Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/11/23 8:25 p.m.30 views

Web Privacy Measurement Framework: OpenWPM

Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although...

7.5AI score
Exploits0References2
n0where
n0where
added 2017/10/02 4:49 a.m.30 views

UEFI Firmware Parser

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

7.5AI score
Exploits0References1
n0where
n0where
added 2017/10/02 3:49 a.m.30 views

Java RMI Enumeration & Attack Tool: BaRMIe

BaRMIe is a tool for enumerating and attacking Java RMI Remote Method Invocation services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/06/26 3:55 a.m.30 views

Windows NSA Information Assurance: Locklevel

Windows NSA Information Assurance LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies . This prototype is being shared to encourage industry adoption of these...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/06/19 5:53 p.m.30 views

ARP Firewall: SCUTUM

SCUTUM is an ARP firewall that prevents your computer from being arp spoofed. Scutum controls “arptables” in your computer so it accepts ARP packets only from the gateway. This way, people with malicious intentions cannot spoof your arp table. Scutum also prevents other people from detecting your...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/06/15 5:14 a.m.30 views

Open Source Full Featured Network Operating System: OpenSwitch

Open Source Full Featured Network Operating System OpenSwitch provides a fully-featured L2/L3 control plane stack, traditional and programmatic, declarative control plane. The 24×7 nature of global digital economy and the explosion of data have changed how we think about data center networking...

7.5AI score
Exploits0References4
n0where
n0where
added 2017/05/11 3:59 a.m.30 views

Phishing Kit Hunter

Phishing Kit Hunter PhishingKitHunter or PKHunter is a tool made for identifying phishing kits URLs used in phishing campaigns targeting your customers and using some of your own website files as CSS, JS, …. This tool – write in Python 3 – is based on the analysis of referer’s URL which GET...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/05/06 4:15 a.m.30 views

Windows Penetration Testing Tool: RedSnarf

Windows Penetration Testing Tool RedSnarf is a pen-testing / red-teaming tool by Ed William and Richard Davy for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf aims to do the following: Leave no evidence on the hos...

0.4AI score
Exploits0References3
n0where
n0where
added 2017/02/16 6:27 a.m.30 views

Password Cracking Web Front-End: Hashview

Password Cracking Web Front-End Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tas...

7.5AI score
Exploits0References3
n0where
n0where
added 2017/02/07 5:29 a.m.30 views

The Social-Engineer Toolkit (SET)

The Social-Engineer Toolkit SET is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET is written by David Kennedy ReL1K and with a lot of help from the community it has incorporated attacks neve...

7.3AI score
Exploits0References2
n0where
n0where
added 2017/01/30 5:13 a.m.30 views

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

8.2AI score
Exploits0References1
n0where
n0where
added 2016/08/09 4:0 p.m.30 views

Bluetooth Smart MITM Framework: BtleJuice

Bluetooth Smart MITM Framework BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/04/22 10:53 a.m.30 views

Analyzing TLS Libraries: TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow...

1.4AI score
Exploits0References2
n0where
n0where
added 2016/04/16 11:57 p.m.30 views

Versatile HTTP load testing: vegeta

Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. Vegeta can be used both as a command line utility and a library. Install Pre-compiled executables Get them here . Homebrew on Mac OS X You can install Vegeta using the Homebrew...

0.6AI score
Exploits0References4
n0where
n0where
added 2015/02/11 4:48 p.m.30 views

Backdoor Framework

A little server framework for writing back doors Backdoor Framework Definitions: Backdoor: A backdoor is deliberate functionality that bypasses official publicly-documented authorization methods for that software and is intended by the author to be known to a limited audience. Protected Resource:...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/09/04 12:44 a.m.29 views

PacketWhisper Exfiltration Toolset

PacketWhisper – Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type e.g. executables, Office...

0.2AI score
Exploits0References3
n0where
n0where
added 2018/08/01 5:15 p.m.29 views

Lightning Fast Web Crawler: Photon

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive data extraction is just another day for Photon! Main Features Data Extraction Photon extracts the following data while crawling by default: URLs in-scope &...

7AI score
Exploits0References7
n0where
n0where
added 2018/06/25 4:13 p.m.29 views

DNS Rebinding Attack: DNS Rebind Toolkit

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network LAN. It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, “smart” thermostats, and other IoT devices. Wi...

0.2AI score
Exploits0References7
n0where
n0where
added 2018/05/24 6:22 p.m.29 views

SQL Injection Discovery Tool: SleuthQL

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers into each parameter where the SQL-esque variables were identified. SleuthQL aims to augment an assessor’s ability to discover SQL injection...

0.5AI score
Exploits0References1
n0where
n0where
added 2018/01/12 7:36 p.m.29 views

Compromising IPv4 Networks via IPv6: mitm6

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/10/02 5:2 a.m.29 views

New and Improved Version of airpwn: airpwn-ng

Features Inject to all visible clients a.k.a Broadcast Mode Inject on both open networks and WEP/WPA protected networks Targeted injection with -t MAC:ADDRESS MAC:ADDRESS Gather all visible cookies Broadcast Mode Gather cookies for specific websites –websites websiteslist.txt In this scenario,...

Exploits0References2
n0where
n0where
added 2017/09/06 3:59 a.m.29 views

Remotely Dump Linux RAM: LiMEaide

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

0.1AI score
Exploits0References4
n0where
n0where
added 2017/08/30 4:21 a.m.29 views

Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...

6.5AI score
Exploits0References1
n0where
n0where
added 2017/08/08 8:35 p.m.29 views

Advanced Discovery of Privileged Accounts: ACLight

ACLight is a tool for discovering privileged accounts through advanced ACLs Access Lists analysis. It includes the discovery of Shadow Admins in the scanned network. The tool queries the Active Directory AD for its objects’ ACLs and then filters and analyzes the sensitive permissions of each one...

2.3AI score
Exploits0References1
n0where
n0where
added 2017/03/30 3:14 p.m.29 views

Web Application Vulnerability Testing: ZAProxy

Web Application Vulnerability Testing The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are...

0.3AI score
Exploits0References37
n0where
n0where
added 2017/02/14 5:45 a.m.29 views

Detects Clickbait Headlines Using Deep Learning: Clickbait Detector

Detects Clickbait Headlines Using Deep Learning People continually fall for clickbait and as Wired in it’s article mentioned Whether you think clickbait is on the rise, obscurant and self-negating, not such a big deal, or the root of all evil, one thing is clear about it: It’s increasingly hard t...

7.2AI score
Exploits0References3
n0where
n0where
added 2017/02/02 7:57 p.m.29 views

Q&A: Web Application Security Scanning with Netsparker

Q&A with Huseyin Tufekcilerli, the lead developer of Netsparker Desktop web application security scanner More than 70% of all cyber breaches involve web applications, and almost 90% organizations believe their application security programs need to be improved. Web application security has risen t...

7.5AI score
Exploits0
n0where
n0where
added 2016/12/24 6:28 a.m.29 views

Portable Malware Analysis Sandbox: Noriben

Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...

7.6AI score
Exploits0References1
n0where
n0where
added 2016/12/08 1:57 a.m.29 views

Open Source Privacy Enhancing iOS Web Browser: Onion Browser

Open Source Privacy Enhancing iOS Web Browser Onion Browser is a free web browser for iPhone and iPad that encrypts and tunnels web traffic through the Tor network , with extra features to help you browse the internet privately. Features & Benefits Internet access is tunneled through the Tor...

7.2AI score
Exploits0References3
n0where
n0where
added 2016/09/26 3:53 p.m.29 views

One Click Symbolic Execution: Ponce

Ponce pronounced ‘poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

8AI score
Exploits0References3
n0where
n0where
added 2016/09/08 2:56 a.m.29 views

RunPE Extraction Tool: FridaExtract

FridaExtract is a Frida.re based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : NOTE: Frida now also supports extraction of injected PE files using the...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/07/27 12:17 a.m.29 views

Multi Gigabit Packet Capturing: PFQ

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission 10G and beyond, in-kernel functional processing and packets steering across sockets/end-points. PFQ is highly optimized for multi-core architecture, as well as for...

0.5AI score
Exploits0References3
n0where
n0where
added 2016/07/10 2:7 a.m.29 views

Fast Subdomains Enumeration Tool: Sublist3r

Fast Subdomains Enumeration Tool Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/06/15 7:46 a.m.29 views

Automated Penetration Testing Toolkit: APT2

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/06/15 3:14 a.m.29 views

ICS SCADA NSA Situational Awareness: Grassmarlin

ICS SCADA NSA Situational Awareness: Grassmarlin Provide IP network situational awareness of industrial control systems ICS and Supervisory Control and Data Acquisition SCADA networks to support network security. Passively map, and visually display, an ICS/SCADA network topology while safely...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/06/14 2:32 p.m.29 views

Create TCP UDP Connections Over Audio Channel: Quiet-lwip

Quiet-lwip is a binding for libquiet to lwip . This binding can be used to create TCP and UDP connections over an audio channel. This channel may be speaker-to-mic “over the air” or through a wired connection. This binding provides an abstract version which emits and consumes floating point sampl...

0.1AI score
Exploits0References3
n0where
n0where
added 2016/05/26 11:52 a.m.29 views

Usable Privacy Box: UpriBox

The upribox software is used to create Raspberry Pi images to turn your Raspberry Pi into a privacy-enhancing Wireless router. See the official Raspberry Pi documentation for pointers on how to install the upribox image on the SD card. Upon the first boot the SSH/VPN keys are automatically...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/04/12 12:36 p.m.29 views

Onion Services Security Scan: OnionScan

OnionScan is a free and open source tool for investigating the Dark Web. For all the amazing technological innovations in the anonymity and privacy space, there is always a constant threat that has no effective technological patch – human error. Whether it is operational security leaks or softwar...

6.9AI score
Exploits0References1
n0where
n0where
added 2016/02/21 8:10 p.m.29 views

Self Hosted Git Service: Gogs

Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ALL...

7.6AI score
Exploits0References4
n0where
n0where
added 2016/01/13 3:23 a.m.29 views

Network Security Policy Compiler: Netspoc

Netspoc is free software to manage all the packet filter devices inside your network topology. Filter rules for each device are generated from one central ruleset, using a description of your network topology. Netspoc generates ACLs and static routes for a given network policy, consisting of a se...

7AI score
Exploits0References2
n0where
n0where
added 2015/09/01 4:18 p.m.29 views

Rogue Wi-Fi Access Point: 3vilTwinAttacker

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic 3vilTwinAttacker is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snoopi...

0.4AI score
Exploits0References1
n0where
n0where
added 2014/12/18 5:4 p.m.29 views

CONPOT ICS SCADA Honeypot

CONPOT ICS SCADA Honeypot Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex...

0.8AI score
Exploits0References1
n0where
n0where
added 2014/05/07 5:27 p.m.29 views

Run a Command on Multiple Servers: ClusterSSH

Run a Command on Multiple Servers How to run a command on multiple servers at once? If you maintain multiple Linux servers, there are cases where you want to run the same commands on all the servers. For example, you may want to install/upgrade packages, patch the kernel, and update configuration...

0.3AI score
Exploits0
n0where
n0where
added 2018/06/20 6:8 p.m.28 views

Detailed Heap Profiler: Memoro

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

6.9AI score
Exploits0References2
n0where
n0where
added 2018/05/02 9:37 p.m.28 views

Command and Control via Legitimate Behavior over HTTP: TrevorC2

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 – the client and the server. The client can be...

Exploits0References1
n0where
n0where
added 2018/04/08 6:35 p.m.28 views

Block All Domains That Serve Ads, Tracking Scripts and Malware: hBlock

Improve your security and privacy by blocking ads, tracking and malware domains. This POSIX-compliant shell script, designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple reputable sources and creates a hosts file that prevents your syste...

7.5AI score
Exploits0References39
n0where
n0where
added 2018/02/03 8:5 p.m.28 views

Ultimate Phishing Tool with Ngrok Integrated: SocialFish

Available Pages + Facebook: Traditional Facebook login page. Advanced login with Facebook. + Google: Traditional Google login page. Advanced login with Facebook. + LinkedIN: Traditional LinkedIN login page. + Github: Traditional Github login page. + Stackoverflow: Traditional Stackoverflow...

2.6AI score
Exploits0References1
n0where
n0where
added 2017/12/04 2:58 a.m.28 views

WebSocket C2 Communication Channel: WSC2

WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server. WSC2 is composed of: a controller, written in Python, which acts as the C2 server an agent running on...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/11/02 4:50 p.m.28 views

Phishing Framework with 2FA Token Support: CredSniper

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token. Benefits Fully supporte...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/09/12 4:57 a.m.28 views

SIP Based Audit and Attack Tool: Mr. SIP

Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has bee...

0.3AI score
Exploits0References1
Total number of security vulnerabilities1052