Project iKy v2.7.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

Darkdump - Search The Deep Web Straight From Your Terminal

Darkdump is a simple script written in Python3.9 in which it allows users to enter a search term query in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump wraps up the darksearch.io API. Installation 1. git clone https://github.com/josh0xA/darkdump 2...

Diceware-Password-Generator - Python Implementation Of The Diceware Password Generating Algorithm

Please Note - This Program Do Not StorePasswords In Any Form And All The Passwords Are Generated Locally Inside You Device. Diceware is a method used to generate cryptographically strong memorable passphrases. This is a python implementation of the diceware password generating algorithm. Inspired...

BaphoDashBoard - Dashboard For Manage And Generate The Baphomet Ransomware

With this proyect we will be able to handle the data of the victims we obtain with Baphomet Ransomware. BaphoDashBoard is developed in C under framework dotnet-core 3.1. Both Baphomet Ransomware and BaphoDashBoard proyects are thrown out for educational purposes and so we can get something out of...

XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically

Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too Installation Become root sudo su Install Node.js and npm https://www.npmjs.com/get-npm or sudo apt install npm Download this repo files or gi...

PatrowlHears - PatrowlHears - Vulnerability Intelligence Center / Exploits

PatrOwl provides scalable, free and open-source solutions for orchestrating Security Operations and providing Threat Intelligence feeds. PatrowlHears is an advanced and real-time Vulnerability Intelligence platform, including CVE, exploits and threats news. Try it now! To try PatrowlHears, instal...

Patriot-Linux - Host IDS For Desktop Users

Patriot Linux is a HIDS for desktop users who wants real time graphical alerts when something suspicious happens Patriot detect: 1- Suspicious process running 2- New process starting TCP/IP Connection 3- Auditd alerts 4- New keyboards plugged Installation You need to configure Auditd with this...

ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock

It's a simple tool for test vulnerability shellshock Autor: MrCl0wn Blog: http://blog.mrcl0wn.com GitHub: https://github.com/MrCl0wnLab Twitter: https://twitter.com/MrCl0wnLab Email: mrcl0wnlab@\gmail.com Shellshock software bug Shellshock, also known as Bashdoor, is a family of security bugs in...

Cypher - Crypto Cipher Encode Decode Hash

All in one tools for CRYPTOLOGY. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzEISVu6IIqjydF1vTUDcdbKWD8Vdi1BM5fQfCGuAnFRSCrZIh04d17YDeNKsRw0CRJD8cQmlIloLRldnU-Rounz7YQAvc7MOENa22PJkMajWGZvAelxpm3EoWCFL0BCnfBRMV4Ly99Y/w640-h36...

ATTPwn - Tool Designed To Emulate Adversaries

ATTPwn is a computer security tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the MITRE ATT&CK framework. The goal is to simulate how a threat works in an intrusion scenario,...

Wifi-Password - Quickly Fetch Your WiFi Password And If Needed, Generate A QR Code Of Your WiFi To Allow Phones To Easily Connect

Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect. Works on macOS and Linux and Windows Installation Install usingpip $ python3 -m pip install --user wifi-password Install usinggit $ git clone...

Ditto - A Tool For IDN Homograph Attacks And Detection

Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡitter.com/ https://clᴏudflare.com Using with Docker The image on docker hub is...

COM-Code-Helper - Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code

Two IDAPython Scripts help you to reconstruct Microsoft COM Component Object Model Code Especially malware reversers will find this useful, as COM Code is still regularly found in malware. ClassAndInterfaceToNames.py This IDAPython script scans an idb file for class and interfaces UUIDs and creat...

Creepy - A Geolocation OSINT Tool. Offers Geolocation Information Gathering Through Social Networking Platforms

This project is currently not maintained. I haven't put any work on it since 2016 and with the current state of the API access to instagram and twitter, and the default settings for their geolocation features cree.py wouldn't be of much use. I will live the repository and site up for the time but...

ExecuteAssembly - Load/Inject .NET Assemblies

ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host spawnto process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI,...

GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. Installing GPOZaurr requires RSAT installed to provide results. If you don't have them you can install them as below. Keep in mind it also instal...

Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers

Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

Satellite - Easy-To-Use Payload Hosting

Satellite is an web payload hosting service which filters requests to ensure the correct target is getting a payload. This can also be a useful service for hosting files that should be only accessed in very specific circumstances. Quickstart Guide 1. Install satellite on Ubuntu using the .deb fil...

Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git...

Linux-Chrome-Recon - An Information Gathering Tool Used To Enumerate All Possible Data About An User From Google-Chrome Browser From Any Linux Distribution

"linux-chrome-recon" is a Information gathering tool used to enumerate all possible data about an user from Google-Chrome browser from any Linux distribution Intro 1.Loots possible data from Google-Chrome 2.Launches HTTP Server on /tmp directory Usefull 3.Simple script to receive data from...

OpenCSPM - Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain...

Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

Uroboros is a GNU/Linux monitoring tool focused on single processes. While utilities like top, ps and htop provide great overall details, they often lack useful temporal representation for specific processes, such visual representation of the process data points can be used to profile, debug and...

BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files

Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. Usage You need to dowload 2 external libraries: pdfbox poi-ooxml To install the...

Flawfinder - A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code

This is "flawfinder" by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more...

Web-Brutator - Modular Web Interfaces Bruteforcer

Fast Modular Web Interfaces Bruteforcer Install python3 -m pip install -r requirements.txt Usage $ python3 web-brutator.py -h . / \ / \ \ | \ \ / | / | \ // // | \ | | /\ \ | \ \ \ \ / \ \ \ /\ /| \ \ // | | \ | | / | /| | / | | | / /\ / \ / | / || |/ || /| /|| / / / / / Version 0.2...

MOSE - Post Exploitation Tool For Configuration Management Servers.

MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management CM technologies to leverage them to compromise environments. CM tools, such as Puppet, Chef, Salt, and Ansible are used to provision systems in a uniform manner based on...

OpenCVE - CVE Alerting Platform

OpenCVE , formerly known as Saucs , is a platform used to locally import the list of CVEs and perform searches on it by vendors, products, CVSS, CWE.... Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE. How does...

PSC - E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward

DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty...

SSRF-King - SSRF Plugin For Burp Automates SSRF Detection In All Of The Request

SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist It will soon have a user Interface to specifiy your own call back payload It will soon be able to test Json & XML Test for SMTP SSRF How to Install/Build git clone...

CSSG - Cobalt Strike Shellcode Generator

Adds Shellcode - Shellcode Generator to the Cobalt Strike top menu bar CSSG is an aggressor and python script used to more easily generate and format beacon shellcode Generates beacon stageless shellcode with exposed exit method, additional formatting, encryption, encoding, compression, multiline...

Arbitrium-RAT - A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux

Arbitrium is a cross-platform is a remote access trojan RAT, Fully UnDetectable FUD, It allows you to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding. It gives access to the local networks, you can use the targets as a HTTP proxy and access Router...

JWT Key ID Injector - Simple Python Script To Check Against Hypothetical JWT Vulnerability

Simple python script to check against hypothetical JWT vulnerability. Let's say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow:...

Tritium - Password Spraying Framework

A tool to enumerate and spray valid Active Directory accounts through Kerberos Pre-Authentication. Background Although many Kerberos password spraying tools currently exist on the market, I found it difficult to find tools with the following built-in functionality: The ability to prevent users fr...

SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools

New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...

Emba - An Analyzer For Linux-based Firmware Of Embedded Devices

emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify and focus on the interesting areas of a huge firmware image. Although emba is optimized for offline firmware images, it can test both, live systems and extract...

Batea - AI-based, Context-Driven Network Device Ranking

Batea is a context-driven network device ranking framework based on the anomaly detection family of machine learning algorithms. The goal of Batea is to allow security teams to automatically filter interesting network assets in large networks using nmap scan reports. We call those Gold Nuggets. F...

Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)

Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...

Shellex - C-shellcode To Hex Converter, Handy Tool For Paste And Execute Shellcodes In Gdb, Windbg, Radare2, Ollydbg, X64Dbg, Immunity Debugger And 010 Editor

C-shellcode to hex converter. Handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor. Are you having problems converting C-shellcodes to HEX maybe c-comments+ASCII mixed? Here is shellex. If the shellcode can be compiled in a C compiler...

Recon Simplified with Spyse

One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the...

WSuspicious - A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project:...

ATMMalScan - Tool for Windows which helps to search for malware traces on an ATM during the DFIR process

ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces on an ATM during the DFIR process. This tool examines the running processes of a system, as well as the hard disk, depending on the specified file path. To scan a system, ...

Xnuspy - An iOS Kernel Function Hooking Framework For Checkra1N'Able Devices

Output from the kernel log after compiling and running example/open1hook.c xnuspy is a pongoOS module which installs a new system call, xnuspyctl, allowing you to hook kernel functions from userspace. It supports iOS 13.x and 14.x on checkra1n 0.12.2 and up. 4K devices are not supported. Requires...

Zmap - A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PFRING, ZMap can scan the IPv4...

Sigurlx - A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does ...: Categorize URLs URLs' categories: endpoint js js style css data json|xml|csv archive zip|tar|tar.gz doc pdf|xlsx|doc|docx|txt media jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff Next, probe HTTP requests to th...

MetaFinder - Search For Documents In A Domain Through Google

Search For Documents In A Domain Through Google. The Objective Is To Extract Metadata. Installing dependencies: git clone https://github.com/Josue87/MetaFinder.git cd MetaFinder pip3 install -r requirements.txt Usage python3 metafinder.py -t domain.com -l 20 -v Parameters: t: Specifies the target...

WPCracker - WordPress User Enumeration And Login Brute Force Tool

WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password...

CDK - Zero Dependency Container Penetration Toolkit

CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily. Currently still unde...

Reconftw - Simple Script For Full Recon

This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run apt, rpm, pacman compatible git clone https://github.com/six2dez/reconftw cd reconftw chmod +x .sh ./install.sh ./reconftw.sh -d target.com -a...

MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Weapons OS | Type | Name | Description ---|---|---|--- All | Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security RMS - is a powerful web interface that helps you to manipulate Android and iOS Apps at...