6011 matches found
APICheck - The DevSecOps Toolset For REST APIs
APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: Developers...
Nethive-Project - Restructured And Collaborated SIEM And CVSS Infrastructure
The Nethive Project provides a Security Information and Event Management SIEM insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection Detection Server-side XSS Detection based on Chrome's XSS Auditor Post-exploitation Detection powered by Auditbea...
Binbloom - Raw Binary Firmware Analysis Software
The purpose of this project is to analyse a raw binary firmware and determine automatically some of its features. This tool is compatible with all architectures as basically, it just does simple statistics on it. In order to compute the loading address, you will need the help of an external rever...
eDEX-UI - A Cross-Platform, Customizable Science Fiction Terminal Emulator With Advanced Monitoring &Touchscreen Support
eDEX-UI is a fullscreen, cross-platform terminal emulator and system monitor that looks and feels like a sci-fi computer interface. Heavily inspired from the TRON Legacy movie effects especially the Board Room sequence, the eDEX-UI project was originally meant to be "DEX-UI with less « art » and...
Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM
Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...
Scrying - A Tool For Collecting RDP, Web And VNC Screenshots All In One Place
A new tool for collecting RDP, web and VNC screenshots all in one place This tool is still a work-in-progress and should be mostly usable but is not yet complete. Please file any bugs or feature requests as GitHub issues Caveats Web screenshotting relies on Chromium or Google Chrome being install...
Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android's Google Play Cor...
iSH - Linux Shell For iOS
A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store page TestFlight beta Discord server Wiki with help and tutorials README in Chinese may be out of date, i...
Grype - A Vulnerability Scanner For Container Images And Filesystems
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubunt...
TASER - Python3 Resource Library For Creating Security Related Tooling
TASER T esting A nd SE ecurity R esource is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenario...
JWT-Hack - Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)
jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast crackingdict/brutefoce Installation go-getdev version $ go get -u github.com/hahwul/jwt-hack homebrew $ brew tap hahwul/jwt-hack $ brew install jwt-hack snapcraft $...
Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats
An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...
CobaltStrikeScan - Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration
Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence of DLL injection classic or reflective injection and performs a YARA scan on the target process' memory for Cobalt Strike v3 and v4 beacon signatures...
Manuka - A Modular OSINT Honeypot For Blue Teamers
Manuka is an Open-source intelligence OSINT honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and trac...
Pesidious - Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks
Malware Mutation using Deep Reinforcement Learning and GANs The purpose of the tool is to use artificial intelligence to mutate a malware PE32 only sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researche...
AutoGadgetFS - USB Testing Made Easy
What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to condu...
NoSQLi - NoSql Injection CLI Tool
NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to...
GitDorker - A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks
GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query. The Primary purpose of GitDorker is to provide the user with a clean and...
Oregami - IDA Plugins And Scripts For Analyzing Register Usage Frame
""" What is this register used for? Hmm.. I'll just rename it to veryuniquename, do a textual search, and find all references! Ok.. Waiting for the search to end.. any minute now.. Done! Now I just need to understand which of the search result is relevant to the current usage frame of the registe...
NTLMRawUnHide - A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool was developed to extract NTLMv2 hashes from files generated by native Windows binaries like NETSH.EXE and PKTMON.EXE without conversion. The following bina...
MalwareSourceCode - Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages
Malware Source Code Collection !!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in this repository. Download, compile or run at your own risk Contents: This repository contains the source code for the following: . ├── Acad ├── Engines │ ├── BAT │ ├── Linux...
Pwndoc - Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilitie...
Zap-Hud - The OWASP ZAP Heads Up Display (HUD)
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with a Heads Up Display Video: The OWASP ZAP HUD - Usable Security Tooling Wiki: Inside the HUD Using the HUD Downloading You can try out ZAP enabled with the HUD via any of: Downloa...
PatchChecker - Web-based Check For Windows Privesc Vulnerabilities
This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application running on flask that provides output similar to that of Watson. However by using PatchChecker, one is not required to execute a binary on the target machine. Included in this...
Apk-Medit - Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk
Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can b...
SSJ - Your Everyday Linux Distribution Gone Super Saiyan
SSJ is s silly little script that relies on docker installed on your everyday Linux distribution Ubuntu, Debian, etc. and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance as containers utilize the host kernel and thus is a...
RmiTaste - Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria
RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows to call remote method with specific parameters. Disclaimer RmiTaste was written to aid security professionals in identifying insecure...
Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...
Simple-Live-Data-Collection - Simple Live Data Collection Tool
How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd server python main.py Admin cd...
TheCl0n3r - Tool To Download And Manage Your Git Repositories
TheCl0n3r will allow you to download and manage your git repositories. Preface About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new testing...
Eagle - Yet Another Vulnerability Scanner
Project Eagle is a plugin based vulnerabilities scanner with threading support used for detection of low-hanging bugs on mass scale .---. .----------- / \ / ------ / / \ / ----- ////// ' / --- Multipurpose vulnerability scanner //// / // : : --- v1.0b / / / / '-- 2019-2020 //..\ ====UU====UU====...
HackBrowserData - Decrypt Passwords/Cookies/History/Bookmarks From The Browser
hack-browser-data is an open-source tool that could help you decrypt data passwords / bookmarks / cookies / history from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux. Supported Browser Windows Browser | Password | Cookie | Bookmark | Histor...
Mail-Swipe - Script To Create Temporary Email Addresses And Receive Emails
Mail Swipe is a python script that helps you to create temporary email addresses and receive emails at that address. It uses the API provided by 1secmail to create emails addresses and fetch emails. You can either generate your own email address or you can generate a random email address using th...
Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power
Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList Mode only but will surely get an Update with BruteForce Mode Dedicated WebSite:https://devim-stuffs.github.io/zracker/ Link to Post on...
Mikrot8Over - Fast Exploitation Tool For Mikrotik RouterOS
mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4 This is reworked original Mikrotik Exploit. Added Python 2 compatibility and multithreading scan features. Python version Utility was tested on a python2.6 , python2.7 , python3. If you have found any bugs, don't hesitate to...
MEDUZA - A More Or Less Universal SSL Unpinning Tool For iOS
"MEDUZA" "медуза" means "jellyfish" in Ukrainian What is MEDUZA? It's a Frida-based tool, my replacement for SSLKillSwitch. I created it for in-house use, but then decided to opensource it. TBH, I hate open source, but the world is full of compromises... : How does it work? It's simple. First tim...
Nuubi Tools - Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...
DamnVulnerableCryptoApp - An App With Really Insecure Crypto
Why? If you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO. This project was created with some key...
O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page. Usage o365enum will read usernames from the file provided as first parameter. The file should have one username per line. The output is CSV-based for easier parsing. Valid status can be 0 invalid...
Wave-Share - Serverless, Peer-To-Peer, Local File Sharing Through Sound
A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser. Nearby devices negotiate the WebRTC connection by exchanging the necessary Session Description Protocol SDP data via a sequence of audio tones. Upon successful...
Gitjacker - Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only...
NashaVM - A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI
Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installation git clone https://github.com/Mrakovic-ORG/NashaVM --recurse cd NashaVM\NashaVM nuget restore msbuild Limitations Slow Several instructions are not implemented Can bug Dependencies dnlib .NET Framework 4.0...
SwiftBelt - A macOS Enumeration Tool Inspired By Harmjoy'S Windows-based Seatbelt Enumeration Tool
SwiftBelt is a macOS enumerator inspired by @harmjoy's Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc. to perform system enumeration. This can be...
C41N - An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points, and Evil Twin attacks. c41n sets up an access point with user defined characteristics interface, name and channel for the access point, sets up DHCP server for the access...
vPrioritizer - Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization
As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry and it’s safe to assume that count is going to increase furthermore. It’s a huge number of vulnerabilities to assess and remediate effectively and quickly. So today...
CSRFER - Tool To Generate CSRF Payloads Based On Vulnerable Requests
CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template. Installation / / | \ | | \ | / /\ --.| |/ / | | | | |/ / | | --. \ /| | | || / | /// / |\ |...
GHunt - Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...
Offering Users More For Their Activity - Similar Items Upon Checkout
The shopping isn't finished once you've purchased your item. If you've ever done shopping online, then you know all about being presented with related items to the one you just purchased. This feature is common for online retail websites and quite useful for both the consumer and the producers. I...
Lockphish - The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
Lockphish it's the first tool 07/04/2020 for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial:https://www.kalilinux.in/2020/05/lockphish.html Author: The Linux Choice Who deleted his GitHub repository...
IoTMap - Research Project On Heterogeneous IoT Protocols Modelling
IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as a part of a PhD thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocol as this time : BLE, ZigB...