Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)

Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting each and...

goBox - GO Sandbox To Run Untrusted Code

GO sandbox to run untrusted code. goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. Usage Usage of ./gobox: gobox FLAGS command flags: -h Print Usage. -n value A glob pattern for automatically blocking file reads. -y value A...

RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256

JWT Attack to change the algorithm RS256 to HS256 Usage usage: RS2562HS256JWT.py -h payload pubkey positional arguments: payload JSON payload from JWT to attack pubkey Public key file to use for signing optional arguments: -h, --help show this help message and exit Example Download RS256-2-HS256...

PEASS - Privilege Escalation Awesome Scripts SUITE

Here you will find privilege escalation tools for Windows and Linux/Unix in some near future also for Mac. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the...

Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m...

DNSProbe - A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers

DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. Features Simple and Handy utility to query DNS records. Usage dnsprobe -h This will display help for the tool. Here are all the switches it...

Crescendo - A Swift Based, Real Time Event Viewer For macOS - It Utilizes Apple's Endpoint Security Framework

Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework. Getting Started Apple has introduced some new security mechanisms that we need to enable to get Crescendo running. 1.- Ensure that you have moved the app to your /Applications director o...

Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...

crauEmu - An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks

crauEmu is an uEmu extension for developing and analyzing payloads for code-reuse attacks. Slides from ZeroNights 2019 Demo 1 - X32-64, Edge, rop-gadgets from pwnjs Demo 2 - ARM64, checkm8 callback-chain Mascot designed by@kottsarapkin RopEditor Installation 1. Put the file crauEmu.py in same...

Htbenum - A Linux Enumeration Script For Hack The Box

This script is designed for use in situations where you do not have internet access on a Linux host and would like to run enumeration and exploit suggestion scripts, such as Hack The Box. I find myself running a similar set of scripts when I get an initial foothold on a Linux box, and this script...

Domained - Multi Tool Subdomain Enumeration

A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...

Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities

Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only. Exfiltration How-To /etc/shadow - HTTP GET requests Server ./lollipopz-cli.py -m lollipopz.methods.http.paramcipher.GETServer -lp 80 -o output.log Client $ ./lollipopz-cli.py...

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

Inhale - A Malware Analysis And Classification Tool

Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations. This is the beta release version, for testing purposes, feedback, and community development. Background Inhale started as a series of small scripts that I used when...

Privacy Badger - A Browser Extension That Automatically Learns To Block Invisible Trackers

Privacy Badger is a browser extension that automatically learns to block invisible trackers. Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web. Privacy Badger sends the Do Not Track signal with your browsing...

Audix - A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring

Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window's Audit Policies are restricted by default. This means that for Incident Responders, Blue Teamers, CISO's & people looking to monitor their environment through use of Windows Event Logs, must configure the audit...

Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...

Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory

A lightweight native DLL mapping library that supports mapping directly from memory Features Imports and delay imports are resolved Relocations are performed Image sections are mapped with the correct page protection Exception handlers are initialised A security cookie is generated and initialise...

Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations

Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding what is going to be the next step within an operation. Collecting and analysing data of running processes from compromised systems gives us a wealth of information and helps us to...

Eavesarp - Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)

A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful in those dreaded situations where LLMNR/NBNS aren't in use for name resolution. Requirements/Installation This is only gon' work on Kali or other Debian-basedLinux...

Richkit - Domain Enrichment Toolkit

Richkit is a python3 package that provides tools taking a domain name as input, and returns addtional information on that domain. It can be an analysis of the domain itself, looked up from data-bases, retrieved from other services, or some combination thereof. The purpose of richkit is to provide...

Chromepass - Hacking Chrome Saved Passwords

Chromepass is a python-based console application that generates a windows executable with the following features: Decrypt Chrome saved paswords Send a file with the login/password combinations remotely email or reverse-http Custom icon Completely undetectable by AntiVirus Engines AV Detection! Du...

Tentacle - A POC Vulnerability Verification And Exploit Framework

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. Still in DEV... Install pip3 install -r...

Tails 4.5 - Live System to Preserve Your Privacy and Anonymity

The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot. This release also fixes many security vulnerabilities. You should upgrade as soon as possible. New features Secure Boot Tails now starts on computers with Secure Boot enabled. If your Mac displays the...

MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)

A password spraying tool for Microsoft Online accounts Azure/O365. The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! Why...

Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...

DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests

This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple files Gzip compression supported Now supports...

OSSEM - Open Source Security Events Metadata

The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...

Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State

Use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdb echo "python import angrgdb.commands" /.gdbinit Usage angrgdb implements the angrdbg API in GDB. You can use it in scripts like this: from angrgdb import gdb.execute"b 0x004005f9" gdb.execute"r...

SSHPry v2.0 - Spy and Control os SSH Connected client's TTY

This is a second release of SSHPry tool, with multiple features added. Control of target's TTY Built-In Keylogger Console-Level phishing Record & Replay previous sessions Demo Blogpost: http://www.korznikov.com/2017/09/sshpry-v2-spy-control-ssh-connected.html Twitter: @nopernik Howto ./sshpry2.py...

HikPwn - A Simple Scanner For Hikvision Devices

HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born out of curiosity while I was capturing and watching network traffic generated by some of Hikvision's software and devices. Setup instructions: git clone...

Sandcastle - A Python Script For AWS S3 Bucket Enumeration

Inspired by a conversation with Instacart's @nickelser on HackerOne, I've optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler. The script takes a target's name as the stem argument e.g. shopify and iterates through a file of bucket...

Tweetshell - Multi-thread Twitter BruteForcer In Shell Script

Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords/min using 20 threads. Legal disclaimer: Usage of TweetShell for attacking targets without...

Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking...

Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing

This experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL/AFL++. ATM the mutator is quite simple, just the AFL's havoc and splice stages. I tested only the examples under tests/, this is a WIP project but is known to works at least on...

DigiTrack - Attacks For $5 Or Less Using Arduino

In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every 60 seconds. Now includes: Hardtracker -Digispark VPN buster to send the IP address and BSSID/SSID of nearby Wi-Fi networks on...

FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server

FProbe - Fast HTTP Probe Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some additional...

MSSQLi-DUET - SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on...

Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments

auspex ˈau̯s.pɛks noun : An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds. awspx is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which...

Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically

Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to...

CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost

Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC

c 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes POC to check for CVE-2020-0796 / "SMBGhost" Expected outcome: Blue Screen Intended only for educational and testing in corporate environments. ZecOps takes no responsibility for the code, use at your own risk. Please contact...

R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

Disclaimer This is a PoC exploit for the CVE-2019-15126 kr00k vulnerability. This project is intended for educational purposes only and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials. Requirements To u...

One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

SauronEye - Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords

SauronEye is a search tool built to aid red teams in finding files containing specific keywords. Features : Search multiple network drives Search contents of files Search contents of Microsoft Office files .doc, .docx, .xls, .xlsx Find VBA macros in old 2003 .xls and .doc files Search multiple...

Webkiller v2.0 - Tool Information Gathering

Tool Information Gathering Write With Python. PreView ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗ ██████╔╝████&9608 ;╔╝ ██║██║ ██║ █████╗ ██████╔╝ ██║███╗██║██╔══╝ ██╔══██╗██╔═██╗ ██║██║ ██║ ██╔══╝ ██╔══██╗...

InQL Scanner - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension. InQL Stand-Alone Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata informatio...

Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. Please read this article carefully before continuing. It consists of three part...

ProjectOpal - Stealth Post-Exploitation Framework For Wordpress

Stealth post-exploitation framework for Wordpress CMS Official ProjectOpal Repository. What is it and why was it made? We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we would like to pass it on to the public!. ProjectOpal or Opal. Is a...