Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2016/09/12 5:34 p.m.35 views

MITM BLE Security Assessment: gattacker

MITM BLE Security Assessment A Node.js package for BLE Bluetooth Low Energy Man-in-the-Middle & more The tool creates exact copy of attacked device in Bluetooth layer, and then tricks mobile application to interpret its broadcasts and connect to it instead the original device. At the same time, i...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/09/12 4:34 p.m.35 views

Mercenary Linux

Mercenary-Linux is a “new-era” lightweight distribution of mostly Dockerized tools built for field expedient hunting, forensics, and malware analysis. This problem birthed MHF Mercenary Hunt Framework which allows the hunt team to easily perform hunt operations within a framework that aggregates...

7AI score
Exploits0
n0where
n0where
added 2016/04/17 11:53 a.m.35 views

Ruggedization Framework For Security Testing: Gauntlt

Gauntlt is a ruggedization framework that is enables security testing that is usable by devs, ops and security. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testin...

7.2AI score
Exploits0References6
n0where
n0where
added 2015/11/04 9:14 p.m.35 views

Distributed Password Cracking: CrackLord

Over the past several years the world of password cracking has exploded with new tools and techniques. These new techniques have made it easier than ever to reverse captured password hashes. With the addition of powerful techniques, from GPGPU cracking to rainbow tables, it is easier than ever to...

7.1AI score
Exploits0References2
n0where
n0where
added 2015/09/21 9:38 p.m.35 views

DHCP exhaustion attack: DHCPig

dhcpig – an advanced DHCP exhaustion attack DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy =2.1...

0.3AI score
Exploits0References1
n0where
n0where
added 2015/08/14 3:28 a.m.35 views

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

Exploits0References2
n0where
n0where
added 2015/01/20 2:25 a.m.35 views

Parse Various Log Files: Plaso

Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...

7AI score
Exploits0References1
n0where
n0where
added 2014/08/04 3:24 p.m.35 views

Drag-and-Drop Encryption: miniLock

Drag-and-Drop Encryption miniLock The encryption project named minilock, is a free and open-source program plugin witch lets anybody encrypt and decrypt files in seconds utilizing drag-and-drop interface. minilock offers a region where your files should be dropped and it works with all file types...

6.6AI score
Exploits0References2
n0where
n0where
added 2014/06/25 11:23 a.m.35 views

How To Remove File Metadata

How To Remove File Metadata For those of you who want to remove file metadata from any shared data, you can use existing document or image editor software which typically have built-in metadata editing capability. In this tutorial, we will introduce a standalone metadata cleaner tool which is...

6.8AI score
Exploits0References1
n0where
n0where
added 2012/01/16 11:6 p.m.35 views

Open Source MySQL Injection: sqlsus

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the databases structure, inject your own SQL queries even complex ones, download files from the web server, crawl the website for writable directories, upload and control a...

8.6AI score
Exploits0
n0where
n0where
added 2012/01/15 4:49 p.m.35 views

Extreme GPU Bruteforcer

Extreme GPU Bruteforcer is a professional solution for the recovery of passwords from hashes using GPU. The software supports hashes of the following types: MySQL, MySQL5, DESUnix, MD4, MD5, MD5Unix, MD5APR, MD5phpBB3, MD5WordPress, LM, NTLM, SHA-1 and many others. On modern graphics cards from...

0.3AI score
Exploits0
n0where
n0where
added 2018/08/19 2:12 a.m.34 views

Microsoft Research Detours Package

Detours is a software package for monitoring and instrumenting API calls on Windows. Detours has been used by many ISVs and is also used by product teams at Microsoft. Detours is now available under a standard open source license MIT. This simplifies licensing for programmers using Detours and...

3.3AI score
Exploits0References2
n0where
n0where
added 2018/07/10 6:24 p.m.34 views

Query Windows Machine for RAM Artifacts: memtriage

Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...

6.9AI score
Exploits0References3
n0where
n0where
added 2017/06/19 6:14 p.m.34 views

Salt Open Linux Vulnerability Scanner: Salt Scanner

Salt Open Linux Vulnerability Scanner A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications. Requirements Salt Open salt-master, salt-minion¹ Python 2.7 Salt pip install salt==2016.11.5 Slackclient pip install slackclient==1.0.5 Usage root@localhost pyth...

0.8AI score
Exploits0References1
n0where
n0where
added 2017/06/19 3:31 p.m.34 views

Find Exploits in Local and Online Databases: Findsploit

Find Exploits in Local and Online Databases Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes “copysploit” to copy any exploit-db exploit to the current directory and “compilesploit” to automatically compile and r...

7AI score
Exploits0References1
n0where
n0where
added 2017/06/19 4:46 a.m.34 views

DNS Reconnaissance: AQUATONE

DNS Reconnaissance AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/05/31 10:45 p.m.34 views

Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/04/27 8:56 p.m.34 views

Monitor AWS & GCP Configurations: Security Monkey

Monitor AWS & GCP Configurations Security Monkey is an OpenSource application from Netflix NetflixOSS which monitors/alerts/reports one or multiple AWS/GCP accounts for anomalies. Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It...

1AI score
Exploits0References6
n0where
n0where
added 2017/02/07 5:8 a.m.34 views

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

1.7AI score
Exploits0References1
n0where
n0where
added 2016/11/21 5:51 a.m.34 views

Social Engineering Attack Vector: QRLJacking

Social Engineering Attack Vector QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell...

0.7AI score
Exploits0References2
n0where
n0where
added 2016/05/19 3:13 p.m.34 views

PE Executables Static Analyzer: Manalyze

PE Executables Static Analyzer Manalyze performs static analysis on PE files, in order to detect signs of malicious behavior. It is a versatile tool with a robust parser and a set of built-in tests, but can also be extended easily.Manalyze was written in C++ for Windows and Linux and is released...

7.2AI score
Exploits0References1
n0where
n0where
added 2016/01/07 10:17 a.m.34 views

Kali Linux NetHunter

Official Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal their latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus devices built on top of Kali Linux, which includes...

7.5AI score
Exploits0References4
n0where
n0where
added 2015/09/05 7:34 p.m.34 views

Robust ClamAV-based Linux Malware Scanner: MalScan

Malscan is a robust and fully featured scanning platform for Linux servers that greatly simplifies keeping your web servers secure and malware-free. It is built upon the ClamAV platform, providing all of the features of Clamscan with a host of new features and detection modes. Features Multiple...

0.1AI score
Exploits0References1
n0where
n0where
added 2015/06/22 10:0 p.m.34 views

SQLMap Web Front End

PHP Front end to work with the SQLMAP JSON API Server sqlmapapi.py to allow for a Web GUI to drive near full functionality of SQLMAP! Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005 SQLMap Web GUI Requirements: Linux, Apache, PHP check your favorite distro’s wiki or forum pages, or use google PH...

0.8AI score
Exploits0References2
n0where
n0where
added 2015/04/14 2:8 p.m.34 views

WEP and WPA Cracking Tool Suite: Aircrack-ng

WEP and WPA Cracking Aircrack-ng Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making...

7.4AI score
Exploits0
n0where
n0where
added 2015/03/31 7:17 a.m.34 views

Common Reverse Shells

If you’re lucky enough to find a remote command execution vulnerability, you’ll more often than not want to connect back to your attacking machine to leverage an interactive shell. Below are a collection of reverse shells that use commonly installed programming languages, or commonly installed...

0.5AI score
Exploits0
n0where
n0where
added 2014/09/17 11:4 a.m.34 views

Bandwidth Monitor – NetHogs

Bandwidth Monitor NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there’s suddenly a lot of network traffic, you can fire up...

7.5AI score
Exploits0
n0where
n0where
added 2018/08/29 3:43 a.m.33 views

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/12/14 7:23 p.m.33 views

Automatize Obfuscation and Generation of MS Office Documents: macro_pack

The macropack is a tool used to automatize obfuscation and generation of MS Office documents for pentest, demo, and social engineering assessments. The goal of macropack is to simplify antimalware solutions bypass and automatize the process from vba generation to final Office document generation...

6.6AI score
Exploits0References2
n0where
n0where
added 2017/05/11 5:6 a.m.33 views

Vulnerability Assessment & Management Tool: Jackhammer

Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team , QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt...

0.3AI score
Exploits0References10
n0where
n0where
added 2017/04/20 5:40 p.m.33 views

Mozilla InvestiGator: MIG

Mozilla InvestiGator Mozilla’s real-time digital forensics and investigation platform MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents...

0.1AI score
Exploits0References3
n0where
n0where
added 2016/12/27 5:52 a.m.33 views

Fuzzer for Individual Method Parameters: RamFuzz

Fuzzer for Individual Method Parameters RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and the log can be replayed to repeat the exact same test scenario. But RamFuz...

7.6AI score
Exploits0References7
n0where
n0where
added 2016/12/12 4:32 p.m.33 views

Auto Backdooring Utility: backdoorme

Auto Backdooring Utility Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.Backdoorme relies on having an existing SSH connection or credentials to the victim, through which...

Exploits0References2
n0where
n0where
added 2016/10/09 7:56 p.m.33 views

Instruction Trace Visualisation Tool: rgat

An instruction trace visualisation tool intended to help reverse engineers make the link between target behaviour and code. rgat uses dynamic binary instrumentation courtesy of DynamoRIO to produce graphs from running executables. It creates static and animated visualisations in realtime to suppo...

Exploits0References4
n0where
n0where
added 2016/07/06 5:4 p.m.33 views

Offline Digital Forensics Tool for Binary Files: ByteForce

Offline Digital Forensics Tool for Binary Files Offline Digital Forensics Tool for Binary Files This tool can be used for offline digital forensics and malware analysis as it shows all raw bytes of a file and also the ASCII representations. As you can see from the screenshots, It can be used on a...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/05/26 2:18 p.m.33 views

General Purpose Fuzzer: Radamsa

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...

7.5AI score
Exploits0References1
n0where
n0where
added 2015/09/18 9:55 p.m.33 views

Exploit Search: XPL-Search

XPL SEARCH is a script made in PHP, to perform quick searches for vulnerabilities or exploits in multiple databases Dependencies: The XPL SEARCH is written in PHP and therefore, can be used both on Linux or Windows. The following items are required for the proper functioning of the script: PHP...

7.2AI score
Exploits0References1
n0where
n0where
added 2015/05/26 1:15 a.m.33 views

Multi Purpose Fuzzer: zzuf

Multi Purpose Fuzzer zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data which more than often comes from untrusted sources on the Internet. It works by intercepting file and network operations and changing random...

Exploits0References1
n0where
n0where
added 2015/02/06 1:50 a.m.33 views

WiFiJammer – Continuously jam all wifi clients/routers

Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective...

0.4AI score
Exploits0References1
n0where
n0where
added 2014/12/27 5:46 a.m.33 views

Data Stream Encryption: ciphr

Data Stream Encryption Ciphr is a CLI tool for performing and composing encoding, decoding, encryption, decryption, hashing, and other various operations on streams of data. It takes provided data, file data, or data from stdin, and executes a pipeline of functions on the data stream, writing the...

7.1AI score
Exploits0References2
n0where
n0where
added 2014/12/26 8:58 p.m.33 views

Web Application Brute Force Attack: Crowbar

Web Application Brute Force Attack Crowbar was developed to brute force some protocols in a different manner then other ‘popular’ brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute forcing, Crowbar uses SSH keys. Currently Crowbar supports...

7.7AI score
Exploits0References2
n0where
n0where
added 2013/06/07 4:10 p.m.33 views

WPA Cluster Cracker: Moscrack

Moscrack WPA Cluster Cracker Moscrack facilitates the use of a WPA cracker on a cluster. Currently it works with Mosix clustering software, SSH, RSH and Pyrit. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to seperate processes that run...

7.4AI score
Exploits0
n0where
n0where
added 2013/05/06 11:40 p.m.33 views

Raspberrypi Wireless Attack Toolkit

Raspberrypi Wireless Attack Toolkit is a push-button wireless hacking and Man-in-the-Middle attack toolkit This project is designed to run on Embedded ARM platforms specifically v6 and RaspberryPi . It provides users with automated wireless attack tools that air paired with man-in-the-middle tool...

Exploits0
n0where
n0where
added 2018/08/22 5:26 p.m.32 views

Social Media Enumeration & Correlation Tool: Social Mapper

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s...

Exploits0References1
n0where
n0where
added 2018/06/18 7:35 p.m.32 views

Collecting & Hunting For IOCs With Gusto and Style: rastrea2r

Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r pronounced “rastreador” – hunter- in Spanish is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise IOCs...

7.5AI score
Exploits0References2
n0where
n0where
added 2018/05/29 2:29 a.m.32 views

CERT Tapioca for MITM Analysis

CERT Tapioca is a utility for testing mobile or any other application using MITM techniques. CERT Tapioca development was sponsored by the United States Army Armament Research, Development and Engineering Center ARDEC as well as the United States Department of Homeland Security DHS. Installation...

0.1AI score
Exploits0References3
n0where
n0where
added 2018/04/11 10:18 p.m.32 views

Web Service Security Assessment Tool: WSSAT

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

Exploits0References2
n0where
n0where
added 2017/11/21 4:51 p.m.32 views

Password Recovery Platform: Wavecrack

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat . The interface tries to be as user-friendly as possible and facilitates the password...

0.1AI score
Exploits0References8
n0where
n0where
added 2017/09/20 5:11 a.m.32 views

Ghost In The Net

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan Properties: Network Invisibility Network Anonymity Protects from MITM/DOS Transparent Cross-platform Minimalistic Dependencies: Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and...

Exploits0References1
n0where
n0where
added 2017/08/30 4:1 a.m.32 views

Linkedin Information Gathering Tool: raven

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Usage of this is application is pretty simple. It requires at least three parameters. The first one is the company name , the second one is the count...

1.1AI score
Exploits0References1
Total number of security vulnerabilities1052