Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/01/30 5:13 a.m.30 views

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

8.2AI score
Exploits0References1
n0where
n0where
added 2016/09/06 4:55 p.m.30 views

Intercepting Proxy for Performing Web Application Security Testing: The Pappy Proxy

Intercepting Proxy for Performing Web application security testing The Pappy P roxy A ttack P roxy P rox Y Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite . However, Burp Suite is neither open...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/08/09 4:0 p.m.30 views

Bluetooth Smart MITM Framework: BtleJuice

Bluetooth Smart MITM Framework BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/04/22 10:53 a.m.30 views

Analyzing TLS Libraries: TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow...

1.4AI score
Exploits0References2
n0where
n0where
added 2016/04/12 12:31 a.m.30 views

Reverse Shell Post Exploitation Tool: RSPET

RSPET Reverse Shell Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 443 Built-in File/Binary transfer both ways...

1.3AI score
Exploits0References1
n0where
n0where
added 2015/11/12 1:26 a.m.30 views

ICMP IP Tunnel: ICMPTunnel

icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent...

0.5AI score
Exploits0References1
n0where
n0where
added 2015/09/19 6:5 p.m.30 views

Automatically Brute Force All Services – BruteX

Automatically brute force all services Including: Open ports DNS domains Web files Web directories Usernames Passwords Dependencies: NMap Hydra Wfuzz SNMPWalk DNSDict Download: git clone https://github.com/1N3/BruteX.git Usage: ./brutex target To brute force multiple hosts, use brutex-massscan an...

0.2AI score
Exploits0References1
n0where
n0where
added 2015/06/22 10:40 p.m.30 views

Passive Intelligence Gathering: Just-Metadata

Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to...

6.9AI score
Exploits0References1
n0where
n0where
added 2015/02/11 4:48 p.m.30 views

Backdoor Framework

A little server framework for writing back doors Backdoor Framework Definitions: Backdoor: A backdoor is deliberate functionality that bypasses official publicly-documented authorization methods for that software and is intended by the author to be known to a limited audience. Protected Resource:...

0.3AI score
Exploits0References1
n0where
n0where
added 2014/04/27 3:4 p.m.30 views

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...

7.3AI score
Exploits0References2
n0where
n0where
added 2014/03/01 1:6 a.m.30 views

Basic Integer Overflows

Introduction Basic Integer Overflow : In this paper we are going to describe two classes of programming bugs which can sometimes allow a malicious user to modify the execution path of an affected process. Both of these classes of bug work by causing variables to contain unexpected values, and so...

1.6AI score
Exploits0
n0where
n0where
added 2018/08/01 5:15 p.m.29 views

Lightning Fast Web Crawler: Photon

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive data extraction is just another day for Photon! Main Features Data Extraction Photon extracts the following data while crawling by default: URLs in-scope &...

7AI score
Exploits0References7
n0where
n0where
added 2018/06/25 4:13 p.m.29 views

DNS Rebinding Attack: DNS Rebind Toolkit

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network LAN. It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, “smart” thermostats, and other IoT devices. Wi...

0.2AI score
Exploits0References7
n0where
n0where
added 2018/05/24 6:22 p.m.29 views

SQL Injection Discovery Tool: SleuthQL

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers into each parameter where the SQL-esque variables were identified. SleuthQL aims to augment an assessor’s ability to discover SQL injection...

0.5AI score
Exploits0References1
n0where
n0where
added 2018/01/12 7:36 p.m.29 views

Compromising IPv4 Networks via IPv6: mitm6

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/10/02 5:2 a.m.29 views

New and Improved Version of airpwn: airpwn-ng

Features Inject to all visible clients a.k.a Broadcast Mode Inject on both open networks and WEP/WPA protected networks Targeted injection with -t MAC:ADDRESS MAC:ADDRESS Gather all visible cookies Broadcast Mode Gather cookies for specific websites –websites websiteslist.txt In this scenario,...

Exploits0References2
n0where
n0where
added 2017/09/06 3:59 a.m.29 views

Remotely Dump Linux RAM: LiMEaide

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

0.1AI score
Exploits0References4
n0where
n0where
added 2017/08/30 4:21 a.m.29 views

Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...

6.5AI score
Exploits0References1
n0where
n0where
added 2017/08/08 8:35 p.m.29 views

Advanced Discovery of Privileged Accounts: ACLight

ACLight is a tool for discovering privileged accounts through advanced ACLs Access Lists analysis. It includes the discovery of Shadow Admins in the scanned network. The tool queries the Active Directory AD for its objects’ ACLs and then filters and analyzes the sensitive permissions of each one...

2.3AI score
Exploits0References1
n0where
n0where
added 2017/06/26 3:55 a.m.29 views

Windows NSA Information Assurance: Locklevel

Windows NSA Information Assurance LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies . This prototype is being shared to encourage industry adoption of these...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/06/15 5:14 a.m.29 views

Open Source Full Featured Network Operating System: OpenSwitch

Open Source Full Featured Network Operating System OpenSwitch provides a fully-featured L2/L3 control plane stack, traditional and programmatic, declarative control plane. The 24×7 nature of global digital economy and the explosion of data have changed how we think about data center networking...

7.5AI score
Exploits0References4
n0where
n0where
added 2017/03/30 3:14 p.m.29 views

Web Application Vulnerability Testing: ZAProxy

Web Application Vulnerability Testing The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are...

0.3AI score
Exploits0References37
n0where
n0where
added 2017/02/02 7:57 p.m.29 views

Q&A: Web Application Security Scanning with Netsparker

Q&A with Huseyin Tufekcilerli, the lead developer of Netsparker Desktop web application security scanner More than 70% of all cyber breaches involve web applications, and almost 90% organizations believe their application security programs need to be improved. Web application security has risen t...

7.5AI score
Exploits0
n0where
n0where
added 2016/09/08 2:56 a.m.29 views

RunPE Extraction Tool: FridaExtract

FridaExtract is a Frida.re based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : NOTE: Frida now also supports extraction of injected PE files using the...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/07/27 12:17 a.m.29 views

Multi Gigabit Packet Capturing: PFQ

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission 10G and beyond, in-kernel functional processing and packets steering across sockets/end-points. PFQ is highly optimized for multi-core architecture, as well as for...

0.5AI score
Exploits0References3
n0where
n0where
added 2016/07/10 2:7 a.m.29 views

Fast Subdomains Enumeration Tool: Sublist3r

Fast Subdomains Enumeration Tool Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/06/15 7:46 a.m.29 views

Automated Penetration Testing Toolkit: APT2

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/06/14 2:32 p.m.29 views

Create TCP UDP Connections Over Audio Channel: Quiet-lwip

Quiet-lwip is a binding for libquiet to lwip . This binding can be used to create TCP and UDP connections over an audio channel. This channel may be speaker-to-mic “over the air” or through a wired connection. This binding provides an abstract version which emits and consumes floating point sampl...

0.1AI score
Exploits0References3
n0where
n0where
added 2016/05/26 11:52 a.m.29 views

Usable Privacy Box: UpriBox

The upribox software is used to create Raspberry Pi images to turn your Raspberry Pi into a privacy-enhancing Wireless router. See the official Raspberry Pi documentation for pointers on how to install the upribox image on the SD card. Upon the first boot the SSH/VPN keys are automatically...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/04/16 11:57 p.m.29 views

Versatile HTTP load testing: vegeta

Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. Vegeta can be used both as a command line utility and a library. Install Pre-compiled executables Get them here . Homebrew on Mac OS X You can install Vegeta using the Homebrew...

0.6AI score
Exploits0References4
n0where
n0where
added 2016/04/12 12:36 p.m.29 views

Onion Services Security Scan: OnionScan

OnionScan is a free and open source tool for investigating the Dark Web. For all the amazing technological innovations in the anonymity and privacy space, there is always a constant threat that has no effective technological patch – human error. Whether it is operational security leaks or softwar...

6.9AI score
Exploits0References1
n0where
n0where
added 2016/02/21 8:10 p.m.29 views

Self Hosted Git Service: Gogs

Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ALL...

7.6AI score
Exploits0References4
n0where
n0where
added 2016/01/13 3:23 a.m.29 views

Network Security Policy Compiler: Netspoc

Netspoc is free software to manage all the packet filter devices inside your network topology. Filter rules for each device are generated from one central ruleset, using a description of your network topology. Netspoc generates ACLs and static routes for a given network policy, consisting of a se...

7AI score
Exploits0References2
n0where
n0where
added 2018/09/04 12:44 a.m.28 views

PacketWhisper Exfiltration Toolset

PacketWhisper – Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type e.g. executables, Office...

0.2AI score
Exploits0References3
n0where
n0where
added 2018/05/02 9:37 p.m.28 views

Command and Control via Legitimate Behavior over HTTP: TrevorC2

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 – the client and the server. The client can be...

Exploits0References1
n0where
n0where
added 2018/04/08 6:35 p.m.28 views

Block All Domains That Serve Ads, Tracking Scripts and Malware: hBlock

Improve your security and privacy by blocking ads, tracking and malware domains. This POSIX-compliant shell script, designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple reputable sources and creates a hosts file that prevents your syste...

7.5AI score
Exploits0References39
n0where
n0where
added 2018/02/03 8:5 p.m.28 views

Ultimate Phishing Tool with Ngrok Integrated: SocialFish

Available Pages + Facebook: Traditional Facebook login page. Advanced login with Facebook. + Google: Traditional Google login page. Advanced login with Facebook. + LinkedIN: Traditional LinkedIN login page. + Github: Traditional Github login page. + Stackoverflow: Traditional Stackoverflow...

2.6AI score
Exploits0References1
n0where
n0where
added 2017/12/04 2:58 a.m.28 views

WebSocket C2 Communication Channel: WSC2

WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server. WSC2 is composed of: a controller, written in Python, which acts as the C2 server an agent running on...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/11/02 4:50 p.m.28 views

Phishing Framework with 2FA Token Support: CredSniper

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token. Benefits Fully supporte...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/09/12 4:57 a.m.28 views

SIP Based Audit and Attack Tool: Mr. SIP

Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has bee...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/08/06 6:21 p.m.28 views

Decentralized Peer to Peer File Sharing: iWant

A command-line tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easy discovery of files : As easy as searching for something in Google. File download from...

1AI score
Exploits0References2
n0where
n0where
added 2017/03/20 8:12 a.m.28 views

Distributed Security Alerting: Securitybot

Distributed Security Alerting Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber’s blog post . Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more...

7.6AI score
Exploits0References1
n0where
n0where
added 2017/03/09 6:12 a.m.28 views

Windows PE Binary Static Analysis Tool : BinSkim

Windows PE Binary Static Analysis Tool BinSkim is a binary static analysis tool that scans Windows Portable Executable PE files for security and correctness. Among the verifications performed by BinSkim are validations that the PE file has opted into all of the binary mitigations offered by the...

Exploits0References2
n0where
n0where
added 2017/02/16 6:27 a.m.28 views

Password Cracking Web Front-End: Hashview

Password Cracking Web Front-End Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tas...

7.5AI score
Exploits0References3
n0where
n0where
added 2017/02/14 5:45 a.m.28 views

Detects Clickbait Headlines Using Deep Learning: Clickbait Detector

Detects Clickbait Headlines Using Deep Learning People continually fall for clickbait and as Wired in it’s article mentioned Whether you think clickbait is on the rise, obscurant and self-negating, not such a big deal, or the root of all evil, one thing is clear about it: It’s increasingly hard t...

7.2AI score
Exploits0References3
n0where
n0where
added 2017/01/02 6:4 a.m.28 views

Securing DNS Communication: dnscrypt-proxy

dnscrypt-proxy is a flexible DNS proxy. It runs on your computer or router, and can locally block unwanted content, reveal where your devices are silently sending data to, make applications feel faster by caching DNS responses, and improve security and confidentiality by communicating to upstream...

2.9AI score
Exploits0References3
n0where
n0where
added 2016/12/24 6:28 a.m.28 views

Portable Malware Analysis Sandbox: Noriben

Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...

7.6AI score
Exploits0References1
n0where
n0where
added 2016/12/08 1:57 a.m.28 views

Open Source Privacy Enhancing iOS Web Browser: Onion Browser

Open Source Privacy Enhancing iOS Web Browser Onion Browser is a free web browser for iPhone and iPad that encrypts and tunnels web traffic through the Tor network , with extra features to help you browse the internet privately. Features & Benefits Internet access is tunneled through the Tor...

7.2AI score
Exploits0References3
n0where
n0where
added 2016/10/07 2:40 p.m.28 views

CERT Basic Fuzzing Framework: BFF

CERT Basic Fuzzing Framework The CERT Basic Fuzzing Framework BFF is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. Mutational fuzzing is the act of taking well-formed...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/07/21 5:56 p.m.28 views

SimplE RePort wrIting and COllaboration tool: Serpico

Serpico is at its core a report generation tool but targeted at creating information security reports. When building a report the user adds “findings” from the template database to the report. When there are enough findings, click ‘Generate Report’ to create the docx with your findings. The docx...

0.1AI score
Exploits0References2
Total number of security vulnerabilities1052