GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How it Works During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users...

Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords

A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes. Git Hound makes it easy to find exposed API keys on GitHub using pattern matching, targetted querying, and a scoring system. Usage echo "tillsongalloway.com" | python git-hound.py or...

Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while...

Kali NetHunter App Store - The New Android Store Dedicated to Free Security Apps

The Kali NetHunter App Store is a one-stop-shop for security relevant Android applications. It is the ultimate alternative to the Google Play store for any Android device, whether rooted or not, NetHunter or stock. If you are after any security application for your Android device, the NetHunter...

Userrecon v1.1.0 - Recognition Usernames In 187 Social Networks

Find usernames in 187 social networks. Installation 1. Install dependencies Debian/Ubuntu: sudo apt install python3 python3-pip 2. Install with pip3: sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git userrecon-py --help Building from Source Clone this repository, and: git clo...

Brute_Force - BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix

Install : pip install proxylist pip install mechanize Usage: BruteForce Gmail Attack python3 BruteForce.py -g [email protected] -l Filelist python3 BruteForce.py -g [email protected] -p PasswordSingle BruteForce Hotmail Attack python3 BruteForce.py -t [email protected] -l Filelist...

Detect It Easy - Program For Determining Types Of Files For Windows, Linux And MacOS

Detect It Easy, or abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS. Many programs of the kind PEID, PE tools allow to use third-party signatures. Unfortunately,...

Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum

A defense tool - detect web shells in local directories via md5sum Features Fast speed Lightweight Big database Tabled output Usages Install git clone https://github.com/ManhNho/shellsum.git chmod 755 -R shellsum/ cd shellsum/ pip install -r requirements.txt Run python shellsum.py ToDo Smooth...

RedGhost v2.0 - Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance And Leaving No Trace

Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper...

UACME - Defeating Windows User Account Control

Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10 client, some methods however works on server version too. Admin account with UAC set on default settings required. Usage Run executable from command line:...

JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G

JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux...

Project iKy v2.0.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...

Passpie - Multiplatform Command-Line Password Manager

Passpie is a command line tool to manage passwords from the terminal with a colorful and configurable interface. Use a master passphrase to decrypt login credentials, copy passwords to clipboard, syncronize with a git repository, check the state of your passwords, and more. Password files are...

PasteHunter - Scanning Pastebin With Yara Rules

PasteHunter is a python3 application that is designed to query a collection of sites that host publicly pasted data. For all the pasts it finds it scans the raw contents against a series of Yara rules looking for information that can be used by an organisation or a researcher. For setup...

Pown-Duct - Essential Tool For Finding Blind Injection Attacks

Essential tool for finding blind injection attacks using DNS side-channels. Credits This tool is part of secapps.com open-source initiative. / | / | /\ | \ / | \ \ | / | / /\ \ |/// \| || |/ https://secapps.com NB : This tool is taking advantage of http://requestbin.net service. Future versions...

Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida

A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code. Checkout the website for features, api and examples CHANGELOG...

Ghostfuscator - The Python Password-Protected Obfuscator Using AES Encryption

Obfuscate python scripts making them password-protected using AES Encryption Usage Just execute the script, and follow the menu. Info Once an script is obfuscated, when running it a password asking prompt will appear, after submiting the correct password, the script will execute decrypting it's...

Objection v1.6.6 - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. Note: This is not some form of jailbreak / root bypass. By using objection, yo...

Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Recommended Windows 10 80+ GB Hard Drive 4+ GB RAM 2 network adapters...

Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains

A cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool...

Echidna - Ethereum Fuzz Testing Framework

Echidna is a weird creature that eats bugs and is highly electrosensitive with apologies to Jacob Stanley More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety...

Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services

A command line security audit tool for Amazon Web Services About Cloud Security Audit is a command line tool that scans for vulnerabilities in your AWS Account. In easy way you will be able to identify unsecure parts of your infrastructure and prepare your AWS account for security audit...

WinObjEx64 - Windows Object Explorer 64-Bit

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the "Properties..." toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and ed...

Regipy - An OS Independent Python Library For Parsing Offline Registry Hives

Regipy is a python library for parsing offline registry hives. regipy has a lot of capabilities: Use as a library: Recurse over the registry hive, from root or a given path and get all subkeys and values Read specific subkeys and values Apply transaction logs on a registry hive Command Line Tools...

Rifiuti2 - Windows Recycle Bin Analyser

Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the trashed files have been permanently removed. For...

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...

Whonix v15 - Anonymous Operating System

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. Whonix consists of two parts: One...

SneakyEXE - Embedding "UAC-Bypassing" Function Into Your Custom Payload

A tool which helps you embedding UAC-Bypassing function into your custom Win32 payloads x8664 architecture specifically Tested on Windows 7,8,10 64bit Free and Open-sourced with full source codes published Tutorial Requirements: | Linux | Windows ---|---|--- Architecture | Optional | x8664 Python...

NetSet - Operational Security Utility And Automator

Operational Security utility and automator. NetSet is designed to automate a number of operations that will help the user with securing their network traffic. It also provides an easy way to gather proxies and run utilities through Tor. All the utilities installed and used by NetSet will be...

DarkScrape - OSINT Tool For Scraping Dark Websites

OSINT Tool to find Media Links in Tor Sites. Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux Installation git clone https://github.com/itsmehacker/DarkScrape.git pip3 install -r requirements.txt Features Download Media Scrape From Single Url Scraping From Files Txt Csv Excel Inspired...

Youzer - Fake User Generator For Active Directory Environments

Fake User Generator for Active Directory Environments Introduction The goal of Youzer is to create information rich Active Directory environments. This uses the python3 library 'faker' to generate random accounts. pip3 install faker You can either supply a wordlist or have the passwords generated...

Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone

Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a...

Wesng - Windows Exploit Suggester

WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported...

Fbchecker - Facebook Mass Account Checker

Facebook Mass Account Checker Simple Installation : apt install git apt install php git clone https://github.com/fdciabdul/fbchecker cd fbchecker php fbcheck.php Usage php fbcheck.php target.txt Download Fbchecker...

Slackor - A Golang Implant That Uses Slack As A Command And Control Server

A Golang implant that uses Slack as a command and control channel. This project was inspired by Gcat and Twittor. This tool is released as a proof of concept. Be sure to read and understand the Slack App Developer Policy before creating any Slack apps. Setup Note: The server is written in Python ...

Hash-Identifier - Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords

Software to identify the different types of hashes used to encrypt data and especially passwords. Encryption formats supported: ADLER-32 CRC-32 CRC-32B CRC-16 CRC-16-CCITT DESUnix FCS-16 GHash-32-3 GHash-32-5 GOST R 34.11-94 Haval-160 Haval-192 110080 ,Haval-224 114080 ,Haval-256 Lineage II C4...

MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud

MIG is Mozilla's platform for investigative surgery of remote endpoints. Quick Start w/ Docker You can spin up a local-only MIG setup using docker. The container is not suitable for production use but lets you experiment with MIG quickly, providing a single container environment that has most of...

Icebox - Virtual Machine Introspection, Tracing & Debugging

Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process kernel or user. It's based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox. BUILD.md: how to build icebox. Demo Project Organisation fdp: Fast...

SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Sherlock - Find Usernames Across Social Networks

Find usernames across social networks Installation NOTE : Python 3.6 or higher is required. clone the repo $ git clone https://github.com/sherlock-project/sherlock.git change the working directory to sherlock $ cd sherlock install python3 and python3-pip if not exist install the requirements $ pi...

0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration

Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux os system at the same...

Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database

This script extracts all the labels found in the LST file that is given as the script's single argument. An x64dbg database is created in the current directory based on the extracted labels. The LST file can be generated in IDA from the File menu: Produce file - Create LST file... Example $ pytho...

Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

Python API wrapper and command-line client for the tools hosted on spyse.com. "Spyse is a developer of complete DAAS Data-As-A-Service solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business...

PTF v2.3 - The Penetration Testers Framework Is A Way For Modular Support For Up-To-Date Tools

The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all o...

Scapy - The Python-based Interactive Packet Manipulation Program & Library

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow...

TwitterShadowBan - Twitter Shadowban Tests

One-page web app, testing Twitter users for conventional and QFD shadowbans. Setup Browser compatibility needs transpiling. Nothing fancy, just the usual babel magic. git clone https://github.com/shadowban-eu/TwitterShadowBanV2 && cd TwitterShadowBanV2 npm install Since we are using a php backend...

PivotSuite - A Network Pivoting Toolkit

PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. PivotSuite as a Server : If the...

Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...

Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL

A simple shell utility for encrypting and decrypting files using OpenSSL. Installation git clone https://github.com/nodesocket/cryptr.git ln -s "$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptr Bash tab completion Add tools/cryptr-bash-completion.bash to your tab completion file directory...