VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS

VulnX Wiki • How To Use • Compatibility • Library • Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, information gathering and vulnerability Scanning of the target like subdomains, IP addresses, country, org, timezone,...

Tourmaline - Telegram Bot Framework For Crystal

Telegram Bot and hopefully soon Client API framework for Crystal. Based heavily off of Telegraf this Crystal implementation allows your Telegram bot to be written in a language that's both beautiful and fast. Benchmarks coming soon. If you want to extend your bot by using NLP, see my other librar...

One-Lin3r v2.0 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

RedGhost - Linux Post Exploitation Framework Designed To Gain Persistence And Reconnaissance And Leave No Trace

Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl Crontab Function to create cron job that downloads and runs payload eve...

Vxscan - Comprehensive Scanning Tool

Python3 comprehensive scanning tool, mainly used for sensitive file detection directory scanning and js leak interface, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CD...

BlueGhost - A Network Tool Designed To Assist Blue Teams In Banning Attackers From Linux Servers

This tool utilizes various linux network tools and bash scripting to assist blue teams on defending debian and ubuntu based servers from malicious attackers. Scan/Ban shows connected IPs, scans IP addresses for open ports using nmap and whois search to gather reconnaissance on connected IPs, show...

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

BoomER - Framework For Exploiting Local Vulnerabilities

BoomER is an open source framework, developed in Python. The tool is focused on post-exploitation, with a main objective, the detection and exploitation of local vulnerabilities, as well as the collection of information from a system, such as the installed applications they have. The framework...

Simplify - Generic Android Deobfuscator

Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. Before and...

Sliver - Implant Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTPS, and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant a...

MozDef - Mozilla Enterprise Defense Platform

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to...

URLextractor - Information Gathering and Website Reconnaissance

Informationgathering & website reconnaissance Usage: ./extractor http://www.hackthissite.org/ Tips: Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g "INFO" -r "ALERT" Tldextract: is used by dnsenumeration function pip insta...

BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

GhostSquadHackers - Encrypt/Encode Your Javascript Code

Encrypt/Encode your Javascript payloads/code. Windows Scripting This tool is meant to encode and encrypt your javascript code. Features Number Calculating ASCII codes Caeser-Encryption Hex Encoding Octal encoding Binary Encrypt Random Octal Quotes Add trash to code Url Encode current Extras: crea...

DNSlivery - Easy Files And Payloads Delivery Over DNS

Easy files and payloads delivery over DNS. Acknowledgments This project has been originally inspired by PowerDNS and Joff Thyer's technical segment on the Paul's Security Weekly podcast 590 youtu.be/CP6cIwFJswQ. Description TL;DR DNSlivery allows delivering files to a target using DNS as the...

Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability

This is a quick-and-dirty scanner for the CVE-2019-0708 vulnerability in Microsoft Remote Desktop. Right now, there are about 900,000 machines on the public Internet vulnerable to this vulnerability, so many are to expect a worm soon like WannaCry and notPetya. Therefore, scan your networks and...

Seth - Perform A MitM Attack And Extract Clear Text Credentials From RDP Connections

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...

Konan - Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Installation Download Konan by cloning the Git repository: git clone https://github.com/m4ll0k/Konan.git konan Install requirements with pip cd konan && pip install -r...

Kippo - SSH Honeypot

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney. Features Some interesting features: Fake filesystem with the ability to add/remove files. A fu...

Prithvi - Report Generation Tool

Prithvi is a report generation tool specially made for Security Assessment which is free to use and easy to use. It will generate high quality vulnerability assessment report for security controls. It got various features and majorly made for security assessment. You can easily find security...

Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails

Automated web security made simple Quarantyne is a reverse-proxy that protects web applications and APIs from fraudulent behavior, misuse, bots and cyber-attacks in real-time. Requirements Java 8 Presentation Quarantyne is a reverse-proxy written in java. It fronts a web application or API and...

Terminus - A Terminal For A More Modern Age

Terminus is a highly configurable terminal emulator for Windows, macOS and Linux Theming and color schemes Fully configurable shortcuts Split panes Remembers your tabs PowerShell and PS Core, WSL, Git-Bash, Cygwin, Cmder and CMD support Integrated SSH client and connection manager Full Unicode...

Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis

Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or...

Getwin - FUD Win32 Payload Generator And Listener

FUD Win32 payload generator and listener Legal disclaimer: Usage of GetWin for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse ...

CocoaDebug - iOS Debugging Tool

iOS Debugging Tool Shake to hide or show the black bubble. support both device and simulator Long press the black bubble to show UIDebuggingInformationOverlay. Apple's Private API, support iOS 10/11/12 Application memory usage and FPS. List all print and NSLog messages which have been written by...

Rustbuster - DirBuster For Rust

DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...

Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched

Salsa Tools is a collection of three different tools that combined, allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for it's execution. In order to avoid the latest detection techniques AMSI, most of the components were initially written on...

PhoneInfoga - Advanced Information Gathering & OSINT Tool For Phone Numbers

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to...

Intensio-Obfuscator - Obfuscate A Python Code 2.X And 3.X

Takes a python source code and transform it into an obfuscated python code, replace name of variables - classes - functions to random chars and defined length, removes comments, line breaks and add to each line a random script with an always differents values. Requirement Python = 3.5 Files...

Yaazhini - Free Android APK & API Vulnerability Scanner

Yaazhini is a free vulnerability scanner for android APK and API. It is a user-friendly tool that you can easily scan any APK and API of android application and find the vulnerabilities. Yaazhini includes vulnerability scan of API, the vulnerability of APK and reporting section to generate a...

RapidScan - The Multi-Tool Web Vulnerability Scanner

Evolution: It is quite a fuss for a pentester to perform binge-tool-scanning running security scanning tools one after the other sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program...

RecScanSec - Reconnaisance Scanner Security

RecScanSec made for reconnaisance Scanner and information gathering with an emphasis on simplicity. It will do everything from. Features Information Security Headers WAF Analyzer Information Disclosure Banner Grabbing Url Crawl HTML Form Detector Port Scanner Get SSL Information Subdomain...

Faraday v3.8 - Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.8: Set up Faraday with a double click! We are committed to facilitate your work processes. With that in mind, we enhanced our installation phases, so now it’s easier to have Faraday on your devices: You can download our platform with...

WhatWeb v0.5.0 - Next Generation Web Scanner

Developed by Andrew Horton urbanadventurer and Brendan Coles bcoles Latest Release: v0.5.0. June 9th, 2019 License: GPLv2 This product is subject to the terms detailed in the license agreement. For more information about WhatWeb visit: Homepage: https://www.morningstarsecurity.com/research/whatwe...

Userrecon - Find Usernames Across Over 75 Social Networks

Find usernames across over 75 social networks This is useful if you are running an investigation to determine the usage of the same username on different social networks. Author: @linuxchoice Download Userrecon...

TOR Router - A Tool That Allow You To Make TOR Your Default Gateway And Send All Internet Connections Under TOR

Tor Router allow you to use TOR as a transparent proxy and send all your trafic under TOR INCLUDING DNS REQUESTS , the only that you need is: a system using systemd if you want to use the service and tor. Script to install on distros using SystemD only If you are using BlackArch Linux...

Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)

Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest. This script uses some webpages generated bySocialFish Tool...

LiveHiddenCamera - Library Which Record Live Video And Audio From Android Device Without Displaying A Preview

Live Hidden Camera LHC is a library which record live video and audio from Android device without displaying a preview. How to use I've created a library to make it more usable. The only requirement is to add the library to your project and pass the Rtmp URL to it. Additionally you should care...

Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools . Features in tools Name | Release |...

Zydra - File Password Recovery Tool And Linux Shadow File Cracker

Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords. Supported Files RAR Files Legacy ZIP Files PDF Files Linux Shadow Files zydra can find all the user’s password in the linux shadow file one after the...

PhoneSploit v1.2 - Using Open Adb Ports We Can Exploit A Andriod Device

Using open Adb ports we can exploit an Andriod device. you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge” To find out how to access a local device -- https://www.youtube.com/watch?v=OlhCAX1qBQo Recent News New Update v.1.2 Port...

H8Mail v2.0 - Email OSINT And Password Breach Hunting

Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...

GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence

Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions. Features: Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications...

ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server

Reverse Encrypted AES 256-bit Shell over TCP - usingPowerShell SecureString. Attacker C2-Server Listener: PS .\ReverseTCP.ps1 Target Client: CMD ECHO...

ripVT - Virus Total API Maltego Transform Set For Canari

Maltego Canari transforms for Virus Total private API. Provided AS-IS, no warranties, no guarantees. No jokes in this repo. It's as serious as you are. Installation 1. Requires Canari, specifically this branch/version 2. Install Malformity 3. sudo python setup.py install canari create-profile rip...

Vulners Scanner for Android - Passive Vulnerability Scanning Based On Software Version Fingerprint

Vulners Scanner is developed by Vulners Team, the founders and maintainers of one of the world largest security databases. It implements technology of passive vulnerability scanning based on software version fingerprint. Is it legal? Absolutely. The application does not perform any malicious...

ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphones. Thanks to Jessica Helena she made ANDRAX v3 possible. What is ANDRAX ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it...

PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram

PcapXray is a Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network,...

Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor

Advanced Indicator of Compromise IOC extractor. Overview This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and "defanged" IOCs in the output, and optionally decodes/refangs them. The Problem It is common practice...

Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram

Virus Total Hunting is a tiny tool based on the VT api version 3 to run daily, weekly or monthly report about malware hunting. The report can be send via email, Slack channel or Telegram. The tool can also be used in cli to get a report anytime. The default number of result is 10 but it can be...