6011 matches found
Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connected devices. The dorks are designed to help security researchers discover potential vulnerabilities and configuration issues in various types of devices such ...
Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
/\ / | / \ | \ | || | | | | / | /| |/ |/ |/ ,/; ; ; ,'/|; ,/,/, ,'/ |;/,/,/,/| ,/; |;|/,/,/,/,/| ,/'; |;|,/,/,/,/,/| ,/'; |;|/,/,/,/,/,/|, / ; |;|,/,/,/,/,/,/| / ,'; |;|/,/,/,/,/,/,/| /,/'; |;|,/,/,/,/,/,/,/| /;/ '; |;|/,/,/,/,/,/,/,/| ██████╗ ███████╗ ██████╗ █████╗ ███████╗██╗ ██╗███████╗...
Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
Implement and monitor Appsec control at scale. Requirements NodeJS 20.13 Tested on Mac Ubuntu How to install $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ npm i Build a Docker image $ git clone [email protected]:mf-labs/witcher.git $ cd witcher $ docker build -t witch...
ByeDPIAndroid - App To Bypass Censorship On Android
Android application that runs a local VPN service to bypass DPI Deep Packet Inspection and censorship. This application runs a SOCKS5 proxy ByeDPI and redirects all traffic through it. Installation Or use Obtainium 1. Install Obtainium 2. Add the app by URL:...
API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
APIs For OSINT This is a Collection of APIs that will be useful for automating various tasks in OSINT. Thank you for following me! https://cybdetective.com IOT/IP Search engines Name | Link | Description | Price ---|---|---|--- Shodan | https://developer.shodan.io | Search engine for Internet...
Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
A Model Context Protocol MCP server implementation that integrates with Firecrawl for web scraping capabilities. Big thanks to @vrknetha, @cawstudios for the initial implementation! You can also play around with our MCP Server on MCP.so's playground. Thanks to MCP.so for hosting and @gstarwd for...
Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
Real-time face swap and video deepfake with a single click and only a single image. Disclaimer This deepfake software is designed to be a productive tool for the AI-generated media industry. It can assist artists in animating custom characters, creating engaging content, and even using models for...
CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
🐫 CAMEL is an open-source community dedicated to finding the scaling laws of agents. We believe that studying these agents on a large scale offers valuable insights into their behaviors, capabilities, and potential risks. To facilitate research in this field, we implement and support various type...
Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
Automatically generates beautiful and easy-to-read ER diagrams from your database. Website • Documentation • Roadmap What's Liam ERD? Liam ERD generates beautiful, interactive ER diagrams from your database. Whether you're working on public or private repositories, Liam ERD helps you visualize...
SubGPT - Find Subdomains With GPT, For Free
SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more. Best part? It's free! The following subdomains were found by this tool with these 30 subdomains as input. call-prompts-staging.example.com dclb02-dca1.prod.example.com activedirectory-sjc1.example.c...
Uro - Declutters Url Lists For Crawling/Pentesting
Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that. It doesn't make any http requests to the URLs and removes: - incremental urls e.g. /page/1/ and /page/2/ - blog posts and similar human written conten...
Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Web Shell Client Description & Demo Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell. In the case the above video does not works for...
Pulsegram - Integrated Keylogger With Telegram
PulseGram is a keylogger integrated with a Telegram bot. It is a monitoring tool that captures keystrokes, clipboard content, and screenshots, sending all the information to a configured Telegram bot. It is designed for use in adversary simulations and security testing contexts. ⚠️ Warning: This...
Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
Dealing with failing web scrapers due to anti-bot protections or website changes? Meet Scrapling. Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. For both beginners an...
VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
VulnKnox is a powerful command-line tool written in Go that interfaces with the KNOXSS API. It automates the process of testing URLs for Cross-Site Scripting XSS vulnerabilities using the advanced capabilities of the KNOXSS engine. Features Supports pipe input for passing file lists and echoing...
Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
Camtruder is a high-performance RTSP camera discovery and vulnerability assessment tool written in Go. It efficiently scans and identifies vulnerable RTSP cameras across networks using various authentication methods and path combinations, with support for both targeted and internet-wide scanning...
Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
Frogy 2.0 is an automated external reconnaissance and Attack Surface Management ASM toolkit designed to map out an organization's entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with...
PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
| \ | \ | | | | / / |/ / | | | / | | | | / / | | | \ \ || \ \ |\ | || |, |,|/,|/| | |/ ███▄ █ ▓█████ ▒█████ ██ ▀█ █ ▓█ ▀ ▒██▒ ██▒ ▓██ ▀█ ██▒▒███ ▒██░ ██▒ ▓██▒ ▐▌██▒▒▓█ ▄ ▒██ ██░ ▒██░ ▓██░░▒████▒░ ████▓▒░ ░ ▒░ ▒ ▒ ░░ ▒░ ░░ ▒░▒░▒░ ░ ░░ ░ ▒░ ░ ░ ░ ░ ▒ ▒░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ PEGASUS-NEO...
Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
A custom Python-based proof-of-concept PoC exploit targeting Text4Shell CVE-2022-42889, a critical remote code execution vulnerability in Apache Commons Text versions 1.10. This exploit targets vulnerable Java applications that use the StringSubstitutor class with interpolation enabled, allowing...
Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
A Python script to check Next.js sites for corrupt middleware vulnerability CVE-2025-29927. The corrupt middleware vulnerability allows an attacker to bypass authentication and access protected routes by send a custom header x-middleware-subrequest. Next JS versions affected: - 11.1.4 and up...
Bytesrevealer - Online Reverse Enginerring Viewer
Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...
CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Firewall Manager API Project Installation Follow these steps to set up and run the API project: 1. Clone the Repository git clone https://github.com/adriyansyah-mf/CentralizedFirewall cd CentralizedFirewall 2. Edit the .env File Update the environment variables in .env according to your...
Maryam - Open-source Intelligence(OSINT) Framework
OWASP Maryam is a modular open-source framework based on OSINT and data gathering. It is designed to provide a robust environment to harvest data from open sources and search engines quickly and thoroughly. Installation Supported OS Linux FreeBSD Darwin OSX $ pip install maryam Alternatively, you...
TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Welcome to TruffleHog Explorer , a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine...
PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
PANO is a powerful OSINT investigation platform that combines graph visualization, timeline analysis, and AI-powered tools to help you uncover hidden connections and patterns in your data. Getting Started 1. Clone the repository: bash git clone https://github.com/ALW1EZ/PANO.git cd PANO 2. Run th...
Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
This project is a command line tool and python library that uses Wappalyzer extension and its fingerprints to detect technologies. Other projects emerged after discontinuation of the official open source project are using outdated fingerpints and lack accuracy when used on dynamic web-apps, this...
Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
Enhanced version of bellingcat's Telegram Phone Checker! A Python script to check Telegram accounts using phone numbers or username. ✨ Features 🔍 Check single or multiple phone numbers and usernames 📁 Import numbers from text file 📸 Auto-download profile pictures 💾 Save results as JSON 🔐 Secure...
Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
Torward is an improved version based on the torghost-gn and darktor scripts, designed to enhance anonymity on the Internet. The tool prevents data leaks and forces all traffic from our computer to be routed exclusively through the Tor network, providing a high level of privacy in our connections...
Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
Instagram Brute Force CPU/GPU Supported 2024 Use option 2 while running the script. Option 1 is on development Chrome should be downloaded in device. Compatible and Tested GUI Supported Operating Systems Only Python 3.13 x64 bit Unix / Linux / Mac / Windows 8.1 and higher Install Requirements pip...
QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
QuickResponseC2 is a stealthy Command and Control C2 framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS...
Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
A powerful Python script that allows you to scrape messages and media from Telegram channels using the Telethon library. Features include real-time continuous scraping, media downloading, and data export capabilities. \ / / / / | | / \ \ \ | | \ \ / \ || \ / / / / Features 🚀 Scrape messages...
Moukthar - Android Remote Administration Tool
Remote adminitration tool for android Features Permissions bypass android 12 below https://youtube.com/shorts/-w8H0lkFxb0 Keylogger https://youtube.com/shorts/Ll9dNrkjFOA Notifications listener SMS listener Phone call recording Image capturing and screenshots Video recording Persistence Read &...
Lobo Guará - Cyber Threat Intelligence Platform
Lobo Guará is a platform aimed at cybersecurity professionals, with various features focused on Cyber Threat Intelligence CTI. It offers tools that make it easier to identify threats, monitor data leaks, analyze suspicious domains and URLs, and much more. Features 1. SSL Certificate Search Allows...
Telegram-Story-Scraper - A Python Script That Allows You To Automatically Scrape And Download Stories From Your Telegram Friends
A Python script that allows you to automatically scrape and download stories from your Telegram friends using the Telethon library. The script continuously monitors and saves both photos and videos from stories, along with their metadata. Important Note About Story Access ⚠️ Due to Telegram API...
gitGRAB - This Tool Is Designed To Interact With The GitHub API And Retrieve Specific User Details, Repository Information, And Commit Emails For A Given User
This tool is designed to interact with the GitHub API and retrieve specific user details, repository information, and commit emails for a given user. Install Requests pip install requests Execute the program python3 gitgrab.py Download gitGRAB...
Snoop - OSINT Tool For Research Social Media Accounts By Username
OSINT Tool for research social media accounts by username Install Requests Install Requests pip install requests Install BeautifulSoup Install BeautifulSoup pip install beautifulsoup4 Execute the program Execute Snoop python3 snoop.py Download Snoop...
Lazywarden - Automatic Bitwarden Backup
Secure, Automated, and Multi-Cloud Bitwarden Backup and Import System Lazywarden is a Python automation tool designed to Backup and Restore data from your vault, including Bitwarden attachments. It allows you to upload backups to multiple cloud storage services and receive notifications across...
Docf-Sec-Check - DockF-Sec-Check Helps To Make Your Dockerfile Commands More Secure
DockF-Sec-Check helps to make your Dockerfile commands more secure. Done x First-level security notification in the Dockerfile TODO List Correctly detect the Dockerfile. Second-level security notification in the Dockerfile. Security notification in Docker images. Private Repository Installation...
SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAFWeb Application Firewall to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL...
PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...
Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library...
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...
File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable PE files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing : file-unpumper can fix and align the PE header...
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from th...
Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "showmodule" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We c...
BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or...
Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the...
ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again. Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/Imperius Download ModTracer...
DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology...
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance"Reconnaissance phase. And in...