6011 matches found
Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt
A tool to hunt for credentials in the GitHub wild AKA githunt Getting started 1. Install the tool 2. Configure your GitHub token 3. Search for credentials 4. See results cat results.json | jq Installation requirements: virtualenv, python3 1. git clone https://github.com/d1vious/git-wild-hunt &&...
HosTaGe - Low Interaction Mobile Honeypot
HosTaGe is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims on the detection of malicious, wireless network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check...
BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacke...
Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
Collect OSINT for GitLab groups and members and search the group and group members' snippets, issues, and issue discussions for sensitive data that may be included in these assets. The information gathered is intended to compliment and inform the use of additional tools such as TruffleHog or...
ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.
A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self contained di...
MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)
This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy : Documentation Documentation is available at...
SysWhispers2 - AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference BetweenSysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but...
ByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture
ByteDance-HIDS is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. ByteDance-HIDS comprises three major components: ByteDance-HIDS Agent, co-worked with ByteDance-HIDS Driver , is the...
Ssh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation
ssh-mitm is an intercepting mitm proxy server for security audits. Redirect/mirror Shell to anotherssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! - intercepting traffic to other hosts is now possible...
Stegbrute - Fast Steganography Bruteforce Tool Written In Rust Useful For CTF's
stegbrute is a fast steganography brute force tool written in Rust using also threads to achieve a faster execution Dependencies Stegbrute cannot run without steghide!, to install steghide run : apt-get install -y steghide if you are not in a debian distribution you can download it from steghide...
Pineapple-MK7-REST-Client - WiFi Hacking Workflow With Pineapple Mark 7 API
PINEAPPLE MK7 REST CLIENT The leading rogue access point and WiFi pentest toolkit for close access operations. Passive and active attacks analyze vulnerable and misconfigured devices. @HAK5 Author :: TW-D Version :: 1.0.2 Copyright :: Copyright c 2021 TW-D License :: Distributes under the same...
K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads
pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...
Umbrella_android - Digital And Physical Security Advice App
Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email;...
RadareEye - A Tool Made For Specially Scanning Nearby devices [BLE, Bluetooth And Wifi] And Execute Our Given Command On Our System When The Target Device Comes In-Between Range
A tool made for speciallyscanning nearby devicesBLE,Bluetooth & Wifi and execute our given command on our system when the target device comes in between range. NOTE:- RadareEye Owner will be not responsible if any user performs malicious activities using this tool. Use it for Learning purpose onl...
ProtOSINT - A Python Script That Helps You Investigate Protonmail Accounts And ProtonVPN IP Addresses
ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you in your OSINT investigation on Proton service for educational purposes only. ProtOSINT is separated in 3 sub-modules: 1 Test the validity of one protonmail...
Sigurls - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine
sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h | | / | |/ | | | | '| / | \ \ | | | || | | | \ \ |/|, |,|| ||/ v1.3.1 |/ USAGE: sigurls...
pongoOS - A Pre-Boot Execution Environment For Apple Boards
A pre-boot execution environment for Apple boards built on top of checkra1n. Building on macOS Install Xcode + command-line utilities make clean all Building on Linux Download Sam Bingner's iOS Toolchain Copy scripts/arm64-apple-ios12.0.0-clang to a directory in $PATH Adjust the TOOLCHAIN variabl...
Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go
Hello! Welcome. Wprecon Wordpress Recon, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Notice: Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner. Branch Dev Compile and Install Features Random Agent Detection WA...
MUD-Visualizer - A Tool To Visualize MUD Files
This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends of ACL rules which makes it difficult to read and validate the files manually. mud-visualizer wi...
Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...
Longtongue - Customized Password/Passphrase List Inputting Target Info
Customized Password/Passphrase List inputting Target Info Installation git clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.py Usage usage: longtongue.py -h -p | -c | -v -l | -L -y -n Customized Password/Passphrase List inputting Target Info optional arguments:...
Emp3R0R - Linux Post-Exploitation Framework Made By Linux User
linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect in future releases packer: cryptor + memfdcreate packer: use shmopen in older Linux kernels dropper: shellcode injector - python injector: inject shellcode...
Solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/ Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI. ============================================ | Collecting RabbitMQ...
Exif-Gps-Tracer - A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset
A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps Prerequisite To run this script fluently , 1 You should have Google Maps API 2 You should enable Map JavaScript API in Console To g...
UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)
A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a vulnerability, so th...
Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place
SARENKA is an Open Source Intelligence OSINT tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices https://censys.io/ , https://www.shodan.io/. It scraps data about Common Vulnerabilities and...
Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester
The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...
MaskPhish - Give A Mask To Phishing URL
MaskPhish is a simple script to hidephishing URL under a normal looking URLgoogle.com or facebook.com. Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws...
Drow - Injects Code Into ELF Executables Post-Build
drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables post-build. It takes unmodified ELF executables as input and exports a modified ELF contianing an embedded user-supplied payload that executes at runtime. Slightly more detail ... Drow takes the...
EvtMute - Apply A Filter To The Events Being Reported By Windows Event Logging
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging. Usage Grap the latest verison from here. EvtMuteHook.dll contains the core functionality, once it is injected it will apply a temporary filter which will allow all event...
XSS-Scanner - XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts
Cross-Site Scripting XSS is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by...
MOSINT - OSINT Tool For Emails
MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features: Verification Service Check if email exist Check social accounts with Socialscan Check data breaches need API Find related emails Find related phone numbers Find related domains Scan Pastebin...
Urlhunter - A Recon Tool That Allows Searching On URLs That Are Exposed Via Shortener Services
urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. How? A group named URLTeam kudos to them are brute forcing the URL shortener services and publishing matched results on a daily basis. urlhunter...
Byp4Xx - Simple Bash Script To Bypass "403 Forbidden" Messages With Well-Known Methods Discussed In #Bugbountytips
byp4xx.sh / / / // / / / / / / / // /| |// |// / // / // / // / / /./, / ./ // //|//|| /// A bash script to bypass "403 Forbidden" responses with well-known methods discussed in bugbountytips Installation: git clone https://github.com/lobuhi/byp4xx.git cd byp4xx chmod u+x byp4xx.sh Usage: Start...
HyperDbg - The Source Code Of HyperDbg Debugger
HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging...
Oblivion - Data Leak Checker And OSINT Tool
Oblivion is a tool focused in real time monitoring of new data leaks, notifying if the credentials of the user has been leak out. It's possible too verify if any credential of user has been leak out before. The Oblivion have two modes: Oblivion Client: graphical mode. Oblivion Server: mode with A...
RogueWinRM - Windows Local Privilege Escalation From Service Account To System
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account with SeImpersonatePrivilege to Local System account if WinRM service is not running default on Win10 but NOT on Windows Server 2019. Briefly, it will listen for incoming connection on port 5985 fakin...
Top 20 Most Popular Hacking Tools in 2020
Although 2020 has been the worst year since 1945, as last year, this year we made a ranking with the most popular tools between January and December 2020. Topics of the tools focus on Phishing, Information Gathering, Android Hacking Tools, Automation Tools,, among others. Without going into furth...
Wynis - Audit Windows Security With Best Practice
Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDITCONF%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus...
Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go
Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic request/responses with correct domain name into burp...
Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)
An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detectio...
ApkLeaks - Scanning APK File For URIs, Endpoints And Secrets
Scanning APK file for URIs, endpoints & secrets. Installation To install apkLeaks , simply: $ git clone https://github.com/dwisiswant0/apkleaks $ cd apkleaks/ $ pip install -r requirements.txt Or download at release tab. Dependencies This package works in Python2 not Python3. Install global...
Aura - Python Source Code Auditing And Static Analysis On A Large Scale
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attac...
Vulmap - Web Vulnerability Scanning And Verification Tools
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and ca...
Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine
An easy-to-use and lightweight API wrapper for the Censys Search Engine censys.io. Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYSAPIID and CENSYSAPISECRET environme...
Swego - Swiss Army Knife Webserver In Golang
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port default "8080" -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -da...
GRecon - Your Google Recon Is Now Automated
GRecon Greei-Conn is a simple python tool that automates the process of Google Based Recon AKA Google Dorking The current Version 1.0 Run 7 Search Queries 7 Micro-Plugins on the spicified Target Providing Awsome Results Current Version Run Google Search Queries to find : Subdomains Sub-Subdomains...
Kenzer - Automated Web Assets Enumeration And Scanning
Automated Web Assets Enumeration & Scanning Instructions for running 1. Create an account on Zulip 2. Navigate to Settings Your Bots Add a new bot 3. Create a new generic bot named kenzer 4. Add all the configurations in configs/kenzer.conf 5. Install/Run using - ./install.sh -b if you need...
Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yet...
0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)
0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...