Saycheese - Grab Target'S Webcam Shots By Link

Take webcam shots from target just sending a malicious link. How it works? The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia. The MediaDevices.getUserMedia method prompts the user for...

Kaiten - A Undetectable Payload Generation

A Undetectable Payload Generation. This tool is for educational purpose only, usage of Kaiten for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage cause by this program. Official Kaiten Repository. What is i...

Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce the second release of 2020, Kali Linux 2020.1.2 A quick overview of what’s new since January: KDE Plasma Makeover & Login PowerShell by Default. Kind of. Kali on ARM Improvements Lessons From The Installer Changes New Key Packages & Icons Behind the Scenes,...

Clipboardme - Grab And Inject Clipboard Content By Link

Grab/Inject Clipboard Content Browsers are implementing a new JavaScript API for asynchronous clipboard access to integrate copy and paste into web applications. It is a replacement for the synchronous execCommand-based copy & paste. Async Clipboard requests doesn't block the page while waiting t...

Threadtear - Multifunctional Java Deobfuscation Tool Suite

Threadtear is a multifunctional deobfuscation tool for java. Suitable for easier code analysis without worrying too much about obfuscation. Even the most expensive obfuscators like ZKM or Stringer are included. It also contains older deobfuscation tools from my github account, but it can also be...

Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack

wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack...

Catchyou - FUD Win32 Msfvenom Payload Generator

Fully Undetectable Win32 MSFVenom Payload Generator meterpreter/shell reverse tcp Author: github.com/thelinuxchoice/catchyou Twitter: twitter.com/linuxchoice Please, don't upload to VirusTotal! Usehttps://antiscan.me Features: Fully Undetectable Win32 MSFVenom Payload meterpreter/shell reverse tc...

PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...

Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration

Exegol is a fully configured kali light base with a few useful additional tools 50, a few useful resources scripts and binaries for privesc, credential theft etc. and some configuration oh-my-zsh, history, aliases, colourized output for some tools. It can be used in pentest engagements and...

GDBFrontend - An Easy, Flexible And Extensionable GUI Debugger

GDBFrontend is an easy, flexible and extensionable gui debugger. Installing Deb Package Debian / Ubuntu / KDE Neon You can install GDBFrontend via deb package for Debian-based distributions. You can install it from following commands: echo "deb trusted=yes https://oguzhaneroglu.com/deb/ ./" | sud...

Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages

Shellerator is a simple command-line tool aimed to help pentesters quickly generate one-liner reverse/bind shells in multiple languages Bash, Powershell, Java, Python.... This project is inspired by Print-My-Shell. I just rewrote it and added some options and glitter to it. The lists ofreverse an...

Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity. Installation git clone https://github.com/cwolff411/powerob Usage python3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1 Takes an INPUTFILE obfuscates it and dumps the obfuscated version...

How to Set Up a VPN on Kodi in 2 Minutes or Less

VPNs are useful for masking your identity when online. Without a VPN, you run the risk of having your data exposed to your Internet Service Provider ISP. This is something that you should think about since your ISP has access to all of your data, including the streaming data from your streaming...

PowerSploit - A PowerShell Post-Exploitation Framework

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution Execute code on a target machine. Invoke-DllInjection Injects a Dll into the...

HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace. Often, this i...

Nexphisher - Advanced Phishing Tool For Linux & Termux

NexPhisher is an automated Phishing tool made for Termux & Linux .The phishing Pages are Taken from Zphisher under GNU General Public License v3.0 . This tool has 37 Phishing Page Templates of 30 Websites.There are 5 Port Forwarding Options including Localhost !! If you copy then give me the...

TorghostNG - Make All Your Internet Traffic Anonymized Through Tor Network

TorghostNG is a tool that make all your internet traffic anonymized through Tor network. Rewritten from TorGhost with Python 3. TorghostNG was tested on: Kali Linux Manjaro ... Before you use TorghostNG For the goodness of Tor network, BitTorrent traffic will be blocked by iptables. Although you...

Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module

A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan module. Usage hacker@blackarch $ sshprank -H --== sshprank by nullsecurity.net ==-- usage sshprank opts | modes -h - single host to crack. multiple ports can be seperated by comma, e.g.: 22,2022,22222 default...

Generator-Burp-Extension - Everything You Need About Burp Extension Generation

Everything You Need About Burp Extension Generation Installation First, install Yeoman and generator-burp-extension using npm we assume you have pre-installed node.js. npm install -g yo npm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featur...

Parsec - Secure Cloud Framework

Homepage: https://parsec.cloud Documentation: https://parsec-cloud.readthedocs.org. Parsec is a free software AGPL v3 aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access an...

Invoker - Penetration Testing Utility

Penetration testing utility. The goal is to use this tool when access to some Windows OS features through GUI is restricted. Some features require administrative privileges. Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a...

Authelia - The Single Sign-On Multi-Factor Portal For Web Apps

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through...

OSSEM - A Tool To Assess Data Quality

A tool to assess data quality, built on top of the awesome OSSEM project. Mission Answer the question: I want to start hunting ATT&CK techniques, what log sources and events are more suitable? Create transparency on the strengths and weaknesses of your log sources Provide an easy way to evaluate...

Klar - Integration Of Clair And Docker Registry

Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...

Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.

PowerShell script for connecting to a remote host. Remote host will have full control over client's PowerShell and all its underlying commands. Tested with PowerShell v5.1.18362.752 on Windows 10 Enterprise OS 64 bit. Made for educational purposes. I hope it will help! How to Run Change the IP...

INTERCEPT - Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works ...

Thoron Framework - Tool To Generate Simple Payloads To Provide Linux TCP Attack

About Thoron Framework Thoron Framework is a Linux post-exploitation framework that exploit Linux tcp vulnerability to get shell-like connection. Thoron Framework is used to generate simple payloads to provide Linux tcp attack. Getting started Thoron installation cd thoron chmod +x install.sh...

SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel...

Runtime Mobile Security (RMS) - A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime

Runtime Mobile Security RMS , powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime. You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scrip...

Elemental - An MITRE ATTACK Threat Library

Elemental is a centralized threat library of MITRE ATT&CK techniques, Atomic Red Team tests, and over 280 Sigma rules. It provides an alternative way to explore the ATT&CK dataset, mapping relevant Atomic Red Team tests and Sigma rules to their respective technique. Elemental allows defenders to...

ROADtools - The Azure AD Exploration Framework

R ogue O ffice 365 and A zure active D irectory tools ROADtools is a framework to interact with Azure AD. It currently consists of a library roadlib and the ROADrecon Azure AD exploration tool. ROADlib ROADlib is a library that can be used to authenticate with Azure AD or to build tools that...

Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog,...

wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX

wxHexEditor is another Free Hex Editor, build because there is no good hex editor for Linux system, specially for big files. Low Level Data Recovery with wxHexEditor wxHexEditor is not an ordinary hex editor, but could work as low level disk editor too. If you have problems with your HDD or...

DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins BTC, in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox,...

Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nucle...

Print-My-Shell - Tool To Automate The Process Of Generating Various Reverse Shells

"Print My Shell" is a python script, wrote to automate the process of generating various reverse shells based on PayloadsAllTheThings and Pentestmonkey reverse shell cheat sheets. Using this script you can easily generate various types of reverse shells without leaving your command line. This...

S3Reverse - The Format Of Various S3 Buckets Is Convert In One Format

The format of various s3 buckets is convert in one format. for bugbounty and security testing. Install $ go get -u github.com/hahwul/s3reverse Usage Input options Basic Usage 8""""8 eeee 8"""8 8"""" 88 8 8"""" 8"""8 8""""8 8"""" 8 8 8 8 8 88 8 8 8 8 8 8 8eeeee 8 8eee8e 8eeee 88 e8 8eeee 8eee8e...

Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach

Pwned is a simple command-line python script to check if you have a password that has been compromised in a data breach. This script uses haveibeenpwned API to check whether your passwords were leaked during one of the many breaches of online services. This API uses k-Anonymity model that allows ...

Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company

should-i-trust is a tool to evaluate OSINT signals for a domain. Requirements should-i-trust requires API keys from the following sources: Censys.io - Free for for first 250/quries/month VirusTotal - Free GrayHatWarFare - Free with limited results Use Case You're part of a review board that's...

Wotop - Web On Top Of Any Protocol

WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTPS traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic possibly after ...

Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data

This tool is written in python2, the purpose of this tool is to parse all the results from Bing search.Basically whenever a firebaseio URL is found for an app , User instead of searching for sensitive data by going manually through the search results can use this tool.This tool works by using the...

Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C

Lulzbuster is a very fast and smart web directory and file enumeration tool written in C. Usage $ lulzbuster -H / / / / / / / / / / / / / / / / / / / / / / / / / / // / / / // // / // // / / //,// //./,///// --== by nullsecurity.net ==-- usage lulzbuster -s opts | target options -s - start...

Impulse - Impulse Denial-of-service ToolKit

Modern Denial-of-service ToolKit Main window Methods: Method | Target | Description ---|---|--- SMS | +PHONE | SMS & CALL FLOOD NTP | IP:PORT | NTP amplification is a type of Distributed Denial of Service DDoS attack in which the attacker exploits publically-accessible Network Time Protocol NTP...

Nullscan - A Modular Framework Designed To Chain And Automate Security Tests

A modular framework designed to chain and automate security tests. It parses target definitions from the command line and runs corresponding modules and their nullscan-tools afterwards. It can also take hosts and start nmap first in order to perform a basic portscan and run the modules afterwards...

githubFind3r - Fast Command Line Repo/User/Commit Search Tool

githubFind3r is a very fast command line repo/user/commit search tool Installation git clone https://github.com/atmoner/githubFind3r.git cd githubFind3r npm install Run it node githubFind3r.js Download githubFind3r...

Httpgrep - Scans HTTP Servers To Find Given Strings In URIs

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H --== httpgrep by nullsecurity.net ==-- usage httpgrep -h -s opts | opts -h - single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24,...

Adamantium-Thief - Decrypt Chromium Based Browsers Passwords, Cookies, Credit Cards, History, Bookmarks

Get chromium browsers: passwords, credit cards, history, cookies, bookmarks. Chrome 80 is supported! Examples: Getpasswords from browsers: Stealer.exe PASSWORDS Get credit cards from browsers: Stealer.exe CREDITCARDS Get history from browsers: Stealer.exe HISTORY Get bookmarks from browsers:...

Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)

Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...

Flux-Keylogger - Modern Javascript Keylogger With Web Panel

Modern javascript keylogger with web panel Web panel: Logging: Keylogger Cookies Location Remote IP User-Agents Installation server files: Upload files from server directory to you server Change default username, password in flux.php Go to http://you.host/flux.php Click build Now inject script ta...