Wifite 2 - A complete re-write of Wifite (Automated Wireless Attack Tool)

A complete re-write of wifite, a Python script for auditing wireless networks. What's new? Lots of files instead of "one big script". Cleaner process management -- No longer leaves processes running in the background. UX: Target access points are refreshed every second instead of every 5 seconds...

Dradis Framework - Collaboration and reporting for IT Security teams

Dradis is an open-source collaboration framework, tailored to InfoSec teams. Goals Share the information effectively. Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. Flexible: with a powerful and simple extensions interface. Small and portable. You...

parameth - Tool to brute discover GET and POST parameters

This tool can be used to brute discover GET and POST parameters. Often when you are busting a directory for common files, you can identify scripts for example test.php that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specif...

XCat - Automate XPath Injection Attacks to Retrieve Documents

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...

habu - Network Hacking Toolkit

Habu is to teach and learn some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the...

TeleShadow - Telegram Desktop Session Stealer (Windows)

Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace...

SMBMap - Samba Share Enumeration Tool

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is...

Ironsquirrel - Encrypted Exploit Delivery for the Masses

This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...

BitCracker - BitLocker Password Cracking Tool (Windows Encryption Tool)

BitLocker is a full-disk encryption feature available in recent Windows versions Vista, 7, 8.1 and 10 Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authentication mode of BitLocker see picture below. Our attack has been tested on...

CipherScan - Find out which SSL ciphersuites are supported by a target

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl sclient command line. Cipherscan is meant to run on all...

ThunderShell - PowerShell based RAT

ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...

Tails 3.2 - Live System to Preserve Your Privacy and Anonymity

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used fr...

BloodHound - Six Degrees of Domain Admin

BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks can...

DBeaver - Free Universal DataBase Manager and SQL Client

Free multi-platform database tool for developers, SQL programmers, database administrators and analysts. Supports any database which has JDBC driver which basically means - ANY database. EE version also supports non-JDBC datasources WMI, MongoDB, Cassandra, Redis. Has a lot of features including...

CrackMapExec v3.1.5 - A Swiss Army Knife For Pentesting Networks

CrackMapExec a.k.a CME is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and...

PowerShdll - Run PowerShell with rundll32 (Bypass software restrictions)

Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. dll mode: Usage: rundll32 PowerShdll,main rundll32 PowerShdll,main -f Run the script passed as argument rundll32 PowerShdll,main -w Start an interactive console in a new window rundll32...

radare2 - Unix-Like Reverse Engineering Framework And Commandline Tools

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code,...

Exe2Image - A simple utility to convert EXE files to JPEG images and vice versa.

A simple utility to convert EXE files to PNG images and vice versa. Putty.exe converted to an image. Download Exe2Image...

SCUTUM - Linux Automatic ARP (TCP / UDP / ICMP) Firewall

SCUTUM - Linux Automatic ARP TCP / UDP / ICMP Firewall Current Version Change log: 1. Added Self-Upgrading Function, now users can execute self-upgrading with $ sudo scutum --upgrade 2. Added AVALON Framework Self-Upgrading function included when using "--upgrade" parameter Recent Changes: 1...

clusterd - Application Server Attack Toolkit

clusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. See the wiki for more information. Requiremen...

macphish - Office for Mac Macro Payload Generator

Office for Mac Macro Payload Generator. Attack vectors There are 4 attack vectors available: beacon creds meterpreter meterpreter-grant For the 'creds' method, macphish can generate the Applescript script directly, in case you need to run it from a shell. beacon On execution, this payload will...

LFiFreak - An automated LFi Exploiter with Bind/Reverse Shells

LFiFreak is a tool for exploiting local file inclusions using PHP Input, PHP Filter and Data URI methods. Features Works with Windows, Linux and OS X Includes bind and reverse shell for both Windows and Linux Written in Python 2.7 Dependencies BeautifulSoup Download LFiFreak...

Zeus Scanner - Advanced Dork Searching Utility

Zeus is a advanced dork searching tool that is capable of bypassing search engine API calls, search engine captchas, and IP address blocking from sending many requests to the search engine itself. Zeus can use three different search engines to do the search default is Google. Zeus has a powerful...

TCPCopy - A TCP Stream Replay Tool

TCPCopy is a TCP stream replay tool to support real testing of Internet server applications. Description Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of...

dnscat2 - Create an Encrypted Command & Control (C&C) Channel over the DNS Protocol

dnscat2 is a DNS tunnel that WON'T make you sick and kill you! This tool is designed to create an encrypted command-and-control C&C channel over the DNS protocol, which is an effective tunnel out of almost every network. This README file should contain everything you need to get up and running! I...

VPNPivot - Explore Internal Networks

Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory, accessing shared files, conducting MITM attacks ... etc. There are many techniques around like port...

Kali Linux 2017.2 Release - The Best Penetration Testing Distribution

In addition to all of the standard security and package updates that come to us via Debian Testing, we have also added more than a dozen new tools to the repositories, a few of which are listed below. There are some really nice additions so we encourage you to ‘apt install’ the ones that pique yo...

Hijacker v1.3 - All-in-One Wi-Fi Cracking Tools for Android

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng , Airodump-ng , MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with a...

dorkbot - Scan Google Search Results for Vulnerabilities

dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules: Indexers - modules that issue a search query and return the results as targets...

dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...

Pharos - Static Binary Analysis Framework

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National...

outis - Custom Remote Administration Tool (RAT)

outis is a custom Remote Administration Tool RAT or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit there are no exploits nor persistent management of targets. The focus is to communicate between server and target system and to...

dnsenum - Multithreaded perl script to enumerate DNS information

Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks. OPERATIONS: Get the host’s addresse A record. Get the namservers threaded. Get the MX record threaded. Perform axfr queries on nameservers and get BIND VERSION threaded. Get extra names an...

Inventus - A Spider Designed To Find Subdomains Of A Specific Domain By Crawling

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers. It's a Scrapy spider, meaning it's easily modified and extendable to your needs. Demo Requirements Linux -- I haven't tested this on Windows. Python 2.7 or Python 3.3+ Scrapy 1.4....

Reaver - Attack against Wi-Fi Protected Setup (WPS)

Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup WPS registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a wide variety of access points and WPS implementations. The original Reaver implements a online brute force attack...

LaZagne v2.2 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

Yuki Chan - Automate Pentest Tool

The Yuki Chan is an Automated Penetration Testing tool this tool will auditing all standard security test method for you. WARNING I highly recommend using this tool by using Kali Linux OS By using this tool it means you agree with terms, conditions, and risks By using this tool you agree that 1...

OWASP ZSC - Shellcode/Obfuscate Code Generator

OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python. Usage of shellcodes Shellcodes are small codes in Assembly language which could be used as...

Mr.SIP - SIP-Based Audit and Attack Tool

Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has bee...

Crowbar - Brute Forcing Tool (SSH, OpenVPN, RDP, VNC)

Crowbar formally known as Levye is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH...

Spaghetti v0.1.1 - Web Application Security Scanner

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

MSFPC - MSFvenom Payload Creator

MSFvenom Payload Creator MSFPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MSFPC...

raven - Linkedin Information Gathering Tool

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Please do not use this program to do stupid things. The author does not keep any responsability of what damage has been done by this program...

pbscan - Faster And More Efficient Stateless SYN Scanner And Banner Grabber

polarbearscan is an attempt to do faster and more efficient banner grabbing and port scanning. It combines two different ideas which hopefully will make it somewhat worthy of your attention and time. The first of these ideas is to use stateless SYN scanning using cryptographically protected cooki...

LiMEaide - Tool to remotely dump RAM of a Linux client

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

theZoo - A repository of LIVE malwares for your own joy and pleasure

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and saf...

DGA-Detection - DGA Domain Detection using Bigram Frequency Analysis

More and more malware is being created with advanced blocking circumvention techniques. One of the most prevalent techniques being used is the use of Domain Generation Algorithms which periodically generates a set of Domains to contact a C&C server. The majority of these DGA domains generate rand...

NorkNork - Powershell Empire Persistence Finder

This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled Tasks Auto-run WMI subscriptions Security Support provider Ease of Access Center backdoors Machine account password disable INSTALL...

Lynis 2.5.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

CrackLord - Queue and Resource System For Cracking Passwords

CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...