MSFPC - MSFvenom Payload Creator

A quick way to generate various "basic" Meterpreter payloads via msfvenom part of the Metasploit framework. About MSFvenom Payload Creator MSFPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce...

Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark

kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Tests are configured with YAML files, making this tool easy to update as test specifications evolve. Please Note 1. kube-bench implements the CIS...

EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...

Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../ install : sudo pip3 install -r requirements.txt EvilNet Attack Network Scan Network Wifi Attack !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfriWP5PH79tY6f...

Xeexe - Undetectable And XOR Encrypting With Custom KEY (FUD Metasploit RAT)

Undetectable Reverse shell & Xor encrypting with custom KEYFUD Metasploit Rat bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,...PYTHON 3 Undetectable Reverse shell Metasploit Rat Xeexe is an FUD exploiting tool which compiles a malware with famous payload, and then the...

BSF - Botnet Simulation Framework

BSF provides a discrete simulation environment to implement and extend peer-to-peer botnets, tweak their settings and allow defenders to evaluate monitoring and countermeasures. Synopsis In the arms race between botmasters and defenders, the botmasters have the upper hand, as defenders have to...

Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...

Screenspy - Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)

Capture user screenshots using shortcut file Bypass SmartScreen/Defender. Suport Multi-monitor Legal disclaimer: Usage of ScreenSpy for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers...

VBSmin - VBScript Minifier

VBScript minifier Features Remove extra whitespace Trailing whitespace Leading whitespace Blank lines Inline extra spaces Remove comments Single quote start of the line Single quote inline REM One-line Line splitting underscore Colon Quick start Quick install $ gem install vbsmin See more install...

Cloudtopolis - Cracking Hashes In The Cloud For Free

Cloudtopolis is a tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended and also, free!. Requirements Have 1 Google account at least. Installation Cloudtopolis installation is carried out in two phases: Phase 1...

Spyse: All-In-One Cybersecurity Search Engine

Spyse is a cybersecurity search engine for finding technical information about different internet entities, business data, and vulnerabilities. It’s an all-in-one platform for fast and effortless reconnaissance without using any additional tools. Spyse engine implements a ready-to-use database wi...

Colabcat - Running Hashcat On Google Colab With Session Backup And Restore

Run Hashcat on Google Colab with session restore capabilities with Google Drive. Usage Go to the link below to open a copy of the colabcat.ipynb file in Google Colab: https://colab.research.google.com/github/someshkar/colabcat/blob/master/colabcat.ipynb Click on Runtime, Change runtime type, and...

CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner

A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind ! Misconfiguration type thisscanner can check for Reflect Origin checks Prefix Match Suffix Match Not Esacped Dots Null ThirdParties Like = github.io, repl.it etc. Taken from Chenjj's...

How to Free Recover Deleted Files on Your Mac

There are many scenarios where you would want to recover deleted data from your Mac. These deleted files could be your important photos, official documents, financial records, etc. Loss of such data can cause you unnecessary emotional and financial harm. However, you can make use of data recovery...

Sifter 7.4 - OSINT, Recon & Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit...

Hmmcookies - Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)

Grab cookies from Firefox, Chrome, Opera using a shortcut file bypass UAC Legal disclaimer: Usage of HMMCOOKIES for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability an...

Business Secure: How AI is Sneaking into our Restaurants

Prior to pandemic days, the restaurant industry talked of computers that might end up taking over their daily responsibilities. They’d joke about how a kiosk can communicate orders to the kitchen, much like they can. Well, now that we live in a global world that will be reluctant to dine with...

InQL - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata...

TokenBreaker - JSON RSA To HMAC And None Algorithm Vulnerability POC

Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokens Try out this vulnerability here TheNone Usage usage: TheNone.py -h -t TOKEN TokenBreaker:...

SAyHello - Capturing Audio (.Wav) From Target Using A Link

Capturing audio .wav from target using a link How it works? After the user grants microphone permissions, a website redirect button of your choice is released to distract the target while small audio files about 4 seconds in wav format are sent to the attacker. It uses Recorderjs, plugin for...

Lynis 3.0.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

O.G. AUTO-RECON - Enumerate A Target Based Off Of Nmap Results

Enumerate a target Based off of Nmap Results Features The purpose of O.G. Auto-Recon is to automate the initial information gathering phase and then enumerate based off those results as much as possible. This tool is intended for CTF's and can be fairly noisy. Not the most stealth conscious tool...

Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline

This Script Supports Only Zip File in This Version You Can Also Use This Script With crunch Cross-platform Supported Usage: zipcracker.py options Options: --version show program's version number and exit -h, --help show this help message and exit -f FILENAME, --file=FILENAME Please Specify Path o...

DroidTracker - Script To Generate An Android App To Track Location In Real Time

Script to generate an Android App to track location in real time Features: Custom App Name 2 Port Forwarding options Ngrok or using SSH Tunneling with Serveo.net Obfuscated URL by Tinyurl Fully Undetectable Legal disclaimer: Usage of DroidTracker for attacking targets without prior mutual consent...

Iox - Tool For Port Forward &Amp; Intranet Proxy

Tool for port forward & intranet proxy, just like lcx/ew, but better Why write? lcx and ew are awesome, but can be improved. when I first used them, I can't remember these complicated parameters for a long time, such as tran, slave, rcsocks, sssocks.... The work mode is clear, why do they design...

OSS-Fuzz - Continuous Fuzzing Of Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of...

Vhosts-Sieve - Searching For Virtual Hosts Among Non-Resolvable Domains

Searching for virtual hosts among non-resolvable domains. Installation git clone https://github.com/dariusztytko/vhosts-sieve.git pip3 install -r vhosts-sieve/requirements.txt Usage Get a list of subdomains e.g. using Amass $ amass enum -v -passive -o domains.txt -d example.com -d...

Formphish - Auto Phishing Form-Based Websites

Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page. Features: Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer: Usage of Formphish for attacking targets without prior mutual consent is illegal...

SGN - Encoder Ported Into Go With Several Improvements

SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with...

TeaBreak - A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!

TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work productivity. We know how much health is important. It is recommended to take break from your work to avoid burnout, reduce eye strain and other health problems. How? Set yo...

Digital Signature Hijack - Binaries, PowerShell Scripts And Information About Digital Signature Hijacking

Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell code and binaries. This could assist to bypass Device Guard restrictions and maintain stealthy in an engagement. DigitalSignatureHijack is a PowerShell script based on...

SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files

SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of...

Fsociety - A Modular Penetration Testing Framework

Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety -h -i -s A Penetration Testing Framework optional arguments: -h, --help show this help message and exit -i, --info gets fsociety info -s, --suggest suggest a tool Develop git clone...

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...

Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom right now is perfect for teams as small as one person, without costing you much at all to run. And by not much to run at all, I mean, less than 5 bucks a month if you use...

Fast-Google-Dorks-Scan - Fast Google Dorks Scan

A script to enumerate web-sites using Google dorks. Usage example: ./FGDS.sh megacorp.one Version: 0.035, June 07, 2020 Features: 1. Looking for the common admin panel 2. Looking for the widespread file types 3. Path traversal 4. Prevent Google banning Download Fast-Google-Dorks-Scan...

URLCADIZ - A Simple Script To Generate A Hidden Url For Social Engineering

A simple script to generate a hidden url for social engineering. Legal disclaimer: Usage of URLCADIZ for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not...

Shodanfy.py - Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)

Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan no apikey! no rate limit! Usage python3 shodanfy.py OPTIONS e.g: python3 shodanfy.py 111.111.111.111 python3 shodanfy.py 111.111.111.111 --getports python3 shodanfy.py 111.111.111.111 --getvuln python3 shodanfy.py...

KatroLogger - KeyLogger For Linux Systems

KeyLogger for Linux Systems. Features Runs on GUI systems or CLI Sending data by email Dependencies curl libx11-dev Debian-Based libX11-devel RHEL-Based Compiling ./configure make make install Usage katrologger --output /path/file Send data by e-mail: katrologger --smtp-help Fixing problems...

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from https://attack.mitre.org/ about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone...

EvilPDF - Embedding Executable Files In PDF Documents

Read the license before using any part from this code : Hiding executable files in PDF documents Legal disclaimer: Usage of EvilPDF for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers...

Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip

Chrome extension for Instantaccess to your bug bounty submission dashboard of various platforms + publicly disclosed reports + bugbountytip Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark,...

RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types e.g., java.lang.String, can be exploited by replacing the object with a serialize...

Atlas - Quick SQLMap Tamper Suggester

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Screen Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas $ cd atlas $ python atlas.py python3+ Usage $ python atlas.py --url...

Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other...

BabyShark - Basic C2 Server

This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types...

URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage

URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage. Homepage: https://www.morningstarsecurity.com/research/urlcrazy Use Cases Detect typo squatters profiting from typos on your domain name...

Impost3r - A Linux Password Thief

Impost3r is a tool that aim to steal many kinds of linux passwordsincluding ssh,su,sudo written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD This tool is limited to security research and teaching, and the user bears all legal and related responsibilities...

Tangalanga - The Zoom Conference Scanner Hacking Tool

Zoom Conference scanner. This scanner will check for a random meeting id and return information if available. Usage This are all the possible flags: tangalanga \ -token=user-token \ default: env TOKEN user token to use. -colors=false \ default: true enable/disable colors -censor=true \ default:...

Spyeye - Script To Generate Win32 .Exe File To Take Screenshots

Script to generate Win32 .exe file to take screenshots every 10 seconds. Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable FUD - Don't Upload to virustotal.com! Legal disclaimer: Usage of SpyEye for attacking targets without prior mutual consent is illegal. It's the end...

Words Scraper - Selenium Based Web Scraper To Generate Passwords List

Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...