TheTHE - Simple, Shareable, Team-Focused And Expandable Threat Hunting Experience

TheTHE is an environment intended to help analysts and hunters over the early stages of their work in an easier, unified and quicker way. One of the major drawbacks when dealing with a hunting is the collection of information available on a high number of sources, both public and private. All thi...

Nginx Log Check - Nginx Log Security Analysis Script

Nginx Log Security Analysis Script Features Statistics Top 20 Address SQL injection analysis Scanner alert analysis Exploit detection Sensitive path access File contains attack Webshell Find URLs with response length Top 20 Looking for rare script file access Find script file for 302 redirect Usa...

EXIST - Web Application For Aggregating And Analyzing Cyber Threat Intelligence

EXIST is a web application for aggregating and analyzing CTI cyber threat intelligence. EXIST is written by the following software. Python 3.5.4 Django 1.11.22 Concept EXIST is a web application for aggregating CTI to help security operators investigate incidents based on related indicators. EXIS...

Haaukins - A Highly Accessible And Automated Virtualization Platform For Security Education

Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components Docker, Virtualbox and Golang, the communication and orchestration between the components managed using Go programming language. The main reason of having Go environment to...

CyberRange - The Open-Source AWS Cyber Range

This CyberRange project represents the first open-source Cyber Range blueprint in the world. This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. This project contains...

Dsiem - Security Event Correlation Engine For ELK Stack

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...

Exploitivator - Automate Metasploit Scanning And Exploitation

This has only been tested on Kali. It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/ Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev...

RTTM - Real Time Threat Monitoring Tool

Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM Real Time Threat Monitoring...

HashCobra - Hash Cracking Tool

hashcobra Hash Cracking tool. Usage $ ./hashcobra -H --== hashcobra by sepehrdad ==-- usage: hashcobra -o options | misc options: -a - hashing algorithm default: md5 - ? to list available algorithms -c - compression algorithm default: zstd - ? to list available algorithms -h - hash to crack -r -...

Splunk Attack Range - A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk

The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server,...

Ffuf - Fast Web Fuzzer Written In Go

A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode -s for clean output that's easy to use in pipes to other...

Fileintel - A Modular Python Application To Pull Intelligence About Malicious Files

This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular fashion so new intelligence sources can be easily added. Files are identified by file hash MD5, SHA1, SHA256. The output is in CSV format and sent to STDOUT so the data can be saved or...

Genact - A Nonsense Activity Generator

Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of genact and watch the show. genact has multiple scenes that pretend to be doing something exciting or useful when in realit...

ReconPi - Set Up Your Raspberry Pi To Perform Basic Recon Scans

ReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi. Start using that Raspberry Pi -- I know you all have one laying around somewhere ; Installation Check the updated blogpost here for a complete guide on how to set up your own...

CAINE 11 - GNU/Linux Live Distribution For Digital Forensics Project, Windows Side Forensics And Incident Response

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti Bari - Italy. CAINE offers a complete forensic environment that is organized to integrate existing software tools as...

Ngrev - Tool For Reverse Engineering Of Angular Applications

Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...

Functrace - A Function Tracer

functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO http://dynamorio.org/. These are some implemented features based on DynamoRIO: disassemble all the executed code disassemble a specific function dump if these are addresses get arguments of a...

Apk-Mitm - A CLI Application That Prepares Android APK Files For HTTPS Inspection

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to...

Open Redirect Payload List

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishi...

AntiDisposmail - Detecting Disposable Email Addresses

Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled for all originating domains, so you can call the API directly from your client-side code. GET https://antibot.pw/api/[email protected]...

RetDec - A Retargetable Machine-Code Decompiler Based On LLVM

RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code Supported architectures:...

Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a li...

CORStest - A Simple CORS Misconfiguration Scanner

A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...

SharpHide - Tool To Create Hidden Registry Keys

Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden null terminated registry key. This works by adding a null byte in front of the UNICODESTRING key valuename. More info about this technique can be found in the following whitepaper:...

Codecat - Tool To Help In Manual Analysis In Codereview

CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules... How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ cd Front $ sudo python3 -m pip install -r requirements.txt $ cd .. $ cd Backend $ sudo...

LinuxCheck - Linux Information Collection Script

A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System...

aSYNcrone - A SYN Flood DDoS Tool

aSYNcrone is a C language based, mulltifunction SYN Flood DDoS Weapon. Disable the destination system by sending a SYN packet intensively to the destination. aSYNcrone's POWER!!! USAGE git clone https://github.com/fatih4842/aSYNcrone.git cd aSYNcrone gcc aSYNcrone.c -o aSYNcrone -lpthread...

Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens From HTTP Response

Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-SecretFinder/master/SecretFinder.py or git clone https://github.com/m4ll0k/BurpSuite-SecretFinder.git now open Burp Extender Extensions Add se...

Sooty - The SOC Analysts All-In-One CLI Tool To Automate And Speed Up Workflow

Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty is now proudly...

Nessus Map - Parse .Nessus File(S) And Shows Output In Interactive UI

Nessus XML Praser Requirements Python3 Django Tested on Ubuntu 18.04 What it does Vulnerability based parsing Service based parsing Host bases parsing Unsupported OS parsing Generate Executive Summary of scan Export parsed .nessuss to JSON files Import JSON file in NessusMap How it works Create X...

CAPE - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware...

ANDRAX v4 DragonFly - Penetration Testing on Android

ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! The development of ANDRAX began on 08/09/2016 DD/MM/YYYY only fo...

Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust

Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.31.1. Add to your Cargo.toml dependencies goblin = "0.1" Features awesome crate name zero-copy, cross-platform, endian-aware, ELF64/32 implementation - wow! zero-copy, cross-platform, endian-aware, 32/64 bit Mach-o pars...

CCAT - Cloud Container Attack Tool For Testing Security Of Container Environments

Cloud Container Attack Tool CCAT is a tool fortesting security of container environments. Quick reference Where to get help : the Pacu/CloudGoat/CCAT Community Slack, or Stack Overflow Where to file issues : https://github.com/RhinoSecurityLabs/ccat/issues Maintained by : the Rhino Assessment Tea...

Subdomain3 - A New Generation Of Tool For Discovering Subdomains

Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Please enjoy it. Features More quick Three patterns for speed. User can modify the...

Mordor - Re-play Adversarial Techniques

The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation JSON files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK...

Attack Monitor - Endpoint Detection And Malware Analysis Software

Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 and all later versions workstations/servers and to automate dynamic analysis of malware. Current modes mutually exclusive: Endpoint detection ED Malware analysis on dedicated Virtual Machine...

BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything

Your private data is being traded and sold all over the internet as we speak. Tons of leaks come out on a daily basis which can make you feel powerless. The majority of user-passwords and other sensitive information have been posted somewhere on the internet/darknet for any prying eyes to see,...

Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...

ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones

"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" is accepted to the 35th Annual Computer Security Applications Conference ACSAC 2019. https://relentless-warrior.github.io/wp-content/uploads/2019/11/atfuzz.pdf Abstract This paper focuses on checkin...

XML External Entity (XXE) Injection Payload List

An XML External Entity XXE attack sometimes called an XXE injection attack is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service DoS as well as access local and remote content and services. XXE can be...

Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme for Gnome and Xfce Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now G...

Corsy - CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Usage Using Corsy is pretty simple python corsy.py -u https://example.com A delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON...

Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a...

Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit

AntiSpy is a free but powerful anti virus and rootkits toolkit. It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks. With its assistance,you can easily spot and neutralize malwares hidden from normal detectors. Developme...

RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components

RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities. The simulations are mapped to the MITRE ATT&CK framework. This repo contains the compose...

Sshtunnel - SSH Tunnels To Remote Server

Inspired by https://github.com/jmagnusson/bgtunnel, which doesn't work on Windows. See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installation sshtunnel is on PyPI, so simply run: pip install sshtunnel or easyinstall sshtunnel or conda install -c...

Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface. It can also work in client/server mode. Remote monitoring could be do...

Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets

The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...

RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking

RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the...