Lucene search
+L
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/08/25 5:21 p.m.27 views

Web-based OSINT and Active Reconnaissance Suite: D0xk1t

Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source , self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers. Based off of the prior command-line script, D0xk1t is now fully capable of...

6.8AI score
Exploits0References1
n0where
n0where
added 2017/08/08 6:30 p.m.27 views

Simplify the management of ip(6)tables based firewalls: fwgen

fwgen is a small framework to simplify the management of ip6tables based firewalls, that also integrates ipset support and zones in a non-restrictive way. It is not an abstraction layer of the iptables syntax, so you still need to understand how to write iptables rules and how packets are process...

7.4AI score
Exploits0References1
n0where
n0where
added 2017/06/19 5:37 a.m.27 views

Full-Fledged Phishing Framework: FirePhish

FirePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification...

7AI score
Exploits0References3
n0where
n0where
added 2016/12/07 5:52 a.m.27 views

Powerful Extensible Wireless Drop Box: Pina Colada

Powerful Extensible Wireless Drop Box Pina Colada, a powerful and extensible wireless drop box, capable of performing a wide range of remote offensive attacks on a network. It can currently be controlled only via a command line interface, but a Command and Control remote server functionality is...

0.3AI score
Exploits0References2
n0where
n0where
added 2016/11/21 4:28 a.m.27 views

Server Side Bruteforce Module: brut3k1t

Server Side Bruteforce Module brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and servic...

7.7AI score
Exploits0References1
n0where
n0where
added 2016/09/19 7:27 p.m.27 views

Data Exfiltration Toolkit: DET

Data Exfiltration Toolkit DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data. The id...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/09/09 4:12 p.m.27 views

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/07/16 8:19 p.m.27 views

Swiss Army Knife for Mac OS X: m-cli

Swiss Army Knife for Mac OS X m-cli differs from other mac command line tools in that: Its main purpose is to manage administrative tasks and do it easier It doesn’t install 3rd party tools because it doesn’t have dependencies The installation is very easy and doesn’t require intervention It only...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/10/28 10:27 p.m.27 views

TrustedSec Attack Platform: TAP

TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remo...

7.6AI score
Exploits0References1
n0where
n0where
added 2015/09/22 4:13 a.m.27 views

Linux Memory Scanner: scanmem

Linux Memory Scanner scanmem is a debugging utility designed to isolate the address of an arbitrary variable in an executing process. scanmem simply needs to be told the pid of the process, and the value of the variable at several different times. After several scans of the process, scanmem...

1.3AI score
Exploits0References1
n0where
n0where
added 2015/05/08 2:41 p.m.27 views

focused Web Crawler: ACHE

ACHE is a focused Web crawler that can be customized to search for pages the belong to a given topic or have a given property. To configure ACHE, you need to: define a topic of interest e.g., Ebola, terrorism, cooking recipes; create a model to detect Web pages that belong to this topic; and...

0.8AI score
Exploits0References2
n0where
n0where
added 2015/03/16 6:47 p.m.27 views

Fast Incident Response: FIR

FIR Fast Incident Response is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents. FIR is for anyone needing to track cybersecurity incidents CSIRTs, CERTs, SOCs, etc.. It’s was...

0.1AI score
Exploits0References2
n0where
n0where
added 2013/07/28 7:3 p.m.27 views

Anonymous Offline File-Sharing and Communications System: PirateBox

PirateBox creates offline wireless networks designed for anonymous file sharing, chatting, message boarding, and media streaming. You can think of it as your very own portable offline Internet in a box! When users join the PirateBox wireless network and open a web browser, they are automatically...

0.6AI score
Exploits0
n0where
n0where
added 2012/09/26 10:31 p.m.27 views

Portable Multi-boot Security Suite: Katana

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware...

0.6AI score
Exploits0
n0where
n0where
added 2018/08/21 4:25 p.m.26 views

Backdooring and Breaking Signatures: SMBetray

In SMB connections, the security mechanisms protecting the integrity of the data passed between the server and the client are SMB signing and encryption. The signatures in on SMB packets when SMB signing is used are based on keys derived from information sent over the net in cleartext during the...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/08/01 5:21 p.m.26 views

Build Your Own Botnet: BYOB

BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability ...

0.4AI score
Exploits0References1
n0where
n0where
added 2018/06/18 8:11 p.m.26 views

Lightweight and Practical Kernel Protector for x86: Shadow-Box

Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor...

Exploits0References1
n0where
n0where
added 2018/05/24 6:52 p.m.26 views

Windows Packer Project for Defenders: DARKSURGEON

Darksurgeon is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. Darksurgeon has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

Exploits0References1
n0where
n0where
added 2018/04/20 4:18 a.m.26 views

An Intelligent Network Security Scanner: Red Team Arsenal

Red Team Arsenal is a web/network security scanner which has the capability to scan all company’s online facing assets and provide an holistic security view of any security anomalies. It’s a closely linked collections of security engines to conduct/simulate attacks and monitor public facing asset...

Exploits0References1
n0where
n0where
added 2017/09/20 5:48 a.m.26 views

Python Network Hacking Toolkit: Habu

These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Much of the functions are really basic like get our public IP address, but are really useful in some cases. Installation To install Habu, simply: $ pip install habu Dependencies Habu requires: Click...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/08/07 10:20 p.m.26 views

PowerShell Obfuscation Detection Framework: Revoke-Obfuscation

Revoke-Obfuscation is an open-source PowerShell v3.0+ framework for detecting obfuscated PowerShell commands and scripts at scale. It relies on PowerShell’s AST Abstract Syntax Tree to rapidly extract thousands of features from any input PowerShell script and compare this feature vector against o...

7.4AI score
Exploits0References3
n0where
n0where
added 2017/07/03 4:49 p.m.26 views

Advanced Stealthy Dropper: Dr0p1t Framework

Advanced Stealthy Dropper In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks. Features + Generated executable properties: The executable size is smaller compared to other...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/06/22 6:52 a.m.26 views

Automatically Exercise BloodHound Attack Plan: GoFetch

GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application. GoFetch first loads a path of local admin users and computers generated by BloodHound and converts it to its own attack plan format. Once the attack plan is ready, GoFetch advances towards the...

1.8AI score
Exploits0References1
n0where
n0where
added 2017/03/20 5:11 a.m.26 views

BGP Hijack Detection: TaBi

BGP Hijack Detection Developed since 2011 for the needs of the French Internet Resilience Observatory , TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an...

7.5AI score
Exploits0References2
n0where
n0where
added 2017/02/16 6:48 a.m.26 views

Simple OpenVPN Raspberry Pi Installer: piVPN

Simple OpenVPN Raspberry Pi Installer This is a set of shell scripts that serve to easily turn your Raspberry Pi TM into a VPN server using the free, open-source OpenVPN software. The master branch of this script installs and configures OpenVPN on Raspbian Jessie and has been tested on Ubuntu 14....

7.3AI score
Exploits0References2
n0where
n0where
added 2017/02/13 8:0 p.m.26 views

WAF Security Benchmark: WAFPASS

WAF Security Benchmark WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However, these security applications suffer...

7AI score
Exploits0References1
n0where
n0where
added 2017/01/06 5:36 a.m.26 views

Platform Independent Meta Information Editor: ExifTool

Platform Independent Meta Information Editor ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIF...

Exploits0
n0where
n0where
added 2016/12/27 5:10 a.m.26 views

Multiplatform Open Source Binary Analysis: BARF Project

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual...

0.1AI score
Exploits0References6
n0where
n0where
added 2016/12/07 6:19 a.m.26 views

Malware Analysis Windows VM: Malboxes

Malware Analysis Windows VM Vagrant box builder and config generator for malware analysis. The malware battle online is far from being over. Several thousands of new malware binaries are collected by antivirus companies every day. Most organizations don’t have the expertise on staff to know if th...

0.2AI score
Exploits0References2
n0where
n0where
added 2016/12/06 2:0 p.m.26 views

Ubuntu-based PenTest Linux Distribution: BackBox

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

0.4AI score
Exploits0
n0where
n0where
added 2016/09/13 10:1 p.m.26 views

Linux Memory Extractor: LiME

Linux Memory Extractor LiME formerly DMD is A Loadable Kernel Module LKM which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its...

Exploits0References2
n0where
n0where
added 2016/08/10 6:32 a.m.26 views

Open Source Pentesting Management And Automation Platform: Vulnreport

Open Source Pentesting Management And Automation Platform Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer’s time. It is designed to accelerate management of penetration...

7.6AI score
Exploits0References1
n0where
n0where
added 2016/08/04 2:55 a.m.26 views

OS X Forensic Evidence Collection: OSXCollector

OS X Forensic Evidence Collection: OSXCollector Forensic Collection The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis...

6.5AI score
Exploits0References1
n0where
n0where
added 2016/07/01 1:41 a.m.26 views

Web Spidering Framework: Malspider

Web Spidering Framework That Detects Characteristics of Web Compromises Malspider is a web spidering framework that inspects websites for characteristics of compromise. Malspider has three purposes: Website Integrity Monitoring : monitor your organization’s website or your personal website for...

7AI score
Exploits0References1
n0where
n0where
added 2016/06/08 2:12 a.m.26 views

Firefox Security Toolkit

Firefox Security Toolkit will download the most important security extensions and add them all into your browser. All the extensions have been chosen by a survey among the information security community. Based on the results, the Firefox Security Toolkit was made. Also, the Firefox Security Toolk...

6.3AI score
Exploits0References1
n0where
n0where
added 2016/05/25 12:31 p.m.26 views

Tactical Exploitation: WarBerryPi

The WarBerry was built with one goal in mind; to be used in red teaming engagement where we want to obtain as much information as possible in a short period of time with being as stealth as possible. Just find a network port and plug it in. The scripts have been designed in a way that the approac...

Exploits0References2
n0where
n0where
added 2016/04/15 1:10 p.m.26 views

Extensible Debugger UI For Hackers: Voltron

Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers LLDB, GDB, VDB and WinDbg by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you ca...

1.9AI score
Exploits0References3
n0where
n0where
added 2015/10/25 9:59 p.m.26 views

System Hardening Guide

The purpose of system hardening is to eliminate as many security risks as possible. Hardening is the process of securing a system by reducing its attack surface. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a...

7.2AI score
Exploits0
n0where
n0where
added 2015/08/28 9:24 p.m.26 views

Penetration Testers Distro: Pentoo

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux , Pentoo is provided both as 32 and 64 bit installable livecd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi...

0.6AI score
Exploits0
n0where
n0where
added 2015/08/09 5:0 p.m.26 views

Automate Security Audit: netool.sh

Netool is a toolkit written in bash, python and ruby and provides easy automation for frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap – mostly MitM attacks. This toolkit makes tasks as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in...

0.4AI score
Exploits0
n0where
n0where
added 2015/03/20 6:54 p.m.26 views

High-Speed Packet Generator: MoonGen

MoonGen is a high-speed scriptable packet generator. The whole load generator is controlled by a Lua script: all packets that are sent are crafted by a user-provided script. Thanks to the incredibly fast LuaJIT VM and the packet processing library DPDK, it can saturate a 10 GBit Ethernet link wit...

0.1AI score
Exploits0References3
n0where
n0where
added 2015/01/26 2:50 p.m.26 views

WordPress Vulnerability Scanner: vane

Vane is a GPL fork of the now non-free popular wordpress vulnerability scanner WPScan. Install Vane Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

7.4AI score
Exploits0References1
n0where
n0where
added 2013/07/22 7:22 p.m.26 views

Open Source Steganography Web Service: DarkJPEG

DarkJPEG is a new generation open source steganography web service. It is supposed to serve people’s needs for the freedom of communication even in those countries which break human rights by forcing some kind of Internet censorship or even denying to use cryptography by law. The service uses...

Exploits0References2
n0where
n0where
added 2010/06/25 4:58 p.m.26 views

Open Source Security Compliance Solution: OpenSCAP

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol SCAP suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the...

0.7AI score
Exploits0
n0where
n0where
added 2018/03/19 1:0 a.m.25 views

Fast CLI DNS Lookup Tool: ZDNS

ZDNS is a command-line utility that provides high-speed DNS lookups. For example, the following will perform MX lookups and a secondary A lookup for the IPs of MX servers for the domains in the Alexa Top Million: cat top-1m.csv | zdns MX --ipv4-lookup --alexa ZDNS is written in golang and is...

7.2AI score
Exploits0References2
n0where
n0where
added 2018/02/23 6:53 a.m.25 views

Microsoft SQL Database Attacking Tool: MSDAT

MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...

1AI score
Exploits0References1
n0where
n0where
added 2017/08/12 1:14 a.m.25 views

Brute-force Attack Dictionary Builder: pydictor

A powerful and useful hacker dictionary builder for a brute-force attack You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on; You can use the pydictor built-in tool to safe delete, merge, unique, merge and...

7.4AI score
Exploits0References1
n0where
n0where
added 2017/08/10 5:59 p.m.25 views

Packet Manipulation Framework: PcapPlusPlus

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use. What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap? Designed to be lightweight and efficient Support...

1AI score
Exploits0References1
n0where
n0where
added 2017/08/08 6:7 p.m.25 views

Man-in-the-middle Router

Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd , dnsmasq , and mitmproxy to create a open honeypot wireless network named “Public”. For added fun, change the network name to “xfinitywifi” to autoconnect anyone...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/06/22 11:24 p.m.25 views

Hiding SSH Servers Behind HTTP: sshttp

Hiding SSH Servers Behind HTTP In case your FW policy forbids SSH access to the DMZ or internal network from outside, but you still want to use ssh on machines which only have one open port, e.g. HTTP , you can use sshttpd . sshttpd can multiplex the following protocol pairs: SSH/HTTP SSH/HTTPS...

6.8AI score
Exploits0References2
Total number of security vulnerabilities1052