BruteDum - Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack

BruteDum is a SSH, FTP, Telnet, PostgreSQL, RDP, VNC brute forcing tool with Hydra, Medusa and Ncrack. BruteDum can work with aany Linux distros if they have Python 3. Features of BruteDum SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra recommended SSH, FTP, Telnet, PostgreSQL, RDP, VNC with...

10Minutemail - Python Temporary Email

10minutemail.net is a free, disposable e-mail service. Your temporary e-mail address will expire after 10 minutes, after which you cannot access it. You can extend the time by 10 minutes. The website you are registering with could be selling your personal information; you never know where your...

PeekABoo - Tool To Enable Remote Desktop On The Targeted Machine

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. The tool only works if WinRM is enabled. Since Windows Server 2012 WinRM is enabled by default on all Windows server...

Termshark - A Terminal UI For Tshark, Inspired By Wireshark

A terminal user-interface for tshark, inspired by Wireshark. If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help! Features Read pcap files or sniff live interfaces where tshark is permitted. Inspect each packet using familiar...

Kostebek - Reconnaissance Tool Which Uses Firms Trademark Information To Discover Their Domains

The Kostebek is a reconnaissance tool which uses firms' trademark information to discover their domains. Installation Tested on Kali Linux 2018.2, Ubuntu 16.04 sudo apt-get -y install python3-pip pip3 install -r requirements.txt download latest version of Chromedriver and configure your driver-pa...

Joy - A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring

Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture pcap files, using a flow-oriented model similar to that of IPFIX or Netflow, and then representing these data features in JSON. It also contains analysis tools that can be...

Hackuna - The First Mobile App to Track Hackers

Cryptors, a cyber security company, invented a mobile app called HACKUNA Anti-Hack that can block and detect these WiFi hackers. The exciting part here is, you can also track the hackers within the area. It will give you all the details you need to find the hacker within the area or to report it ...

Kerbrute - A Tool To Perform Kerberos Pre-Auth Bruteforcing

A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication Grab the latest binaries from the releases page to get started. Background This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal...

AutoSource - Automated Source Code Review Framework Integrated With SonarQube

AutoSource is an automated source code review framework integrated with SonarQube which is capable of performing static code analysis/reviews. It can be used for effectively finding the vulnerabilities at very early stage of the SDLCSoftware Development Life Cycle. The user can scan the code by...

Vulmap - Online Local Vulnerability Scanners Project

Vulmap is an open source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these...

DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just...

Bashter - Web Crawler, Scanner, And Analyzer Framework

Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penentration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. For Example You can add something script like this:...

Adidnsdump - Active Directory Integrated DNS Dumping By Any Authenticated User

By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks. For more info, read the associated blog post...

Twint - An Advanced Twitter Scraping And OSINT Tool

Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics...

HostHunter - A Recon Tool For Discovering Hostnames Using OSINT Techniques

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance. Taking screenshots was also added as a beta functionality. Demo Currently GitLab's marku...

Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

ScanQLi - Scanner To Detect SQL Injection Vulnerabilities

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them. Tested onDebian 9 Features Classic Blind Time based GBK soon Recursive scan follow all hrefs of the scanned web site Cookies integration Adjustable wait delay between...

OSINT-Search - Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting

OSINT-Search is a useful tool for digital forensics investigations or initial black-box pentest footprinting. OSINT-Search Description Script in Python that applies OSINT techniques by searching public data using email addresses, phone numbers, domains, IP addresses or URLs. Create an account at...

Parrot Security 4.6 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

After 3 months of heavy development Parrot 4.6 is officially released. How to update Update your existing Parrot system with the following command: sudo parrot-upgrade System Changes Appearance The desktop-base and parrot-wallpapers also received some love and are updated to reflect such changes...

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code via P-Code and confuse macro analysis tools. Runs on Linux, OSX and Windows. Current features Hide VBA macros from the GUI editor VBA stomping P-code abuse Fool analyst tools Serve VBA stomp...

ParamPamPam - Brute Force Discover GET And POST Parameters

This tool for brute discover GET and POST parameters. Installation With Docker Install Docker git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam docker build -t parampp . echo -e '!'"/bin/bash\ndocker run -ti --rm parampp $@" /usr/local/bin/parampp parampp -u "https://vk.com/login"...

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Installation git clone...

Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder

OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x , for admins/pentesters who want to find admin panel of a website. There are many other tools but not as effective and secure. Yeah, Okadminfinder has the the ability to use tor and hide your identity. Requirements Linux sudo a...

Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework

Cutter is a free and open-source GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Downloading a release Cutter ...

NAXSI - An Open-Source, High Performance, Low Rules Maintenance WAF For NGINX

NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple and readable rules containing 99% of known patterns involved in website vulnerabilities. For...

Ttyd - Share Your Terminal Over The Web

ttyd is a simple command-line tool for sharing terminal over the web, inspired by GoTTY. Features Built on top of Libwebsockets with C for speed Fully-featured terminal based on Xterm.js with CJK and IME support Graphical ZMODEM integration with lrzsz support SSL support based on OpenSSL Run any...

drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux

Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Usage You need to specify DRRUNPATH to point to drrun launcher and LIBCOVPATH to point to libbinafl.so coverage library. You also need to switc...

Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform

A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform Architecture Demo Data Flow 1 - API request tool, target, options initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes K8s cluster and can be scaled. 2 - API...

PyWhatCMS - Unofficial WhatCMS API Package

Python package for whatcms.com API The package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems CMS Installation pip install pywhatcms Usage First of all, import pywhatcms: from pywhatcms import whatcms Query a domain: whatcms'API-KEY',...

EasySploit - Metasploit Automation (EASIER And FASTER Than EVER)

EasySploit v3.1 Linux - Metasploit automation EASIER and FASTER than EVER Options: 1 Windows -- test.exe payload and listener 2 Android -- test.apk payload and listener 3 Linux -- test.py payload and listener 4 MacOS -- test.jar payload and listener 5 Web -- test.php payload and listener 6 Scan...

Reverie - Automated Pentest Tools Designed For Parrot Linux

Automated Pentest Tools Designed For Parrot Linux. this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic. Usage Guide Download / Clone git clone https://github.com/baguswiratmaadi/reverie Go Insi...

Anevicon - A High-Performant UDP-based Load Generator

A high-performant traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a server, thereby simulating an activity that can be produced by your end users or a group of hackers. Installation From package registry This command will download t...

Findomain - A Tool That Use Certificate Transparency Logs To Find Subdomains

A tool that use Certificates Transparency logs to find subdomains. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool very faster and reliable. If you want to know more about...

Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs. This useful extension was originally developed by Nick Bloor @nickstadb for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented a...

FTPBruter - A FTP Server Brute Forcing Tool

Brute forcing tool for FTP server. FTPBruter can work in any OS if they have and support Python 3. Feature Brute force a FTP server with a username or a list of usernames That's all. Install and Run on Linux You have to install Python 3 first: Install Python 3 on Arch Linux and its distros: sudo...

Raptor WAF v0.6 - Web Application Firewall using DFA

Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. http://funguscodes.blogspot.com.br/ to run: $ git clone https://github.com/CoolerVoid/raptorwaf $ cd raptorwaf; make; bin/raptor Note: Don't execute with "cd bin; ./raptor" us...

mongoBuster - Hunt Open MongoDB Instances

Hunt Open MongoDB instances! Features Worlds fastest and most efficient scanner Uses Masscan . Scans entire internet by default, So fire the tool and chill. Hyper efficient - Uses Go-routines which are even lighter than threads. Pre-Requisites - Go language sudo apt install golang Masscan sudo ap...

Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters

This tool can be used to brute discover GET and POST parameters Often when you are busting a directory for common files, you can identify scripts for example test.php that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specify...

EfiGuard - Disable PatchGuard And DSE At Boot Time

EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement DSE. Features Currently supports all EFI-compatible versions of Windows x64 ever released, from Vista SP1 to Server...

fireELF - Fileless Linux Malware Framework

fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfdcreate' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive. Feature...

FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...

Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go

A modern multiple reverse shell sessions/clients manager via terminal written in go. Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service Screenshot Network Topology Attack IP: 192.168.1.2 Reverse Shell Service: 0.0.0.0:8080 RESTful Service:...

SilkETW - Flexible C# Wrapper For ETW (Event Tracing for Windows)

SilkETW is a flexible C wrapper for ETW, it is meant to abstract away the complexities of ETW and give people a simple interface to perform research and introspection. While SilkETW has obvious defensive and offensive applications it is primarily a research tool in it's current state. For easy...

Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds

Get a clean, ready-to-go Linux box in seconds. Introduction What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? 1. provides a clean Linux environment for a presentation 2. let students experience the...

Pepe - Collect Information About Email Addresses From Pastebin

Collect information about leaked email addresses from Pastebin About Script parses Pastebin email:password dumps and gather information about each email address. It supports Google, Trumail, Pipl, FullContact and HaveIBeenPwned. Moreover, it allows you to send an informational mail to person abou...

W12Scan - A Simple Asset Discovery Engine For Cybersecurity

Chinese W12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use. Here is a web source program, but the scanning end is at w12scan-client Thinking Based on python3 + django + elasticsearch + redis and use the web restful api to add scan...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

TeleKiller - A Tool Session Hijacking And Stealer Local Passcode Telegram Windows

A Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass 2 Step Verification Bypass Av Coming Soon InstallationWindows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r...

pwnedOrNot v1.1.7 - OSINT Tool To Find Passwords For Compromised Email Addresses

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of Breach Domain Name Date of Breach Fabricatio...

0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S

0d1n is a tool for automating customized attacks against web applications. You can do: Brute force login and passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test to find SQL Injection and XSS vulnerabilities Options to load ANTI-CSRF token each reque...