BruteXSS - Tool to find XSS vulnerabilities in web application

BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience. This tool is developed in Python, so obviously cross platform, you just need Python...

infoga - Gathering Email Information Tool

Gathering email information tool with Google, Bing, and Shodan. Download infoga...

cgPwn - Cyber Grand Pwnage Box

A lightweight VM for hardware hacking, RE fuzzing, symEx, exploiting etc and wargaming tasks. This is a Ubuntu VM tailored for hardware hacking, RE and Wargaming. Tools included Pwndbg Pwntools Binwalk Radare2 Capstone, Unicorn and Keystone Engines Qira Timeless Debugger AFL Valgrind , VGdb...

filtron - Filtering reverse HTTP proxy

Reverse HTTP proxy to filter requests by different rules. Can be used between production webserver and the application server to prevent abuse of the application backend. The original purpose of this program was to defend searx , but it can be used to guard any web application. Installation and...

IntelMQ - A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams CERTs, CSIRTs, abuse departments,... for collecting and processing security feeds such as log files using a message queuing protocol. It's a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by...

Umbrella - A Phishing Dropper designed to Pentest

Umbrella is a file dropper dedicated to pentest, its download files on target system are execute them without a double execution of exe, only of embed. To compromise the same target again, you need delete this folder on target system : - C:\Users\Public\Libraries\Intel - because dropper checks th...

BlackArch Linux 2017.03.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1707 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: add more than 50 new tools update...

Stitch - Python Remote Administration Tool (RAT)

This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots,...

Lynis 2.4.4 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

shootback - a reverse TCP tunnel let you access target behind NAT or firewall

shootback is a reverse TCP tunnel let you access target behind NAT or firewall Consumes less than 1% CPU and 8MB memory under 800 concurrency. slaver is single file and only depends on python2.7/3.4+ standard library. How it works Typical Scene 1. Access company/school computerno internet IP from...

ansvif - An Advanced Fuzzing Framework Designed To Find Vulnerabilities In C/C++ Code.

ansvif, written primarily in C++, is designed to find code bugs by throwing garbage input at programs to see how they react. This is great for finding bugs, because not every type of input is always handled, and buffers are not always checked, etc. It also comes in handy when writing and protecti...

kimi - Script To Generate Malicious Debian Packages (Debian Trojans)

Script to generate malicious debian packages debain trojans. Kimi is name inspired from "Kimimaro" one of my favriote charater from anime called "Naruto". Kimi is a script which generates Malicious debian package for metasploit which consists of bash file. the bash file is deployed into...

RogueSploit - Powerfull social engeering Wi-Fi trap!

RogueSploit is an open source automated script made to create a Fake Acces Point, with dhcpd server, dns spoofing, host redirection, browserautopwn1 or autopwn2 or beef+mitmf. TO DO LIST: Add BeEF;DONE Add MITMF;DONE Add BDFProxy; Add SeToolkit; Add Hostapd as fake ap; Add some features; What you...

OverThruster - HID Attack Payload Generator For Arduinos

OverThruster is a tool to generate sketches for Arduinos when used as an HID Attack. It was designed around devices with the ATMEGA32U4 chip, like the CJMCU-BEETLE, or the new LilyGo "BadUSB" devices popping up on ebay and aliexpress that look like USB sticks but contain an Arduino. I wrote this...

Hashview - A Web Front-End For Password Cracking And Analytics

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics wi...

WIFI Client Detection - Identify People By Assigning A Name To A Device Performing A Wireless Probe Request

WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request. Download WIFI Client Detection...

crackle - Crack Bluetooth Smart (BLE) Encryption

crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...

SPARTA - Network Infrastructure Penetration Testing Tool

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

Lynis 2.4.3 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. Installing with pip This is the recommended installation method in case you have python and pip . pip install mongoaudit Alternative installer Use this if and only...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

BeeLogger - Generate Emailing Keyloggers to Windows on Linux

Generate gmail emailing keyloggers to windows on linux, powered by python and compiled by pyinstaller. Features Send logs each 120 seconds. Send logs when chars 50. Send logs with gmail. Some Phishing methods are included. Multiple Session disabled. Bypass UAC. Prerequisites apt wine wget Linux...

Dr0p1t-Framework - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? you can read about them from here . Dr0p1t let you create dropper like any tool but this time FUD with some tricks ; Features Works with Windows and Linux Adding malware after downloading it to startup Adding malware after downloading it to task schedul...

dirsearch - Brute Force Directories and Files in Websites

dirsearch is a simple command line tool designed to brute force directories and files in websites. Operating Systems supported Windows XP/7/8/10 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for multiple extensions -e|--extensions asp,php Reporting plain text, JSON...

Network-Analysis-Tools - Pcap Capture File Analysis Tool

Pcap Capture File Analysis Tool Features 1-Top 10 Visited Sites 2-Emails 3-All Request Urls 4-User-Agents List 5-String Grep Mode 6-Connection details 7-Ports Used 8-ALL Ip List 9-Manuel Packet Filter 10-Smtp Analysis 11-Web Attack Detect Installation Modules $ pip install pyshark $ pip install...

MalQR - Collection of malicious QR Codes and Barcodes you can use to test the security of your scanners

MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse MalQR.shielder.it to have a...

wafpass - WAF Security Benchmark

██╗ ██╗ █████╗ ███████╗██████╗ █████╗ ███████╗███████╗ ██║ ██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔════╝██╔════╝ ██║ █╗ ██║███████║█████╗ ██████╔╝███████║███████╗███████╗ ██║███╗██║██╔══██║██╔══╝ ██╔═══╝ ██╔══██║╚════██║╚════██║ ╚███╔███╔╝██║ ██║██║ ██║ ██║ ██║███████║███████║ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚...

TheFatRat v1.8 - Easy Tool For Generate Backdoor with Msfvenom

What is TheFatRat ?? An easy tool to generate backdoor with msfvenom a part from metasploit framework and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The...

vsaudit - VOIP Security Audit Framework

This is an opensource tool to perform attacks to general voip services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them. Install dependencies To start using...

MTR - A Network Diagnostic Tool

MTR combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the...

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors...

HERCULES - A Special Payload Generator That Can Bypass Antivirus Softwares

HERCULES is a customizable payload generator that can bypass antivirus software. INSTALLATTION SUPPORTED PLATFORMS: Operative system | Version ---|--- Ubuntu | 16.04 / 15.10 Kali linux | Rolling / Sana Manjaro | Arch Linux | Black Arch | Parrot OS | 3.1 go get github.com/fatih/color go run Setup....

EGESPLOIT - A Golang Library For Malware Development

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration. DOCUMENTATION CalculateChecksumx : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string...

Smith - A Very Quick And Very Dirty Client/Server Tool For Testing Firewalls

A client/server style agent meant for testing connectivity to and from a machine on a network. Installation python setup.py install or pip install . should install smith. Note: If you want to use the tcp/udp protocol options, you'll need to install scapy and it's dependencies. Ubuntu has 'apt-get...

autovpn - Easily connect to a VPN in a country of your choice

autovpn is a tool to automatically connect you to a random VPN in a country of your choice. It uses openvpn to connect you to a server obtained from VPN Gate. Compiling First clone the repo and cd into the directory: $ git clone https://github.com/adtac/autovpn $ cd autovpn Then run this to...

WMD (Weapon of Mass Destruction) - Python framework for IT security tools

This is a python tool with a collection of IT security software. The software is incapsulated in "modules". The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command "use modulecall", e.g. "use apsniff", to activate the module. ...

credmap v0.1 - The Credential Mapper

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. An official introductionary post can be found here . Help Me...

Tater - A PowerShell implementation of the Hot Potato Windows Privilege Escalation Exploit

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Included In p0wnedShell - https://github.com/Cn33liz/p0wnedShell PowerShell Empire - https://github.com/PowerShellEmpire/Empire PSAttack - https://github.com/jaredhaight/psattack Functions Invoke-Tater Th...

Insanity-Framework - Generate Payloads and control Remote Machines

With the dynamics of persuasion that prove effective in a pentest, several painstaking means of making a payload has emerged, Insanity Framework provides speed and effectiveness in a single tool to help you work. Features Bypass most AV and Sandboxes. Remote Control. Payload Generation. Some...

Linux Kodachi3 - Secure Open Source Linux Distribution

Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. Kodachi is very easy to use all you have to do is...

Faraday v2.3 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

OWASP Security Knowledge Framework - An expert system application that uses OWASP Application Security Verification Standard

Security Knowledge Framework is an expert system application that uses OWASP Application Security Verification Standard, code examples, helps developers in pre-development and post-development. Introduction Our experience taught us that the current level of security the current web-applications...

Cyber Probe - Capturing, Analysing and Responding to Cyber Attacks

Cyberprobe is a distributed software architecture for monitoring of networks against attack. It consists of two components: cyberprobe, which collects data packets and forwards them over a network in standard streaming protocols; and cybermon which decodes protocols, and invokes user-defined logi...

Nozes - PeTest CMD Manager [Automate Your PenTest Attacks In One Click]

Nozes is a Pentest cmd manager. You can automate your pentest attacks in one click and get results... Read the docs: https://github.com/CoolerVoid/nozes/blob/master/doc/nozesapresentation1.pdf Install To install: Need: httpd server with TLS/SSL SQLite3 php5 and php5-sqlite and PDO driver of sqlit...

OWASP Security Shepherd - Web And Mobile Application Security Training Platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

FiercePhish - A Full-Fledged Phishing Framework To Manage All Phishing Engagements

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notificati...

reversemap - Analyse SQL injection attempts in web server logs

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will...

passfault - OWASP Passfault evaluates passwords and enforces password policy in a completely different way

Objective: Do Passwords Better! Running the Command-line Interface: 1. install java 2. cd core 3. gradlew installDist 4. run build/install/core/bin/core Running the jsonWebService: 1. cd jsonService 2. gradlew build jettyRunWar 3. browse to localhost:8080/jsonService Note the war will be located ...

backdoorppt - transform your payload.exe into one fake word doc (.ppt)

backdoorppt - 'Office spoof extensions tool' Version release: v1.5-Stable Distros Supported: Linux Kali, Ubuntu, Mint Author: pedro ubuntu r00t-3xp10it Suspicious-Shell-Activity© SSA RedTeam develop @2017 Transform your payload.exe into one fake word doc .ppt Simple script that allow users to add...

iptodomain - This tool extract domains from IP address based in the information saved in virustotal

This tool allows you to extract domains from a IP range, using the historic information archived in Virustotalusing API key. It is usefull if you want to know what domains are behind of this IP address, for example in bug bounty programs one of the first steps is to extract subdomains, this tool...