Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System

Tinfoil Chat TFC is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. TFC is designed for people with one of the most complex threat models: organized...

ConEmu - Customizable Windows Terminal With Tabs, Splits, Quake-Style, Hotkeys And More

ConEmu-Maximus5 is a Windows console emulator with tabs, which represents multiple consoles as one customizable GUI window with various features. Initially, the program was created as a companion to Far Manager, my favorite shell replacement - file and archive management, command history and...

Ninja - Open Source C2 Server Created For Stealth Red Team Operations

Ninja C2 is an Open source C2 server created by Purple Team to do stealthy computer and Active directoty enumeration without being detected by SIEM and AVs , Ninja still in beta version and when the stable version released it will contains many more stealthy techinques and anti-forensic to create...

RapidPayload - Metasploit Payload Generator

Framework RapidPayload - Metasploit Payload Generator Requirements OpenJDK 8 JAVA, or superiors versions. Metasploit Apktool Python3 Execution: git clone https://github.com/AngelSecurityTeam/RapidPayload cd RapidPayload bash install.sh python3 RapidPayload.py AngelSecurityTeam Download RapidPaylo...

Katana - A Python Tool For Google Hacking

Katana-ds ds for dorkscanner is a simple python tool that automates Google Hacking/Dorking and support Tor It becomes more powerful in combination with GHDB Installation : Use the package manager pip to install requirements cd Katana python3 pip install -r requirments python3 katana-ds.py Tested...

Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve...

Zphisher - Automated Phishing Tool

Zphisher is an upgraded form of Shellphish. The main source code is fromShellphish . But I have not fully copied it . I have upgraded it & cleared the Unnecessary Files . Zphisher has 37 Phishing Page Templates ; including Facebook , Twitter & Paypal . It also has 4 Port Forwarding Tools . You ca...

XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder

All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER Written by Hulya Karabag Instagram: Hulya Karabag Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYc0ykLdiofQcYKiTnhngvBcuOZsgiRAE-IGKdEx2Bi5o8Ca2ymOKEzKKa528oN9OuQRTbNhfk9CwWasvo5bW9b-GPwWiqjWP4g8R...

Starkiller - A Frontend For PowerShell Empire

Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute please follow the Contribution guide. Getting Started To run Starkiller, you can download the installers for Mac, Linux, and Windows on the Releases page. For more info on...

FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features FinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler DNS Enumeration A, AAAA,...

ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions

Scoring Engine for Red/White/Blue Team Competitions Getting started Download Docker. If you are on Mac or Windows, Docker Compose will be automatically installed. On Linux, make sure you have the latest version of Compose. If you're using Docker for Windows on Windows 10 pro or later, you must al...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

HTTPS Everywhere - A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections. Getting Started Get the packages you need and install a git hook to run tests before push: bash install-dev-dependencies.sh Run the ruleset validations and browser...

uDork - Google Hacking Tool

uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or official...

XXExploiter - Tool To Help Exploit XXE Vulnerabilities

I wrote this tool to help me testing XXE vulnerabilities. It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. IMPORTANT: This tool is still under development and although most of its features are already working, some may have not...

Maryam v1.4.0 - Open-source Intelligence(OSINT) Framework

OWASP Maryam is an Open-source intelligenceOSINT and Web-based Footprinting modular/tool framework based on the Recon-ng and written in Python. If you have skill in Metasploit or Recon-ng, you can easily use it without prerequisites. And if not, please read the Quick Guide. What can be done If yo...

InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram

InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access. Features Download Instagram Photos Download Instagram Videos Download Instagram Profile Pictures Git Installation clone the repo $ git clone...

xShock - Shellshock Exploit

xShock ShellShock CVE-2014-6271 This tool exploits shellshock. Written by Hulya Karabag Version 1.0.0 Instagram: Capture the Root Screenshots...

Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.

Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind Chepy to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner. There are some key advantages and...

Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH

As far as I know, sshuttle is the only program that solves the following common case: Your client machine or router is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh. You don't necessarily have admin access on the remote network. The remote network has no VPN, or only...

Lazydocker - The Lazier Way To Manage Everything Docker

A simple terminal UI for both docker and docker-compose, written in Go with the gocui library. Minor rant incoming: Something's not working? Maybe a service is down. docker-compose ps. Yep, it's that microservice that's still buggy. No issue, I'll just restart it: docker-compose restart. Okay now...

Pypykatz - Mimikatz Implementation In Pure Python

Mimikatz implementation in pure Python. At least a part of it : Runs on all OS's which support python=3.6 WIKI Since version 0.1.1 the command line changed a little. Worry not, I have an awesome WIKI for you. Installing Install it via pip or by cloning it from github. The installer will create a...

Token-Reverser - Word List Generator To Crack Security Tokens

Word list generator to crack security tokens. Example use case 1. You are testing reset password function 2. Reset password token was sent to your email box e.g. 582431d4c7b57cb4a3570041ffeb7e10 3. You suppose, it is a md5 hash of the data you provided during registration process 4. You remember...

shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt. Features Simple and modular code ba...

AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names

AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names. Download AWSGen.py...

Jeopardize - A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains

Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates typosquatting, homograph etc., analyzes them and assigns a risk score to them. After then, it sends...

TEA - Ssh-Client Worm

A ssh-client worm made with tas framework. How it works? This is a fakessh-client that manipulates the tty input/output to execute arbitrary commands and upload itself through the ssh connection. To work properly, the remote machine needs: display the "Last login" message when login. dd and stty...

Zelos - A Comprehensive Binary Emulation Platform

Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...

Pickl3 - Windows Active User Credential Phishing Tool

Pickl3 is Windows active user credential phishing tool. You can execute the Pickl3 and phish the target user credential. Operational Usage - 1 Nowadays, since the operating system of many end users is Windows 10, we cannot easily steal account information with Mimikatz-like projects like the old...

Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel

Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface. Installing Download the latest release for your operating system, build your own bundle or run Betwixt from the source code. Setting up In order to capture traffic, you'll have to direct it to...

Dirble - Fast Directory Scanning And Scraping Tool

Dirble is a website directory scanning tool for Windows and Linux. It's designed to be fast to run and easy to use. How to Use Download one of the precompiled binaries for Linux, Windows, or Mac, or compile the source using Cargo, then run it from a terminal. The default wordlist Dirble uses is...

Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. NEWS Modules PTF UPDATE PTF OPtions...

RedRabbit - Red Team PowerShell Script

RedRabbit is a PowerShell script aimed at helping pentesters conduct ethical hacking RedTeam To Run: You can either run locally by downloading the script or run remotely using: powershell –nop –c “iexNew-Object...

Sifter - A OSINT, Recon And Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit...

FuzzBench - Fuzzer Benchmarking As A Service

FuzzBench is a free service that evaluates fuzzers on a wide variety of real-world benchmarks, at Google scale. The goal of FuzzBench is to make it painless to rigorously evaluate fuzzing research and make fuzzing research easier for the community to adopt. We invite members of the research...

SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go

This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to. Features Repsond to any HTTP method GET, POST, PUT, DELETE, etc. Configurable...

Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden...

Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

About Proton Framework Proton Framework is a Windows post exploitation framework similar to other penetration testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that the Proton Framework does most of its operations using Windows Script Host a.k.a...

NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints

Note that the tool is still under development. Things may break anytime - hence, beta! A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is...

HoneyBot - Capture, Upload And Analyze Network Traffic

HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides three scripts: capture-and-analyze.py - Capture on an interface for some period of time, and upload capture for analysis. upload-and-analyze.py - Upload and...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams

Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for webcams penetration testing. Getting started Entropy installation cd entropy chmod +x install.sh ./install.sh Entropy uninstallation cd entropy chmod +x uninstall.sh ./uninstall.sh Entro...

SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

To compile open the project in Visual Studio and build for release. Two DLLs will be output to the Release directory, you do not need those because the DLLs are in the assembly. If you do not want to use the provided DLLs you will need to .NET SDK to create the AxMSTSCLib.dll DLL. To create it...

Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device

Ghost Framework is an Android post exploitation framework that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation cd ghost chmod +x install.sh ./install....

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Getting started Phonia installation cd...

PrivescCheck - Privilege Escalation Enumeration Script For Windows

This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation. I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I...

TwitWork - Monitor Twitter Stream

Monitor twitter stream. TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one or more keywords or on an @ based on twitter tracking Demo This is a demo of export data on keyword "Coronavirius"...

XCTR Hacking Tools - All in one tools for Information Gathering

All in one tools for Information Gathering. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUEdanvvVAkPBOspZkX397JxyXjnDNIATd5XbLZxVTPLzyCRJ1sMpQaEF7hH6x35GxYAT9L82ooTzK-EdywccEmklcpKtxIEsLBAYYDYNiTp...

WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!

WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview. Disclaimer : WiFi Passview is NOT...