Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/11/21 4:51 p.m.32 views

Password Recovery Platform: Wavecrack

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat . The interface tries to be as user-friendly as possible and facilitates the password...

0.1AI score
Exploits0References8
n0where
n0where
added 2017/09/20 5:11 a.m.32 views

Ghost In The Net

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan Properties: Network Invisibility Network Anonymity Protects from MITM/DOS Transparent Cross-platform Minimalistic Dependencies: Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and...

Exploits0References1
n0where
n0where
added 2017/08/30 4:1 a.m.32 views

Linkedin Information Gathering Tool: raven

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Usage of this is application is pretty simple. It requires at least three parameters. The first one is the company name , the second one is the count...

1.1AI score
Exploits0References1
n0where
n0where
added 2017/08/15 4:28 a.m.32 views

Highly Customizable Raspberry Pi USB Attack Platform: P4wnP1

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W required for HID backdoor. Introduction the Windows LockPicker unlock Windows boxes with weak passwords, fully automated by attaching P4wnP1 the HID covert channel backdoor Get remote...

7.5AI score
Exploits0References4
n0where
n0where
added 2017/08/07 7:54 p.m.32 views

Runtime Mobile Exploration: objection

objection is a runtime mobile exploration toolkit, powered by Frida . It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project’s name quite literally explains the approach as well, whereby...

Exploits0References2
n0where
n0where
added 2017/07/03 5:30 p.m.32 views

Professional PE file Explorer: PPEE

Professional PE file Explorer Puppy is a lightweight yet strong tool for static investigation of suspicious files. A companion plugin is also provided to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy,...

7.1AI score
Exploits0
n0where
n0where
added 2017/06/26 4:39 a.m.32 views

System Integrity Management Platform: SIMP

System Integrity Management Platform The System Integrity Management Platform SIMP is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/02/13 9:0 p.m.32 views

Malware Information Sharing Platform: MISP

Malware Information Sharing Platform MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is...

6.8AI score
Exploits0References7
n0where
n0where
added 2017/01/31 5:43 a.m.32 views

AD ACL Scanner

AD ACL Scanner AD ACL Scanner is a tool completly written in PowerShell with GUI used to create reports of access control lists DACLs and system access control lists SACLs in Active Directory . New Features Faster compare of Access Control Lists using USN from replication metadata. Primary...

7.1AI score
Exploits0
n0where
n0where
added 2016/07/31 3:34 a.m.32 views

Ubuntu Based Penetration Testing Operating system: LionSec

Ubuntu Based Penetration Testing Operating system LionSec Linux 5.0 is a Ubuntu based penetration testing distribution . It was built in order to perform Computer Forensics , Penetration Tests , Wireless Analysis . With the “Anonymous Mode” , you can browse the internet or send packets anonymousl...

0.8AI score
Exploits0
n0where
n0where
added 2016/07/06 6:14 p.m.32 views

Advanced Browser Exploit Pack: BrowserExploit

Advanced Browser Exploit Pack BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task. BrowserSploit u...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/06/15 6:43 p.m.32 views

PowerShell Runspace Portable Post Exploitation Tool: PowerOPS

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...

0.8AI score
Exploits0References7
n0where
n0where
added 2016/05/25 1:17 p.m.32 views

Network Wide Hardware Ad Blocking: Pi-Hole

The Pi-hole can block ads for all devices on your network. All you need is a Raspberry Pi connected to your router. It was inspired as a low-cost,open source alternative to the AdTrap. The Pi-hole works on the the B, B+and Pi 2 it can also run on the Zero, but you need a micro-USB-to-Ethernet...

Exploits0References3
n0where
n0where
added 2016/03/08 5:5 p.m.32 views

Testing TLS/SSL encryption: testssl.sh

testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. It’s designed to provide clear output in any case. Testing TLS/SSL encryption: testssl.sh Key features Clear output: you can tell...

7.3AI score
Exploits0References3
n0where
n0where
added 2016/02/03 5:31 a.m.32 views

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

7AI score
Exploits0References2
n0where
n0where
added 2015/12/07 3:34 p.m.32 views

Automatic SQL Database Injection: jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic best algorit...

8.3AI score
Exploits0References1
n0where
n0where
added 2015/09/14 4:36 a.m.32 views

MITM PE file infector: PEInjector

The executable file format on the Windows platform is PE COFF. The peinjector provides different ways to infect these files with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant,...

Exploits0References3
n0where
n0where
added 2015/09/05 1:29 a.m.32 views

802.11 Massive Monitoring: WiWo

wiwo is a distributed 802.11 monitoring and injecting system that was designed to be simple and scalable, in which all workers nodes can be managed by a Python framework Building the worker Requirements Install necessary requirements. $ sudo apt-get install build-essential git subversion...

7.6AI score
Exploits0References3
n0where
n0where
added 2015/05/04 12:2 p.m.32 views

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

7.7AI score
Exploits0References3
n0where
n0where
added 2014/12/18 3:43 p.m.32 views

Single Packet Authorization: fwknop

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

0.3AI score
Exploits0References2
n0where
n0where
added 2014/12/10 9:8 p.m.32 views

Next Generation Penetration Testing Distro: Cyborg Hawk

Next Generation Penetration Testing Distro The world’s most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. It...

1.1AI score
Exploits0
n0where
n0where
added 2014/09/17 11:39 a.m.32 views

Smartcard Undocumented Commands: THC-SmartBrute

This tools finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. … iterates through all the possible values of CLA and INS to find a valid combination. Furthermore it tries to...

1.9AI score
Exploits0
n0where
n0where
added 2014/02/08 1:10 p.m.32 views

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

0.3AI score
Exploits0References1
n0where
n0where
added 2013/01/03 11:5 p.m.32 views

Anonymous General Purpose Operating System: Whonix

Whonix is a free desktop operating system OS that is specifically designed for advanced security and privacy. Based on Tor, Debian GNU/Linux and the principle of security by isolation, it realistically addresses common attack vectors while maintaining usability. Online anonymity is made possible...

6.7AI score
Exploits0
n0where
n0where
added 2012/09/18 12:28 a.m.32 views

Open Source Web Server Scanner: NIkto

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for...

0.3AI score
Exploits0
n0where
n0where
added 2018/06/18 8:42 p.m.31 views

Network Share Sniffer and Auto-Mounter for Crawling Remote File Systems: sharesniffer

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares. How to use Example to find all hosts on any local network with open/closed nfs/smb shares: python...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/04/26 4:31 a.m.31 views

Penetration Testers Framework: PTF

The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all o...

0.1AI score
Exploits0References1
n0where
n0where
added 2018/03/12 4:21 p.m.31 views

AIO OS Command Injection and Exploitation Tool: Commix

Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...

8.2AI score
Exploits0References16
n0where
n0where
added 2017/09/19 4:51 a.m.31 views

Fast and More Efficient Stateless SYN Scanner And Banner Grabber: PolarBearScan

polarbearscan is an attempt to do faster and more efficient banner grabbing and port scanning. It combines two different ideas which hopefully will make it somewhat worthy of your attention and time. The first of these ideas is to use stateless SYN scanning using cryptographically protected cooki...

Exploits0References1
n0where
n0where
added 2017/08/16 4:52 a.m.31 views

Automate Getting Domain Admin Using Empire: DeathStar

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. Installation Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request...

7.2AI score
Exploits0References4
n0where
n0where
added 2017/07/10 3:46 p.m.31 views

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

6.7AI score
Exploits0References1
n0where
n0where
added 2017/03/31 5:0 a.m.31 views

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...

0.5AI score
Exploits0References1
n0where
n0where
added 2016/11/18 6:25 a.m.31 views

Raspberry Pi Zero Malicious USB Attack: PoisonTap

Raspberry Pi Zero Malicious USB Attack Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js. PoisonTap produces a cascading effect by exploiting the existing trust in variou...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/09/06 4:55 p.m.31 views

Intercepting Proxy for Performing Web Application Security Testing: The Pappy Proxy

Intercepting Proxy for Performing Web application security testing The Pappy P roxy A ttack P roxy P rox Y Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite . However, Burp Suite is neither open...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/08/27 3:53 a.m.31 views

Dynamic Diversification Engine: malWASH

Dynamic Diversification Engine malWASH is a dynamic diversification engine that executes an arbitrary program without being detected by dynamic analysis tools. In other words, it is a malware engine, that can make existing malware, to evade all existing behavioral and dynamic analysis detection...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/04/12 12:31 a.m.31 views

Reverse Shell Post Exploitation Tool: RSPET

RSPET Reverse Shell Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 443 Built-in File/Binary transfer both ways...

1.3AI score
Exploits0References1
n0where
n0where
added 2016/02/25 6:44 p.m.31 views

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

0.9AI score
Exploits0References8
n0where
n0where
added 2016/01/17 12:26 a.m.31 views

Cross Platform ELF Analysis: ELF Parser

ELF Parser attempts to move ELF malware analysis forward by quickly providing basic information and static analysis of the binary. The end goal of ELF Parser is to indicate to the analyst if it thinks the binary is malicious / dangerous and if so why. Load Any Executable ELF ELF Parser supports...

0.8AI score
Exploits0References1
n0where
n0where
added 2015/11/12 1:26 a.m.31 views

ICMP IP Tunnel: ICMPTunnel

icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent...

0.5AI score
Exploits0References1
n0where
n0where
added 2015/09/24 6:44 p.m.31 views

Network Security Testing: Evil Foca

Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the...

0.2AI score
Exploits0References1
n0where
n0where
added 2015/09/19 6:5 p.m.31 views

Automatically Brute Force All Services – BruteX

Automatically brute force all services Including: Open ports DNS domains Web files Web directories Usernames Passwords Dependencies: NMap Hydra Wfuzz SNMPWalk DNSDict Download: git clone https://github.com/1N3/BruteX.git Usage: ./brutex target To brute force multiple hosts, use brutex-massscan an...

0.2AI score
Exploits0References1
n0where
n0where
added 2015/06/22 10:40 p.m.31 views

Passive Intelligence Gathering: Just-Metadata

Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to...

6.9AI score
Exploits0References1
n0where
n0where
added 2015/01/19 8:36 a.m.31 views

Streisand

The Internet can be a little unfair. It’s way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough . Or is it? Introducing Streisand A single command sets up a brand new server...

0.3AI score
Exploits0References3
n0where
n0where
added 2014/04/27 3:4 p.m.31 views

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...

7.3AI score
Exploits0References2
n0where
n0where
added 2014/03/01 1:6 a.m.31 views

Basic Integer Overflows

Introduction Basic Integer Overflow : In this paper we are going to describe two classes of programming bugs which can sometimes allow a malicious user to modify the execution path of an affected process. Both of these classes of bug work by causing variables to contain unexpected values, and so...

1.6AI score
Exploits0
n0where
n0where
added 2012/12/31 3:19 p.m.31 views

Anonymous Twitter: AnonTwi

AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more. Anonymous Twitter AnonTwi supports: AES + HMAC-SHA1 encryption on...

7.3AI score
Exploits0
n0where
n0where
added 2018/08/19 1:7 a.m.30 views

Detect Evil Maid Attacks: Do Not Disturb

Physical access or “evil maid” attacks are some of the most insidious threats faced by those of us who travel with our Macs. Do Not Disturb DND is a free, open-source utility that aims to detect and alert you of such attacks! One of the best ways to compromise a computer is with physical access...

0.5AI score
Exploits0References1
n0where
n0where
added 2018/04/26 5:28 p.m.30 views

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

0.1AI score
Exploits0
n0where
n0where
added 2018/01/12 6:7 p.m.30 views

Network Infrastructure Penetration Testing: SPARTA

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/12/21 12:52 a.m.30 views

Cross-Platform Post-Exploitation HTTP/2 Command & Control Server: Merlin

Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy PFS encryption cipher suites are used. The use of these cipher suites makes it incredibly difficult to capture...

0.4AI score
Exploits0References3
Total number of security vulnerabilities1052