign. Learn how PE injection works. ...and so on. In the project, there is hardcoded x-code of...

DBShield - Database Firewall Written In Go

Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones. How it works? For example, this is how web server normally interacts with database server: By adding DBShield in front of database server we can protect it against abnormal queries. To dete...

wuzz - Interactive CLI Tool for HTTP Inspection

Interactive cli tool for HTTP inspection Wuzz command line arguments are similar to cURL's arguments, so it can be used to inspect/modify requests copied from the browser's network inspector with the "copy as cURL" feature. Installation and usage $ go get github.com/asciimoo/wuzz $...

cgPwn - Cyber Grand Pwnage Box

A lightweight VM for hardware hacking, RE fuzzing, symEx, exploiting etc and wargaming tasks. This is a Ubuntu VM tailored for hardware hacking, RE and Wargaming. Tools included Pwndbg Pwntools Binwalk Radare2 Capstone, Unicorn and Keystone Engines Qira Timeless Debugger AFL Valgrind , VGdb...

kimi - Script To Generate Malicious Debian Packages (Debian Trojans)

Script to generate malicious debian packages debain trojans. Kimi is name inspired from "Kimimaro" one of my favriote charater from anime called "Naruto". Kimi is a script which generates Malicious debian package for metasploit which consists of bash file. the bash file is deployed into...

Metasploitable3 - An Intentionally Vulnerable Machine for Exploit Testing

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit . Metasploitable3 is released under a BSD-style license. See COPYING for more details. Building Metasploitable 3...

PsTools - Utilities for listing the processes running on remote computers, running processes remotely, rebooting computers, and more

The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. Introduction The Windows NT and Windows 2000 Resource Kits come with a number of command-line tools that...

hget - Rocket Fast, Interruptable, Resumable Download Accelerator

Rocket fast download accelerator written in golang. Current program working in unix system only. NOTE : hget is currently on highly development, its usage, architecture and code may change anytime at the future. It would be great if you can contribute whatever features that you want to use, I wil...

WAS - Automatic USB Drive Malware Scanning Tool For The Security-Minded Person

Author: Fabio Baroni http://www.pentest.guru/ @Fabiothebest89 How many times have you plugged in a USB drive and double clicked on a file without scanning for malware? I guess, MANY. Wait A Sec! Even if you are a security guy, you'll often be in a hurry or absent minded and you trust your USB dri...

Cartero - Social Engineering Framework

A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn't do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and...

Netdata - Real-Time Performance Monitoring

netdata is a highly optimized Linux daemon providing real-time performance monitoring for Linux systems, Applications, SNMP devices, over the web ! It tries to visualize the truth of now , in its greatest detail , so that you can get insights of what is happening now and what just happened, on yo...

CJExploiter - Drag and Drop ClickJacking Exploit Development Assistance Tool

CJExploiter is drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by click the "Exploit It" you can see the P0C. Summery...

Smod - MODBUS Penetration Testing Framework

smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x. Feel free to make pull requests, if...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

Sn1per - Automated Pentest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates open ports...

Sonar.js - Framework for identifying and launching exploits against internal network hosts

A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration, WebSocket host scanning, and external resource fingerprinting. How does it work? Upon loading the sonar.js payload in a modern web browser the following will happen: sonar.js will u...

BetterCap - A complete, modular, portable and easily extensible MITM framework

BetterCap is an attempt to create a complete, modular, portable and easily extensible MITM framework with every kind of features could be needed while performing a man in the middle attack. It's currently able to sniff and print from the network the following informations: URLs being visited. HTT...

Cheat - Create and view interactive cheatsheets on the command-line

cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember. cheat depends only on python and pip. Example The next time you're...

Gcat - A stealthy Backdoor that uses Gmail as a command and control server

A stealthy Python based backdoor that uses Gmail as a command and control server. Setup For this to work you need: A Gmail account Use a dedicated account! Do not use your personal one! Turn on "Allow less secure apps" under the security settings of the account This repo contains two files: gcat....

BlueScreenView - Blue Screen of Death (STOP error) information in dump files

BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue...

SmartSniff v2.16 - Capture TCP/IP packets on your network adapter

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode for text-based protocols, like HTTP...

Beeswarm - Active IDS made easy

Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak...

Snort 3.0 - Network intrusion prevention and detection system (IDS/IPS)

Snort is the most powerful IPS in the world, setting the standard for intrusion detection. So when we started thinking about what the next generation of IPS looked like we started from scratch. Features Support multiple packet processing threads Shared configuration and attribute table Use a...

Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...

Asterisk Password Spy v3.1 - Windows Asterisk Password Recovery Tool

Asterisk Password Spy is the FREE tool to instantly reveal the hidden password behind asterisks . It's user friendly interface can help you to easily find the passwords from any Windows based application.You can simply drag the 'search icon' to any password box to find the real password hidden by...

WebBrowserPassView v1.56 - Recover lost passwords stored in your Web browser

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer Version 4.0 - 11.0, Mozilla Firefox All Versions, Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website,...

Netsparker v3.5.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

screenFetch - The Bash Screenshot Information Tool

screenFetch is a "Bash Screenshot Information Tool". This handy Bash script can be used to generate one of those nifty terminal theme information + ASCII distribution logos you see in everyone's screenshots nowadays. It will auto-detect your distribution and display an ASCII version of that...

Parsero v0.75 - Attacking Robots.txt Files

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the...

Online JavaScript Beautifier - Beautify, unpack or deobfuscate JavaScript and HTML

This little beautifier will reformat and reindent bookmarklets, ugly JavaScript, unpack scripts packed. Online JavaScript Beautifier...

ModSecurity v2.8.0 - Open Source Web Application Firewall

ModSecurity ™is an open source, free web application firewall WAF Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. Changelog v2.8.0 Bug fix Build issue: Now using autotools to...

KisMAC - Free Sniffer/Scanner application for Mac OS X

KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning. KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187...

OWASP ZAP 2.3.0.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...

[OpenedFilesView] View opened/locked files in your system (sharing violation issues)

OpenedFilesView displays the list of all opened files on your system. For each opened file, additional information is displayed: handle value, read/write/delete access, file position, the process that opened the file, and more... Optionally, you can also close one or more opened files, or close t...

[GoldenEye v2.1] DoS Tool

GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive and Connection: keep-alive paired with Cache-Control options to persist socket connection busting through caching when possible until it consumes all available sockets on the HTTP/S server. Changelog v2.1 2014-02-20...

[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This...

[FacebookPasswordDump v2.0] Command-line Tool to Recover Facebook Password from Browsers and Messengers

Facebook Password Dump is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers. Currently it can recover your Facebook password from following applications, Firefox Internet Explorer v6.x - v10.x Google Chrome Chrome Canary/SXS CoolNovo...

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

[SQL injection test environment] A collection of web pages vulnerable to SQL injection flaws

A collection of web pages vulnerable to SQL injection flaws and more: conf/ - operating system configuration files used by deployment.sh. dbs/ - standalone databases for some database management systems e.g. Microsoft Access. libs/ - web API libraries to connect to the database management...

[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit SET v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get...