6011 matches found
WiFi software Acrylic WiFi Free v2.0 - Real-time WLAN information and network analysis
New Acrylic WiFi software update. WiFi software for network analysis has gone through many changes since the first free version and finally reaches version v2.0 with more power than ever and long awaited features for network and channel analysis under Windows and with any wireless card. Acrylic...
ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more
The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com. Features Interactive Console: Type "help" to get a list of commands. Type "help command" to get a description/usage on specific command. crackpw This executes Nacho Barrientos Arias's PDFCrack tool by...
screenFetch - The Bash Screenshot Information Tool
screenFetch is a "Bash Screenshot Information Tool". This handy Bash script can be used to generate one of those nifty terminal theme information + ASCII distribution logos you see in everyone's screenshots nowadays. It will auto-detect your distribution and display an ASCII version of that...
KisMAC - Free Sniffer/Scanner application for Mac OS X
KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning. KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187...
DNSQuerySniffer - DNS Queries Sniffer
DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type A, AAAA, NS, MX, and so on, Request Time, Response Time, Duration, Response Code, Number of...
[JRT] Junkware Removal Tool
Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs PUPs from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This to...
[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic
Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This...
[RouterPassView] Recover lost password from router backup file
Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed. The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless...
[FacebookPasswordDump v2.0] Command-line Tool to Recover Facebook Password from Browsers and Messengers
Facebook Password Dump is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers. Currently it can recover your Facebook password from following applications, Firefox Internet Explorer v6.x - v10.x Google Chrome Chrome Canary/SXS CoolNovo...
[Charles] Web Debugging Proxy Application
Charles is a web proxy HTTP Proxy / HTTP Monitor that runs on your own computer. Your web browser or any other Internet application is then configured to access the Internet through Charles, and Charles is then able to record and display for you all of the data that is sent and received. In Web a...
[OpenSSH 6.5] FREE version of the SSH Connectivity Tools
OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic including passwords to effectively...
[evasi0n7] iOS 7.x Jailbreak
Evasi0n Jailbreaking tools available for Apple iOS 7 users. This jailbreak utility/tool made by Evad3rs team after 3 months of iOS 7 launched. evasi0n is available for Mac and Windows, and is untethered. Here are the requirements posted on the evasi0n website: A computer, running Windows XP...
[LinEnum v0.2] Automating local information gathering tasks on Linux hosts
LinEnum is a shell script that automates local information gathering tasks on Linux hosts.Over 65 checks are performed, obtaining anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations etc. Additionally,...
[SpearPhisher] A Simple Phishing Email Generation Tool
SpearPhisher is a simple point and click Windows GUI tool designed for mostly non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending...
[Tunna Framework] Tool designed to bypass firewall restrictions on remote webservers
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. The web application file must be uploaded on the remote server. It will be used to make a local connection with services running on t...
[MAC Address Scanner] Desktop Tool to Find MAC address of Remote Computers on Local Network
MAC Address Scanner is the free desktop tool to remotely scan and find MAC Address of all systems on your local network. It allows you to scan either a single host or range of hosts at a time. During the scan, it displays the current status for each host. After the completion, you can generate...
[OWASP Bricks] Modular Deliberately Vulnerable Web Application
Bricks is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools Mantra and ZAP. The mission is to 'break...
[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”
The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...
[Open SCAP v0.9.5] Support of SCE - Script Check Engine
SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise...
[Hydra v 7.4] Fast Network cracker
One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports...
[Scythe Framework] Harvest Profile Id And Email
In this video i will show you how to use Scythe Framework for Harvesting a Email ID and other usernames from blogs, social-media, etc .. I personally like this tool because,online there's tons of tools available for Email ID harvesting but this one is great .... right now only supports two Mail...
Docf-Sec-Check - DockF-Sec-Check Helps To Make Your Dockerfile Commands More Secure
DockF-Sec-Check helps to make your Dockerfile commands more secure. Done x First-level security notification in the Dockerfile TODO List Correctly detect the Dockerfile. Second-level security notification in the Dockerfile. Security notification in Docker images. Private Repository Installation...
Some-Tweak-To-Hide-Jwt-Payload-Values - A Handful Of Tweaks And Ideas To Safeguard The JWT Payload
some-tweak-to-hide-jwt-payload-values a handful of tweaks and ideas to safeguard the JWT payload, making it futile to attempt decoding by constantly altering its value, ensuring the decoded output remains unintelligible while imposing minimal performance overhead. What is a JWT Token? A JSON Web...
CanaryTokenScanner - Script Designed To Proactively Identify Canary Tokens Within Microsoft Office Documents And Acrobat Reader PDF (docx, xlsx, pptx, pdf)
Detecting Canary Tokens and Suspicious URLs inMicrosoft Office, Acrobat Reader PDF and Zip Files Introduction In the dynamic realm of cybersecurity, vigilance and proactive defense are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or macros to...
Quick-Lookup-Ptrun - Quick Lookup Plugin For PowerToys Run (Wox)
This plugin for PowerToys Run allows you to quickly search for an IP address, domain name, hash or any other data points in a list of Cyber Security tools. It's perfect for security analysts, penetration testers, or anyone else who needs to quickly lookup information when investigating artifacts ...
Temcrypt - Evolutionary Encryption Framework Based On Scalable Complexity Over Time
The Next-gen Encryption Try temcrypt on the Web → temcrypt SDK Focused on protecting highly sensitive data, temcrypt is an advanced multi-layer data evolutionary encryption mechanism that offers scalable complexity over time, and is resistant to common brute force attacks. You can create your own...
NixImports - A .NET Malware Loader, Using API-Hashing To Evade Static Analysis
A .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis How does it work? NixImports uses my managed API-Hashing implementation HInvoke, to dynamically resolve most of it's called functions at runtime. To resolve the functions HInvoke requires two hashes the typeHas...
SOC-Multitool - A Powerful And User-Friendly Browser Extension That Streamlines Investigations For Security Professionals
Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft Edge, Chrome, Brave, and Opera. Now available on Chrome Web Store!...
Kubestroyer - Kubernetes Exploitation Tool
Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests About The Project Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool is scanning known...
Noseyparker - A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features: It supports scanning files, directories, and the entire history of Git repositories It uses regular expression matching...
SharpSCCM - A C# Utility For Interacting With SCCM
SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager a.k.a. ConfigMgr, formerly SCCM for lateral movement and credential gathering without requiring access to the SCCM administration console GUI. SharpSCCM was initially created to execute user huntin...
Bayanay - Python Wardriving Tool
WarDriving is the act of navigating, on foot or by car, to discover wireless networks in the surrounding area. Features Wardriving is done by combining the SSID information obtained with scapy using the HTML5 geolocation feature. Usage I cannot be held responsible for the malicious use of the...
awsEnum - Enumerate AWS Cloud Resources Based On Provided Credential
Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ █ █ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █ █ █ █ █ █▄█ █ █ █▄▄▄▄▄█ █▄▄▄█ █ █▄█ █ █ █ █ █▄▄▄▄▄ █ ▄▄▄█ ▄ █ █ █...
Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install...
SharpEventPersist - Persistence By Writing/Reading Shellcode From Event Log
Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:\path\to\shellcode.bin" -instanceid 1337 -source Persistence -eventlog "Key Management Service". The shellcode is converted to hex and written to the "Key Manageme...
Exfilkit - Data Exfiltration Utility For Testing Detection Capabilities
Data exfiltration utility for testing detection capabilities Description Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only. Exfiltration How-To /etc/shadow - HTTP GET requests Server ./exfilkit-cli.py -m...
Process_Overwriting - Yet Another Variant Of Process Hollowing
Process Overwriting is a PE injection technique, closely related to Process Hollowing and Module Overloading Process Hollowing aka RunPE is an old and popular PE injection technique. It comes in has variety of flavors, but there are some steps in common: 1. Start by creating a process in a...
Moonwalk - Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps
Cover your tracks during LinuxExploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. Introduction moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs...
VulFi - Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries
The VulFi Vulnerability Finder tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions such as strcpy, sprintf, system, etc.. For cases where a Hexrays...
Maat - Open-source Symbolic Execution Framework
Maat is an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra's sleigh library for assembly lifting: https://maat.re...
DarthSidious - Building An Active Directory Domain And Hacking It
The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to buil...
HaccTheHub - Open Source Self-Hosted Cyber Security Learning Platform
Open source self-hosted cyber security learning platform About The Project HaccTheHub is an open source project that provides cyber security The HaccTheHub system consists of 3 main parts: Docker: containing all of the boxes creating the environment in which we'll be learning on. The backend:...
Boko - Application Hijack Scanner For macOS
boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and list...
Exrop - Automatic ROP Chain Generation
Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget Only support for x86-64 for now! Features: handling non-return gadgets jmp reg, call reg set registers rdi=0xxxxxx, rsi=0xxxxxx set register t...
LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database
It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py Impacket and ldapsearch in order to look up for password...
CRT - CrowdStrike Reporting Tool for Azure
This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments. Exchange Online O365: Federation Configuration Federation Trust Client Access...
Msmailprobe - Office 365 And Exchange Enumeration
Office 365 and Exchange Enumeration It is widely known that OWA Outlook Webapp is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for...
Spamscanner - Spam Scanner Is The Best Anti-Spam, Email Filtering, And Phishing Prevention Service
Spam Scanner is the best anti-spam, email filtering, and phishing prevention service. Spam Scanner is a drop-in replacement and the best alternative to SpamAssassin, rspamd, SpamTitan, and more. Foreword Spam Scanner is a tool and service built by @niftylettuce after hitting countless roadblocks...
Mariana Trench - Security Focused Static Analysis Tool For Android And Java Applications
Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our websit...
PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation
Basic Tutorial Here you will find privilege escalation tools for Windows and Linux/Unix and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the LocalWindo...