Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2016/10/07 2:40 p.m.28 views

CERT Basic Fuzzing Framework: BFF

CERT Basic Fuzzing Framework The CERT Basic Fuzzing Framework BFF is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. Mutational fuzzing is the act of taking well-formed...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/09/26 3:53 p.m.28 views

One Click Symbolic Execution: Ponce

Ponce pronounced ‘poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

8AI score
Exploits0References3
n0where
n0where
added 2016/07/21 5:56 p.m.28 views

SimplE RePort wrIting and COllaboration tool: Serpico

Serpico is at its core a report generation tool but targeted at creating information security reports. When building a report the user adds “findings” from the template database to the report. When there are enough findings, click ‘Generate Report’ to create the docx with your findings. The docx...

0.1AI score
Exploits0References2
n0where
n0where
added 2016/07/17 8:45 p.m.28 views

Python Steganography Tool: Matroschka

Python Steganography Tool Матрёшка mɐˈtrʲɵʂkə is a command-line steganography tool written in pure Python. You can use it to hide and encrypt images or text in the least significant bits of pixels in an image. Encryption The encryption uses HMAC-SHA256 to authenticate the hidden data. Therefore t...

7.2AI score
Exploits0References1
n0where
n0where
added 2016/06/15 3:14 a.m.28 views

ICS SCADA NSA Situational Awareness: Grassmarlin

ICS SCADA NSA Situational Awareness: Grassmarlin Provide IP network situational awareness of industrial control systems ICS and Supervisory Control and Data Acquisition SCADA networks to support network security. Passively map, and visually display, an ICS/SCADA network topology while safely...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/05/25 12:16 p.m.28 views

Remote Vulnerability Testing Framework: Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. Requirements Python 2.6...

8AI score
Exploits0References1
n0where
n0where
added 2016/05/19 2:25 p.m.28 views

Python Web Application XSS Scanner: XssPy

Python Web Application XSS Scanner XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After...

6.4AI score
Exploits0References1
n0where
n0where
added 2016/05/12 12:43 p.m.28 views

Protocol Learning and Stateful Fuzzing: Pulsar

Pulsar is a network fuzzer with automatic protocol learning and simulation capabilites. The tool allows to model a protocol through machine learning techniques, such as clustering and hidden Markov models. These models can be used to simulate communication between Pulsar and a real client or serv...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/02/26 5:17 p.m.28 views

Cross Platform DNS Recon Tool: Sonar

Sonar is a reconnaissance tool for enumerating sub domains. It was modeled after Knock and DNSRecon though explicitly not written in Python to avoid the limitations of threading and dependencies. Sonar is statically compiled meaning it has no dependencies and even dynamically builds the default...

7.2AI score
Exploits0References3
n0where
n0where
added 2016/01/14 11:18 p.m.28 views

Multi protocol Test Suite

MTS Multi protocol Test Suite is a multi protocol testing tool specially designed for telecom IP-based architectures. With MTS Multi protocol Test Suite you get the powerful tool to: Test protocols with functional and regression tests Test load endurance and stress tests Simulate all network...

0.5AI score
Exploits0
n0where
n0where
added 2016/01/04 4:4 p.m.28 views

DHCP IP exhaustion attack: DHCPwn

DHCPwn is a tool used for testing DHCP IP exhaustion attacks. It can also be used to sniff local DHCP traffic. The DHCP protocol is connectionless and implemented via UDP. These two characteristics allow this attack to be performed. Since there is no actual connection being made between the clien...

0.2AI score
Exploits0References1
n0where
n0where
added 2015/12/11 12:12 a.m.28 views

Flexible DDoS Defense: Bohatei

DDoS defense today relies on expensive and proprietary hardware appliances deployed at fixed locations. This introduces key limitations with respect to flexibility e.g., complex routing to get traffic to these “chokepoints” and elasticity in handling changing attack patterns. We observe an...

7.4AI score
Exploits0References1
n0where
n0where
added 2015/09/06 7:25 p.m.28 views

Decentralized P2P Websites: ZeroNet

Decentralized P2P websites using Bitcoin crypto and the BitTorrent network ZeroNet uses Bitcoin cryptography and BitTorrent technology to build a decentralized censorship-resistant network. Users can publish static or dynamic websites into ZeroNet and visitors can choose to also serve the website...

Exploits0References5
n0where
n0where
added 2015/06/30 6:8 p.m.28 views

Bridging OpenVPN

OpenVPN supports two very different means for interconnecting networks: routing and bridging. Routing refers to the interconnection of separate and independent “sub-networks” subnets which have non-overlapping ranges of IP addresses. Upon receiving a packet sent to it, a network “router” examines...

7AI score
Exploits0
n0where
n0where
added 2015/02/21 12:2 a.m.28 views

Open Source Log Analysis: GoAccess

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems . It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...

7.1AI score
Exploits0References1
n0where
n0where
added 2015/02/06 6:5 a.m.28 views

Extract data from pcap files: PCredz

Extract data from pcap files with PCredz This tool extracts Credit card numbers, NTLMDCE-RPC, HTTP, SQL, LDAP, etc, Kerberos AS-REQ Pre-Auth etype 23, HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. PCredz Features: Extract from a pcap file or from a live...

0.6AI score
Exploits0References1
n0where
n0where
added 2014/05/07 5:27 p.m.28 views

Run a Command on Multiple Servers: ClusterSSH

Run a Command on Multiple Servers How to run a command on multiple servers at once? If you maintain multiple Linux servers, there are cases where you want to run the same commands on all the servers. For example, you may want to install/upgrade packages, patch the kernel, and update configuration...

0.3AI score
Exploits0
n0where
n0where
added 2012/02/15 10:57 p.m.28 views

Penetration Tester Productivity Tool: MagicTree

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and yeah! report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it i...

0.4AI score
Exploits0
n0where
n0where
added 2010/07/16 3:29 p.m.28 views

Encrypted UDP based FTP: UFTP

Encrypted UDP based FTP with multicast UPDATE: Version 4 of UFTP is now available! The protocol has been heavily altered to support a number of new features : The ability to send multiple files in a single session An SSL/TLS derived encryption layer to protect your data Multicast tunneling NAT...

0.3AI score
Exploits0
n0where
n0where
added 2018/08/01 4:47 p.m.27 views

Reconnaissance and Vulnerability Scanning Tool: Raccoon

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan output...

6.9AI score
Exploits0References4
n0where
n0where
added 2018/06/20 6:8 p.m.27 views

Detailed Heap Profiler: Memoro

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

6.9AI score
Exploits0References2
n0where
n0where
added 2018/05/08 4:11 a.m.27 views

MITM RDP Connections: Seth

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...

0.4AI score
Exploits0References2
n0where
n0where
added 2018/03/12 5:0 a.m.27 views

Python Scriptable Reverse Engineering Sandbox: PyREBox

PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to...

6.6AI score
Exploits0References6
n0where
n0where
added 2018/02/07 5:41 a.m.27 views

Automating Cracking Methodologies Through Hashcat: hate_crack

A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries https://hashcat.net/hashcat/ OSX Install https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/ mkdir -p hashcat/deps git clone...

7.2AI score
Exploits0References1
n0where
n0where
added 2018/01/01 7:53 p.m.27 views

Software Defined Radio Trunked and Digital Radio Decoder: SDRtrunk

SDRtrunk is an integrated application for demodulating radio signals and decoding trunked radio network protocols and some related radio signal formats. The application does NOT require a discriminator tapped scanner and it does NOT require the use of audio piping applications like Virtual Audio...

1AI score
Exploits0References3
n0where
n0where
added 2017/11/02 3:17 p.m.27 views

PowerShell Post-Exploitation Agent: Empire

Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architectur...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/10/28 6:58 p.m.27 views

Onion Routed Cloud: ORC

Onion Routed Cloud is a decentralized, anonymous, object storage platform owned and operated by allies in defense of human rights and opposition to censorship. ORC is a volunteer run cloud storage network that protects users from surveillance and puts them in control of their data. Use cases: For...

Exploits0References5
n0where
n0where
added 2017/10/28 4:52 a.m.27 views

Security Focused Desktop Operating System: Qubes OS

Qubes OS is a security-oriented operating system OS. The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software FOSS. This means that everyone is free to use, copy,...

0.2AI score
Exploits0
n0where
n0where
added 2017/08/08 6:30 p.m.27 views

Simplify the management of ip(6)tables based firewalls: fwgen

fwgen is a small framework to simplify the management of ip6tables based firewalls, that also integrates ipset support and zones in a non-restrictive way. It is not an abstraction layer of the iptables syntax, so you still need to understand how to write iptables rules and how packets are process...

7.4AI score
Exploits0References1
n0where
n0where
added 2017/07/03 4:49 p.m.27 views

Interactive Security Reference Tool: BroSec

Interactive Security Reference Tool An interactive reference tool to help security professionals utilize useful payloads and commands Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often...

7.3AI score
Exploits0References5
n0where
n0where
added 2017/06/19 5:37 a.m.27 views

Full-Fledged Phishing Framework: FirePhish

FirePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification...

7AI score
Exploits0References3
n0where
n0where
added 2017/03/02 8:24 p.m.27 views

Fully Featured Backdoor – Telegram C&C: BrainDamage

A python based backdoor which uses Telegram as C&C server. Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree...

0.1AI score
Exploits0References2
n0where
n0where
added 2017/01/24 8:5 a.m.27 views

Weapon of Mass Destruction: WMD

Weapon of Mass Destruction This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command “use modulecall”, e.g. “use apsniff...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/12/17 5:23 a.m.27 views

Remote msfconsole: msf-remote-console

Remote msfconsole A remote msfconsole written in Python 2.7 to connect to the msfrcpd server of metasploit. This tool gives you the ability to load modules permanently as daemon on your server like autopwn2. Although it gives you the ability to remotely use the msfrpcd server it is recommended to...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/11/21 4:28 a.m.27 views

Server Side Bruteforce Module: brut3k1t

Server Side Bruteforce Module brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and servic...

7.7AI score
Exploits0References1
n0where
n0where
added 2016/10/28 12:17 a.m.27 views

ARP Poison Attack Script: Creak

ARP Poison Attack Script Deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language. Installation $ git clone...

0.2AI score
Exploits0References1
n0where
n0where
added 2016/09/19 7:27 p.m.27 views

Data Exfiltration Toolkit: DET

Data Exfiltration Toolkit DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data. The id...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/08/16 4:34 p.m.27 views

A Modular Recon Tool: RECON

Low Hanging Fruit: a Modular Recon Tool for Penetration Testing Reconnaissance is the absolute most important step in a penetration test. A good recon of the target could net you some vital information and low hanging fruit. Thus RECON was created. A set and forget type of recon scanner. No need ...

0.2AI score
Exploits0References1
n0where
n0where
added 2016/07/16 8:19 p.m.27 views

Swiss Army Knife for Mac OS X: m-cli

Swiss Army Knife for Mac OS X m-cli differs from other mac command line tools in that: Its main purpose is to manage administrative tasks and do it easier It doesn’t install 3rd party tools because it doesn’t have dependencies The installation is very easy and doesn’t require intervention It only...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/04/19 3:57 p.m.27 views

Lightweight Lumberjack Log Indexer: LogZoom

LogZoom is a lightweight, Lumberjack-compliant log indexer based off the fine work of Hailo’s Logslam . It accepts the Lumberjack v2 protocol, which is currently supported by Elastic’s Filebeat . It was written with the intention of being a smaller, efficient, and more reliable replacement for...

7.1AI score
Exploits0References5
n0where
n0where
added 2015/09/14 2:30 a.m.27 views

Powershell Netcat: PowerCat

powercat is a powershell function. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts. What’s netcat anyway ? netcat often abbreviated to nc is a computer...

0.9AI score
Exploits0References2
n0where
n0where
added 2015/07/22 2:51 a.m.27 views

Msfvenom Payload Creator: MPC

Msfvenom Payload Creator MPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MPC itself...

0.1AI score
Exploits0References1
n0where
n0where
added 2015/05/11 2:59 p.m.27 views

Extract Metadata From Files: ImageCat

Extract Metadata From Files This is an OODT RADIX application that uses Apache Solr , Apache Tika and Apache OODT to ingest 10s of millions of files images,but could be extended to other files in place, and to extract metadata and OCR information from those files/images using Tika and Tesseract O...

6.9AI score
Exploits0References5
n0where
n0where
added 2015/04/13 2:20 p.m.27 views

IPv6 toolkit

A security assessment and troubleshooting tool for the IPv6 protocols The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shoting tools, that can send arbitrary IPv6-based packets. IPv6 toolkit: List of Tools addr6: An IPv6 address analysis and manipulation tool. flow6: A tool to...

0.3AI score
Exploits0References2
n0where
n0where
added 2015/03/16 6:47 p.m.27 views

Fast Incident Response: FIR

FIR Fast Incident Response is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents. FIR is for anyone needing to track cybersecurity incidents CSIRTs, CERTs, SOCs, etc.. It’s was...

0.1AI score
Exploits0References2
n0where
n0where
added 2014/12/18 5:4 p.m.27 views

CONPOT ICS SCADA Honeypot

CONPOT ICS SCADA Honeypot Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex...

0.8AI score
Exploits0References1
n0where
n0where
added 2012/12/06 6:40 p.m.27 views

Reverse engineering, Malware and Goodware analysis of Android applications: Androguard

Androguard is a full python tool to play with Android files. DEX, ODEX APK Android’s binary xml Android resources Disassemble DEX/ODEX bytecodes Decompiler for DEX/ODEX files You can either use the cli or graphical frontend for androguard, or use androguard purely as a library for your own tools...

7.5AI score
Exploits0References1
n0where
n0where
added 2012/08/08 7:53 p.m.27 views

Wireless Security Auditing: Fern Wifi Cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library , the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks Fer...

0.4AI score
Exploits0
n0where
n0where
added 2018/08/21 4:25 p.m.26 views

Backdooring and Breaking Signatures: SMBetray

In SMB connections, the security mechanisms protecting the integrity of the data passed between the server and the client are SMB signing and encryption. The signatures in on SMB packets when SMB signing is used are based on keys derived from information sent over the net in cleartext during the...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/04/20 4:18 a.m.26 views

An Intelligent Network Security Scanner: Red Team Arsenal

Red Team Arsenal is a web/network security scanner which has the capability to scan all company’s online facing assets and provide an holistic security view of any security anomalies. It’s a closely linked collections of security engines to conduct/simulate attacks and monitor public facing asset...

Exploits0References1
Total number of security vulnerabilities1052