Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/01/31 5:43 a.m.32 views

AD ACL Scanner

AD ACL Scanner AD ACL Scanner is a tool completly written in PowerShell with GUI used to create reports of access control lists DACLs and system access control lists SACLs in Active Directory . New Features Faster compare of Access Control Lists using USN from replication metadata. Primary...

7.1AI score
Exploits0
n0where
n0where
added 2016/12/27 5:52 a.m.32 views

Fuzzer for Individual Method Parameters: RamFuzz

Fuzzer for Individual Method Parameters RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and the log can be replayed to repeat the exact same test scenario. But RamFuz...

7.6AI score
Exploits0References7
n0where
n0where
added 2016/12/12 4:32 p.m.32 views

Auto Backdooring Utility: backdoorme

Auto Backdooring Utility Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.Backdoorme relies on having an existing SSH connection or credentials to the victim, through which...

Exploits0References2
n0where
n0where
added 2016/07/31 3:34 a.m.32 views

Ubuntu Based Penetration Testing Operating system: LionSec

Ubuntu Based Penetration Testing Operating system LionSec Linux 5.0 is a Ubuntu based penetration testing distribution . It was built in order to perform Computer Forensics , Penetration Tests , Wireless Analysis . With the “Anonymous Mode” , you can browse the internet or send packets anonymousl...

0.8AI score
Exploits0
n0where
n0where
added 2016/07/06 6:14 p.m.32 views

Advanced Browser Exploit Pack: BrowserExploit

Advanced Browser Exploit Pack BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task. BrowserSploit u...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/06/15 6:43 p.m.32 views

PowerShell Runspace Portable Post Exploitation Tool: PowerOPS

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...

0.8AI score
Exploits0References7
n0where
n0where
added 2016/05/25 1:17 p.m.32 views

Network Wide Hardware Ad Blocking: Pi-Hole

The Pi-hole can block ads for all devices on your network. All you need is a Raspberry Pi connected to your router. It was inspired as a low-cost,open source alternative to the AdTrap. The Pi-hole works on the the B, B+and Pi 2 it can also run on the Zero, but you need a micro-USB-to-Ethernet...

Exploits0References3
n0where
n0where
added 2016/04/07 6:51 p.m.32 views

Windows File Shares Reconnaissance: SMBCrunch

One of the most time consuming tasks during a security auditing process is diving into file-systems and shares, attempting to identify any potentially sensitive information. SMBCrunch helps penetration testers to quickly identify Windows File Shares on a network, perform a recursive directory...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/03/08 5:5 p.m.32 views

Testing TLS/SSL encryption: testssl.sh

testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It’s designed to provide clear output in any case. Testing TLS/SSL encryption: testssl.sh Key features Clear output: you can tell...

7.3AI score
Exploits0References3
n0where
n0where
added 2015/12/07 3:34 p.m.32 views

Automatic SQL Database Injection: jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic best algorit...

8.3AI score
Exploits0References1
n0where
n0where
added 2015/09/05 1:29 a.m.32 views

802.11 Massive Monitoring: WiWo

wiwo is a distributed 802.11 monitoring and injecting system that was designed to be simple and scalable, in which all workers nodes can be managed by a Python framework Building the worker Requirements Install necessary requirements. $ sudo apt-get install build-essential git subversion...

7.6AI score
Exploits0References3
n0where
n0where
added 2014/12/18 3:43 p.m.32 views

Single Packet Authorization: fwknop

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

0.3AI score
Exploits0References2
n0where
n0where
added 2014/12/10 9:8 p.m.32 views

Next Generation Penetration Testing Distro: Cyborg Hawk

Next Generation Penetration Testing Distro The world’s most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. It...

1.1AI score
Exploits0
n0where
n0where
added 2014/09/17 11:39 a.m.32 views

Smartcard Undocumented Commands: THC-SmartBrute

This tools finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. … iterates through all the possible values of CLA and INS to find a valid combination. Furthermore it tries to...

1.9AI score
Exploits0
n0where
n0where
added 2014/02/08 1:10 p.m.32 views

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

0.3AI score
Exploits0References1
n0where
n0where
added 2013/01/03 11:5 p.m.32 views

Anonymous General Purpose Operating System: Whonix

Whonix is a free desktop operating system OS that is specifically designed for advanced security and privacy. Based on Tor, Debian GNU/Linux and the principle of security by isolation, it realistically addresses common attack vectors while maintaining usability. Online anonymity is made possible...

6.7AI score
Exploits0
n0where
n0where
added 2012/09/18 12:28 a.m.32 views

Open Source Web Server Scanner: NIkto

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for...

0.3AI score
Exploits0
n0where
n0where
added 2018/06/18 8:42 p.m.31 views

Network Share Sniffer and Auto-Mounter for Crawling Remote File Systems: sharesniffer

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares. How to use Example to find all hosts on any local network with open/closed nfs/smb shares: python...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/04/26 4:31 a.m.31 views

Penetration Testers Framework: PTF

The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all o...

0.1AI score
Exploits0References1
n0where
n0where
added 2018/03/12 4:21 p.m.31 views

AIO OS Command Injection and Exploitation Tool: Commix

Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...

8.2AI score
Exploits0References16
n0where
n0where
added 2017/09/20 5:11 a.m.31 views

Ghost In The Net

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan Properties: Network Invisibility Network Anonymity Protects from MITM/DOS Transparent Cross-platform Minimalistic Dependencies: Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and...

Exploits0References1
n0where
n0where
added 2017/09/19 4:51 a.m.31 views

Fast and More Efficient Stateless SYN Scanner And Banner Grabber: PolarBearScan

polarbearscan is an attempt to do faster and more efficient banner grabbing and port scanning. It combines two different ideas which hopefully will make it somewhat worthy of your attention and time. The first of these ideas is to use stateless SYN scanning using cryptographically protected cooki...

Exploits0References1
n0where
n0where
added 2017/08/16 4:52 a.m.31 views

Automate Getting Domain Admin Using Empire: DeathStar

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. Installation Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request...

7.2AI score
Exploits0References4
n0where
n0where
added 2017/08/07 7:54 p.m.31 views

Runtime Mobile Exploration: objection

objection is a runtime mobile exploration toolkit, powered by Frida . It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project’s name quite literally explains the approach as well, whereby...

Exploits0References2
n0where
n0where
added 2017/07/10 3:46 p.m.31 views

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

6.7AI score
Exploits0References1
n0where
n0where
added 2017/07/03 5:30 p.m.31 views

Professional PE file Explorer: PPEE

Professional PE file Explorer Puppy is a lightweight yet strong tool for static investigation of suspicious files. A companion plugin is also provided to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy,...

7.1AI score
Exploits0
n0where
n0where
added 2017/03/31 5:0 a.m.31 views

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...

0.5AI score
Exploits0References1
n0where
n0where
added 2017/02/13 9:0 p.m.31 views

Malware Information Sharing Platform: MISP

Malware Information Sharing Platform MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is...

6.8AI score
Exploits0References7
n0where
n0where
added 2016/11/18 6:25 a.m.31 views

Raspberry Pi Zero Malicious USB Attack: PoisonTap

Raspberry Pi Zero Malicious USB Attack Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js. PoisonTap produces a cascading effect by exploiting the existing trust in variou...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/08/27 3:53 a.m.31 views

Dynamic Diversification Engine: malWASH

Dynamic Diversification Engine malWASH is a dynamic diversification engine that executes an arbitrary program without being detected by dynamic analysis tools. In other words, it is a malware engine, that can make existing malware, to evade all existing behavioral and dynamic analysis detection...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/02/25 6:44 p.m.31 views

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

0.9AI score
Exploits0References8
n0where
n0where
added 2016/02/03 5:31 a.m.31 views

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

7AI score
Exploits0References2
n0where
n0where
added 2016/01/17 12:26 a.m.31 views

Cross Platform ELF Analysis: ELF Parser

ELF Parser attempts to move ELF malware analysis forward by quickly providing basic information and static analysis of the binary. The end goal of ELF Parser is to indicate to the analyst if it thinks the binary is malicious / dangerous and if so why. Load Any Executable ELF ELF Parser supports...

0.8AI score
Exploits0References1
n0where
n0where
added 2015/09/24 6:44 p.m.31 views

Network Security Testing: Evil Foca

Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the...

0.2AI score
Exploits0References1
n0where
n0where
added 2015/09/14 4:36 a.m.31 views

MITM PE file infector: PEInjector

The executable file format on the Windows platform is PE COFF. The peinjector provides different ways to infect these files with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant,...

Exploits0References3
n0where
n0where
added 2015/05/04 12:2 p.m.31 views

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

7.7AI score
Exploits0References3
n0where
n0where
added 2015/01/19 8:36 a.m.31 views

Streisand

The Internet can be a little unfair. It’s way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough . Or is it? Introducing Streisand A single command sets up a brand new server...

0.3AI score
Exploits0References3
n0where
n0where
added 2014/04/23 3:40 p.m.31 views

Mail Server In a Box

Mail-Box : Mass electronic surveillance by governments revealed over the last year has spurred a new movement to re-decentralize the web, that is, to empower netizens to be their own service providers again. SMTP, the protocol of email, is decentralized in principle but highly centralized in...

0.1AI score
Exploits0References2
n0where
n0where
added 2012/12/31 3:19 p.m.31 views

Anonymous Twitter: AnonTwi

AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more. Anonymous Twitter AnonTwi supports: AES + HMAC-SHA1 encryption on...

7.3AI score
Exploits0
n0where
n0where
added 2018/08/19 1:7 a.m.30 views

Detect Evil Maid Attacks: Do Not Disturb

Physical access or “evil maid” attacks are some of the most insidious threats faced by those of us who travel with our Macs. Do Not Disturb DND is a free, open-source utility that aims to detect and alert you of such attacks! One of the best ways to compromise a computer is with physical access...

0.5AI score
Exploits0References1
n0where
n0where
added 2018/04/26 5:28 p.m.30 views

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

0.1AI score
Exploits0
n0where
n0where
added 2018/01/12 6:7 p.m.30 views

Network Infrastructure Penetration Testing: SPARTA

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/12/21 12:52 a.m.30 views

Cross-Platform Post-Exploitation HTTP/2 Command & Control Server: Merlin

Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy PFS encryption cipher suites are used. The use of these cipher suites makes it incredibly difficult to capture...

0.4AI score
Exploits0References3
n0where
n0where
added 2017/11/23 8:25 p.m.30 views

Web Privacy Measurement Framework: OpenWPM

Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although...

7.5AI score
Exploits0References2
n0where
n0where
added 2017/10/02 4:49 a.m.30 views

UEFI Firmware Parser

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

7.5AI score
Exploits0References1
n0where
n0where
added 2017/10/02 3:49 a.m.30 views

Java RMI Enumeration & Attack Tool: BaRMIe

BaRMIe is a tool for enumerating and attacking Java RMI Remote Method Invocation services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/06/19 5:53 p.m.30 views

ARP Firewall: SCUTUM

SCUTUM is an ARP firewall that prevents your computer from being arp spoofed. Scutum controls “arptables” in your computer so it accepts ARP packets only from the gateway. This way, people with malicious intentions cannot spoof your arp table. Scutum also prevents other people from detecting your...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/05/11 3:59 a.m.30 views

Phishing Kit Hunter

Phishing Kit Hunter PhishingKitHunter or PKHunter is a tool made for identifying phishing kits URLs used in phishing campaigns targeting your customers and using some of your own website files as CSS, JS, …. This tool – write in Python 3 – is based on the analysis of referer’s URL which GET...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/05/06 4:15 a.m.30 views

Windows Penetration Testing Tool: RedSnarf

Windows Penetration Testing Tool RedSnarf is a pen-testing / red-teaming tool by Ed William and Richard Davy for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf aims to do the following: Leave no evidence on the hos...

0.4AI score
Exploits0References3
n0where
n0where
added 2017/02/07 5:29 a.m.30 views

The Social-Engineer Toolkit (SET)

The Social-Engineer Toolkit SET is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET is written by David Kennedy ReL1K and with a lot of help from the community it has incorporated attacks neve...

7.3AI score
Exploits0References2
Total number of security vulnerabilities1052