Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...

Sn0Int - Semi-automatic OSINT Framework And Package Manager

sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the result...

FTW - Framework For Testing WAFs

This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF. Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules...

identYwaf - Blind WAF Identification Tool

identYwaf is an identification tool that can recognize web protection type i.e. WAF based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive non-destructive payloads, where those are used only to trigger the web protection system in...

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...

WiGLE - Wifi Wardriving (Nethugging Client For Android)

Open source network observation, positioning, and display client from the world's largest queryable database of wireless networks. Can be used for site-survey, security analysis, and competition with your friends. Collect networks for personal research or upload to https://wigle.net. WiGLE has be...

LeakLooker - Find Open Databases With Shodan

Find open databases with Shodan Background: https://medium.com/@wojciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put yourShodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry.filesize...

SecureTea Project - The Purpose Of This Application Is To Warn The User (Via Various Communication Mechanisms) Whenever Their Laptop Accessed

Small IoT Internet of Things to notify users via Twitter, whenever someone accesses their laptop. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on Linux. The purpose of this application is to warn the user via various...

ProcDump - A Linux Version Of The ProcDump Sysinternals Tool

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Installation & Usage Requirements Minimum OS: Red Hat...

Parrot Security 4.5 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.5 is officially released, and there are some major changes under the hood, powered by the long-term supported Linux 4.19 kernel series, preparing the project for the upcoming Parrot 5.0 LTS release. For future releases, Parrot Security plans to a support two kernels, stable kernel and a...

Jok3R - Network And Web Pentest Framework

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

Beebug - A Tool For Checking Exploitability

beebug is a tool that can be used to verify if a program crash could be exploitable. This tool was presented the first time at r2con 2018 in Barcelona. Some implemented functionality are: Stack overflow on libc Crash on Program Counter Crash on branch Crash on write memory Heap vulnerabilities Re...

Conpot - An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems Documentation The build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ...

WPintel - Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering

WordPress Vulnerability Scanner - Scan for vulnerabilities, version, themes, plugins and much more! WPintel allows you to scan self hosted WordPress sites. With WPintel you can detect the following: Version Version vulnerabilities Plugins Themes Users and much more! Although WPintel is designed f...

Malice - VirusTotal Wanna Be (Now With 100% More Hipster)

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. Try It Out DEMO: demo.malice.io username : malice password : ecilam Requirements Hardware 16GB disk space 4GB RAM Software Docker Getting...

Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes

Htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused on the crawling process and it's aimed to detect and intercept ajax/fetch calls,...

Remot3d - An Simple Exploit for PHP Language

It's easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program. Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwd Screenshots List ...

Tyton - Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+

Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+. For more information, visit Tyton's website. Detected Attacks Hidden Modules Syscall Table Hooking Network Protocol Hooking Netfilter Hooking Zeroed Process Inodes Process Fops Hooking Interrupt Descriptor Table Hooking Additional Features...

dnSpy - .NET Debugger And Assembly Editor

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing a...

Recaf - A Modern Java Bytecode Editor

Recaf is an open-source Java bytecode editor built on top of Objectweb's ASM. ASM is a bytecode manipulation library that abstracts away the constant pool and a few other class-file attributes. Since keeping track of the constant pool and managing proper stackframes are no longer necessary, compl...

Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.5: New vulnerability form We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier. The new form brings you tabs to make it smaller and group different fields. Custom fields Add...

AutoSploit v3.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...

Stardox - Github Stargazers Information Gathering Tool

Stardox is an advanced github stargazers information gathering tool. It scraps Github for information and display them in list tree view.It can be used for collecting information of your's/someones repository stargazers details. What data it fetchs : 1. Total repsitories 2. Total stars 3. Total...

Shed - .NET Runtime Inspector

Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject ...

Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies

Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI Build system. Documentation Full documentation is available on snyk.io Installation 1. Install the Snyk utility using npm install -g snyk. 2. Once...

Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To

Builds malware analysis Windows virtual machines so that you don’t have to. Requirements Python 3.3+ packer: https://www.packer.io/docs/install/index.html vagrant: https://www.vagrantup.com/downloads.html VirtualBox or an vSphere / ESXi server Minimum specs for the build machine At least 5 GB of...

Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...

Sitadel - Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python = 3.4 It allows more flexibility for you to write new modules and implement new features : Frontend framework detection Content Delivery Network detection Define Risk Level to allow for scans Plugin system Docker image...

Twifo-Cli - Get User Information Of A Twitter User

Get user information of a Twitter user! Install $ npm install --global twifo-cli OR $ sudo npm install --global twifo-cli Usage $ Usage: twifo Example: $ twifo 9gag Related twifo : API for this tool. quorafy: Get user information of a Quora user. Download Twifo-Cli...

Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...

Metasploit 5.0 - The World’s Most Used Penetration Testing Framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one...

Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-hunter : kube-hunter is available as a...

H8Mail - Email OSINT And Password Breach Hunting

Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...

WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor,...

bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records

This script will try to find: the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ... an old server which still running the same inactive and unmaintained website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an...

MemITM - Tool To Make In Memory Man In The Middle

The MemITM Mem In The Middle tool has been developped in order to easily intercept "messages" in Windows processes memory. We developped a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them ...

Killcast - Manipulate Chromecast Devices In Your Network

Manipulate Chromecast Devices in your Network. Inspiration - Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie This tool is a Proof of Concept and is for Research Purposes Only, killcast shows how Chromecast devices can be easily manipulated and hijacked by anyone. Features...

Hediye - Hash Generator & Cracker Online Offline

Hash Generator & Cracker Online Offline suported hash: md5 sha1 sha224 sha256 sha384 sha512 Install Note Clone the repository: git clone https://github.com/0xR0/hediye.git Then go inside: cd hediye/ use examples: python3 hediye.py -k Key / For -- Generate Hash md5, sha1, sha224, sha256, sha384,...

Aztarna - A Footprinting Tool For Robots

This repository contains Alias Robotics' aztarna, a footprinting tool for robots. Alias Robotics supports original robot manufacturers assessing their security and improving their quality of software. By no means we encourage or promote the unauthorized tampering with running robotic systems. Thi...

Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information

Stretcher is a tool to search for open elasticsearch servers. Usage: python stretcher.py --shodan key --action analyze --threads 0..100 --dork python stretcher.py --help / // / / // / \ / / / / / / / / / / / // / / / // // / / / / / //// //// //// Tool designed to help identify incorrectly...

SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Tool-X - A Kali Linux Hacking Tool Installer

What is Tool-X ? Tool-X is a kali linux hacking Tool installer. Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices. In the Tool-X there are almost 240 hacking tools available for termux app and GNURoot Debian...

Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io

This tool allows you to mass play any YouTube video with Chromecasts obtained from Shodan.io Author: @037 Prerequisites The only thing you need installed is Python 3.x sudo apt-get install python3 You also require to have cURL installed sudo apt-get install curl You also require Shodan python...

Exrex - Irregular Methods On Regular Expressions

Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more. It's pure python, without external dependencies. There are regular expressions with infinite matching strings eg.: a-z+, in these cases exrex limits the maximum...

Shodanploit - Shodan Command Line Interface Written In Python

Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service, SCADA systems, and more. Moreover, more specific searches are possible. As a result of the searc...

PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can ...

JSShell - An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS Cross Site Scripting payload to achieve browser remote code execution similar to the BeeF framework...

Kalitorify - Transparent Proxy Through Tor For Kali Linux OS

kalitorify is a shell script for Kali Linux which use iptables settings for transparent proxy through Tor, the program also allows you to perform various checks like checking the external ip, or if Tor has been configured correctly. What is Transparent Proxy? Also known as an intercepting proxy,...

XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit

XSRFProbe is an advanced Cross Site Request Forgery CSRF/XSRF Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate maliciously exploitable...