Kali NetHunter 3.0 - Android Mobile Penetration Testing Platform

What’s New in Kali NetHunter 3.0 NetHunter Android Application Rewrite The NetHunter Android application has been totally redone and has become much more “application centric”. Many new features and attacks have been added, not to mention a whole bunch of community-driven bug fixes. The NetHunter...

ParanoicScan - Vulnerability Scanner

Old Options Google & Bing Scanner that also scan : XSS SQL GET / POST SQL GET SQL GET + Admin Directory listing MSSQL Jet Database Oracle LFI RFI Full Source Discloure HTTP Information SQLi Scanner Bypass Admin Exploit FSD Manager Paths Finder IP Locate Crack MD5 Panel Finder Console Fixes +...

IPTV Brute-Force - Search And Brute Force Illegal IPTV Server

This program is just a demonstration. DO NOT USE IT FOR PERSONAL purpose What is this? IPTV is a simple python script that let you crawl the search engines in order to fetch those sites that stream illegal tv programs. This script leverage the fact the a lot of those sites use the same CMS to...

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

Vuvuzela - Private Messaging System That Hides Metadata

Vuvuzela is a messaging system that protects the privacy of message contents and message metadata. Users communicating through Vuvuzela do not reveal who they are talking to, even in the presence of powerful nation-state adversaries. Our SOSP 2015 paper explains the system, its threat model,...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

Blade - A Webshell Connection Tool With Customized WAF Bypass Payloads

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper 中国菜刀. Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is th...

Sublist3R - Fast Subdomains Enumeration Tool For Penetration Testers

Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search engines: Google, Yahoo, Bing, Baidu,...

Nipe - Script To Redirect All Traffic From The Machine To The Tor Network

Script to redirect all the traffic from the machine to the Tor network. + AUTOR: Vinicius Gouvea + EMAIL: [email protected] + BLOG: https://medium.com/viniciusgouvea + GITHUB: https://github.com/HeitorG + FACEBOOK: https://fb.com/viniciushgouvea Installing: git clone...

jSQL Injection v0.73 - Java Tool For Automatic SQL Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free , open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL is part of Kali Linux , the official new BackTrack penetration distribution. jSQL is also included in Black Ha...

CenoCipher - Easy-To-Use, End-To-End Encrypted Communications Tool

CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, suc...

JexBoss - Jboss Verify And Exploitation Tool

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. Requirements Python = 2.7.x Installation To install the latest version of JexBoss, please use the following commands: git clone https://github.com/joaomatosf/jexboss.git cd jexboss python jexboss.py Features...

Faraday 1.0.16 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday introduces a new concept - IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. This version comes with major changes to our Web UI, including the...

PentestPackage - A Package of Multiple Pentest Scripts

Contents: Wordlists - Comprises of password lists, username lists and subdomains Web Service finder - Finds web services of a list of IPs and also returns any URL rewrites Gpprefdecrypt. - Decrypt the password of local users added via Windows 2008 Group Policy Preferences. rdns.sh - Runs...

Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites

Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...

Phan - Static Analyzer For PHP

Phan is a static analyzer for PHP. Getting it running Phan requires PHP 7+ with the php-ast extension loaded. The code you analyze can be written for any version of PHP. To get phan running; 1. Clone the repo 2. Run composer install to load dependencies 3. Run ./test to run the test suite 4. Test...

YaVol - GUI for Volatility Framework and Yara

This is just another GUI for volatility and yara which could make someone's life easier. It is inteded for Incident responders for quick examination of a memory image. Results are stored in sqlite db for reuse. 1. Installation Clone repo git clone https://[email protected]/Ft44k/yavol.git...

Domi-Owned - Tool Used for Compromising IBM/Lotus Domino Servers

Domi-Owned is a tool used for compromising IBM/Lotus Domino servers. Tested on IBM/Lotus Domino 8.5.2, 8.5.3, 9.0.0, and 9.0.1 running on Windows and Linux. Usage A valid username and password is not required unless 'names.nsf' and/or 'webadmin.nsf' requires authentication. Fingerprinting Running...

Ares - Python Botnet and Backdoor

Ares is made of two main programs: A Command aNd Control server, which is a Web interface to administer the agents An agent program, which is run on the compromised host, and ensures communication with the CNC The Web interface can be run on any server running Python. You need to install the...

credmap - The Credential Mapper

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. Help Menu Usage: credmap.py --email EMAIL | --user USER |...

ATSCAN - Server, Site and Dork Scanner

Description: ATSCAN Version 2 Dork scanner. XSS scanner. Sqlmap. LFI scanner. Filter wordpress and Joomla sites in the server. Find Admin page. Decode / Encode MD5 + Base64. Libreries to install: ap-get install libxml-simple-perl NOTE: Works in linux platforms. Permissions & Executution: $chmod +...

Pyersinia - Network Attack Tool

Pyersinia is a similar tool to Yersinia, but Pyersinia is implemented in Python using Scapy. The main objective is the realization of network attacks such as spoofing ARP, DHCP DoS , STP DoS among others. The community can add new attacks on the tool in a simple way, using plugins. This is becaus...

Collection Of Awesome Honeypots

A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. Honeypots Database Honeypots Elastic honey - A Simple Elasticsearch Honeypot mysql - A mysql honeypot, still very very...

Flashlight - Automated Information Gathering Tool for Penetration Testers

Pentesters spend too much time during information gathering phase. Flashlight Fener provides services to scan network/ports and gather information rapidly on target networks. So Flashlight should be the choice to automate discovery step during a penetration test. In this article, usage of Flashli...

Mosca - Static Analysis Tool To Find Bugs

Just another Simple static analysis tool to find bugs like a grep unix command, at mosca have a modules, that was call egg, each egg is a simple config to find bug at especific language like PHP,Ruby,ASP etc... Example of egg config at directory "egg", If Mosca read a line with vunerability of eg...

Joomlavs - A Black Box, Joomla Vulnerability Scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself. How to insta...

USBTracker - Script to track USB devices events and artifacts in a Windows OS

USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS vista and later. Special recommandations USBTracker read some protected log files and needs to be run with administrator permissions. The most simple w...

MassBleed - Mass SSL Vulnerability Scanner

USAGE sh massbleed.sh CIDR|IP single|port|subnet port proxy ABOUT This script has four main functions with the ability to proxy all connections: 1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp https example: sh massbleed.sh 192.168.0.0/16 2. To scan any CIDR range for...

Tor Messenger - Chat over Tor, Easily

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber XMPP , IRC , Google Talk , Facebook Chat , Twitter , Yahoo , and others; enables Off-the-Record OTR Messaging...

Xiaopan OS - Pentesting Distribution for Wireless Security Enthusiasts

Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced tools to penetrate wireless networks. Based on the Tiny Core Linux TCL operating system OS, it has a slick graphical user interface GUI requiring no need for typing Linux commands. Xiaopan O...

Waldo - Multithreaded Directory and Subdomain Bruteforcer

Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target. Key Features Quickly and easily generate a list of all subdomains of target domain Discover hidden...

oclHashcat v2.01 - Worlds Fastest Password Cracker

oclHashcat is the world's fastest and most advanced GPGPU-based password recovery utility, supporting five unique modes of attack for over 170 highly-optimized hashing algorithms. oclHashcat currently supports AMD OpenCL and Nvidia CUDA graphics processors on GNU/Linux and Windows 7/8/10, and has...

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...

SpiderFoot v2.6.1 - Open Source Intelligence Automation

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target. Purpose There are three main areas where SpiderFoot can be useful: 1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the tes...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

Xplico v1.1.1 - Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

Wordbrutepress - Wordpress Brute Force Multithreading with Standard and XML-RPC Login Method

Wordpress Brute Force Multithreading with standard and xml-rpc login method written in python. Features: 1. Multithreading 2. xml-rpc brute force mode 3. http and https protocols support 4. Random User Agent 5. Big wordlist support Usage: Standard login request: python wordbrutepress.py -S -t...

Bohatei - Flexible and Elastic DDoS Defense

Bohatei is a first of its kind platform that enables flexible and elastic DDoS defense using SDN and NFV. The repository contains a first version of the components described in the Bohatei paper, as well as a web-based User Interface. The backend folder consists of : an implementation of the...

BlackArch Linux v2015.11.24 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1308 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. The BlackArch Live ISO contains multiple window...

REXT - Router Exploitation Toolkit

Small toolkit for easy creation and usage of various python scripts that work with embedded devices. core - contains most of toolkits basic functions databases - contains databases, like default credentials etc. interface - contains code that is being used for the creation and manipulation with...

Sniffly - Sniffing Browser History Using HSTS + CSP.

Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome. More info available in my ToorCon 2015 slides:...

UserProfilesView - View User Profiles Information On Your Windows

UserProfilesView displays the list of all user profiles that you currently have in your system. For each user profile, the following information is displayed: Domain\User Name, Profile Path, Last Load Time, Registry File Size, User SID, and more. You can save the profiles list into...

Aircrack-ng 1.2 RC 3 - WEP and WPA-PSK Keys Cracking Program

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other...

Hsecscan - A Security Scanner For HTTP Response Headers

hsecscan A security scanner for HTTP response headers. Requirements Python 2.x Usage $ ./hsecscan.py usage: hsecscan.py -h -P -p -u URL -R -U User-Agent -d 'POST data' -x PROXY A security scanner for HTTP response headers. optional arguments: -h, --help show this help message and exit -P,...

Nmap 7 - Security Scanner For Network Exploration & Security Audits

Nmap “Network Mapper” is a free and open source license utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. Nmap uses ra...

HTTPNetworkSniffer v1.50 - Packet Sniffer Tool That Captures All HTTP Requests/Responses

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method GET, POST, HEAD, URL Path, User Agent,...

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

PowerTools - Collection Of PowerShell Projects With A Focus On Offensive Operations

Veil's PowerTools are a collection of PowerShell projects with a focus on offensive operations. This collection contains five projects: PowerUp PowerBreach PowerPick PewPewPew PowerView PowerUp PowerUp is a powershell tool to assist with local privilege escalation on Windows systems. It contains...

Pemcracker - Tool To Crack Encrypted PEM Files

This tool is inspired by pemcrack by Robert Graham. The purpose is to attempt to recover the password for encrypted PEM files while utilizing all the CPU cores. It still uses high level OpenSSL calls in order to guess the password. As an optimization, instead of continually checking against the P...

Beurk - Experimental Unix Rootkit

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. NOTE: BEURK is a recursive acronym for B EURK E xperimental U nix R oot K it Features Hide attacker files and directories Realtime log cleanup on utmp/wtmp Anti process and login detectio...