Metateta - Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit

Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit For faster pen testing for large networks What You Can Do Scanning with all metasploit modules for specific network Protocol like smb,smtp,snmp Run all Auxiliary modules against specific network Protocol Run al...

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell tested on Kali Linux and Cyanogenmod 10.2 and uses aircrack-ng to scan for clients that are currently connected to access points AP. Those...

Rastrea2R - Collecting & Hunting For IOCs With Gusto And Style

Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r pronounced "rastreador" - hunter- in Spanish is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise IOCs...

Nipe - A Script To Make TOR Network Your Default Gateway

Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes...

Omnibus - Open Source Intelligence Collection, Research, And Artifact Management

An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command...

Gpredict - Satellite Tracking Application

Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data in lists, tables, maps, and polar plots radar view. Gpredict can also predict the time of future passes for a satellite, and provide you...

BadMod v2.0 - Detect Website CMS, Website Scanner & Auto Exploiter

Auto exploiter & get all server sites & bing dorker. Version 2.0 Fixed colors bug Fixed permissions bug Added new option to scan single target Added new option to scan joomla & wordpress plugins Installation Install tool git clone https://github.com/MrSqar-Ye/BadMod.git Install php sudo apt-get...

Hash-Buster v2.0 - Tool Which Uses Several APIs To Perform Hash Lookups

Features Automatic hash type identification Supports MD5, SHA1, SHA2 Can extract & crack hashes from a file Can find hashes from a directory, recursively 6 robust APIs As powerful as Hulk, as intelligent as Bruce Banner Single Hash You don't need to specify the hash type. Hash Buster will identif...

Msploitego - Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres...

Namechk - Osint Tool Based On Namechk.Com For Checking Usernames On More Than 100 Websites, Forums And Social Networks

Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks. Use: Search available username: ./namechk.sh -au Search available username on specifics websites: ./namechk.sh -au -co Search available username list: ./namechk.sh -l -au Search used...

SleuthQL - Burp History Parsing Tool To Discover Potential SQL Injection Points

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers into each parameter where the SQL-esque variables were identified. Supported Request Types SleuthQL requires an export of Burp's Proxy History...

AutoSQLi - An Automatic SQL Injection Tool Which Takes Advantage Of Googler, Ddgr, WhatWaf And SQLMap

An Automatic SQL Injection Tool Which Takes Advantage Of DorkNet Googler, Ddgr, WhatWaf And Sqlmap. Features Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool Dorking - from the command line one dork : YES - from a file: NO - from an...

Wifite 2.1.0 - Automated Wireless Attack Tool

A complete re-write of wifite, a Python script for auditing wireless networks. Wifite runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches! What's new in Wifite2? Less bugs Cleaner process management. Does not leave processes running in the background the ol...

PhpSploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

DumpsterDiver - Tool To Search Secrets In Various Filetypes

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...

DejaVU - Open Source Deception Framework

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...

DARKSURGEON - A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS

Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...

BlackArch Linux v2018.06.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1981 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 60 new tools added confi...

Backdoorme - Powerful Auto-Backdooring Utility

Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target,...

DefectDojo - Application Vulnerability Correlation And Security Orchestration Application

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one...

RouterSploit v3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

BurpBounty - A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue...

Otseca - Security Auditing Tool To Search And Dump System Configuration

Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...

Empire GUI - Empire Client Application

The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework. It was written in Electron and utilizes websockets SocketIO on the backend to support multiuser interaction. The main goal of this project is to enable red teams, or any other color team, to work together...

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

Sharesniffer - Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares. How to use Example to find all hosts in 192.168.56.0/24 network and auto-mount at /mnt: python sniffshares.p...

Prowler - Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon - HackSmith v1.0. Capabilities Scan a network a particular subnet or a list of IP addresses for all IP addresses associated with active network devices...

Attackintel - Tool To Query The MITRE ATT&CK API For Tactics, Techniques, Mitigations, & Detection Methods For Specific Threat Groups

A simple python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups. Goals Quickly align updated tactics, techniques, mitigation, and detection information from MITRE ATT&CK API for a specific threat Brush up on my python skill...

Diskover - File System Crawler, Storage Search Engine And Analytics Powered By Elasticsearch

diskover is an open source file system crawler and disk usage software that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files and system administrators are able to manage storage...

Lama - Tool To Obtain A Custom Password Dictionary To A Particular Target

Lama, the application that does not mince words. Description Lama is a GNU Linux tool to generate a word list. The goal is to obtain a custom password dictionary to a particular target, whether physical or moral. It is therefore important that words in this list correspond to the target. Keep in...

pwnedOrNot - Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin Dump...

GyoiThon - A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning. GyoiThon identifies the software installed on web server OS, Middleware, Framework, CMS, etc... based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generate...

Terminator - Metasploit Payload Generator

Terminator Metasploit Payload Generator. Payload List : Binaries Payloads 1 Android 2 Windows 3 Linux 4 Mac OS Scripting Payloads 1 Python 2 Perl 3 Bash Web Payloads 1 ASP 2 JSP 3 War Encrypters 1 APK Encrypter 2 Python Encrypter The author does not hold any responsibility for the bad use of this...

iOSRestrictionBruteForce v2.1.0 - Crack iOS Restriction Passcodes With Python

This version of the application is written in Python, which is used to crack the restriction passcode of an iPhone/iPad takes advantage of a flaw in unencrypted backups allowing the hash and salt to be discovered. DEPENDENCIES This has been tested with Python 2.7 and Python 3.6 Requires Passlib...

Burpa - A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...

HTTPoxyScan - HTTPoxy Exploit Scanner

PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org. REQUIREMENTS: Requires ncat to establish reverse...

Salt-Scanner - Linux Vulnerability Scanner Based On Salt Open And Vulners Audit API

A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration. Features Slack notification and report upload JIRA integration OpsGenie integration Requirements Salt Open 2016.11.x salt-master, salt-minion¹ Python 2.7 salt you may need to...

Sn1per v4.4 - Automated Pentest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. DEMO VIDEO: FEATURES: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates...

Archerysec - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynami...

Multitor - A Tool That Lets You Create Multiple TOR Instances With A Load-Balancing

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. The multitor has been...

Galileo - Web Application Audit Framework

Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. Installation $ git clone https://github.com/m4ll0k/Galileo.git galileo $ cd galileo Install requirements $ pip...

Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers

Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...

Acunetix v12 - More Comprehensive, More Accurate and now 2X Faster

In-depth analysis of JavaScript-rich sites and Single Page Applications Acunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such...

Parrot Security 4.0 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.0 is now available for download. The development process of this version required a lot of time, and many important updates make this release an important milestone in the history of our project. This release includes all the updated packages and bug fixes released since the last version...

Airpydump - Analyze Wireless Packets On The Fly. Currently Supporting Three Working Modes (Reader, Live, Stealth)

Analyze Wireless Packets on the fly. Currently supporting three working Modes Reader, Live, Stealth Description airpydump is a wireless packet analyzer, providing the interface most likely that of airodump-ng from aircrack suite. It currently provides three working modes which are Reader, Stealth...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...

AggressorScripts - Collection Of Aggressor Scripts For Cobalt Strike 3.0+ Pulled From Multiple Sources

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources: AllInOne.cna v1 - Removed and outdated All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration. Version 2 i...

Heap Viewer - An IDA Pro Plugin To Examine The Glibc Heap, Focused On Exploit Development

An IDA Pro plugin for now to examine the heap, focused on exploit development. Currently only supports glibc malloc ptmalloc2. Requirements IDA Pro = 6.9 Tested on glibc = 2.26 GraphView for linked lists bins/tcache Magic utils: Unlink merge info Fake fastbin finder House of force helper Useful...

FireShodanMap - A Realtime Map That Integrates Firebase, Google Maps And Shodan

FireShodanMap is a Realtime map that integrates Firebase and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime. Changes We have a file named "fireshodan.py" responsible for fill Firebase...