Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2016/12/06 2:0 p.m.24 views

Ubuntu-based PenTest Linux Distribution: BackBox

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

0.4AI score
Exploits0
n0where
n0where
added 2016/11/12 11:46 p.m.24 views

Low Bandwidth DoS Tool: Slowloris

Low Bandwidth DoS Tool Slowloris is a type of denial of service attack invented by Robert “RSnake” Hansen which allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. Slowloris tries to keep many connections to th...

0.5AI score
Exploits0References1
n0where
n0where
added 2016/08/04 2:55 a.m.24 views

OS X Forensic Evidence Collection: OSXCollector

OS X Forensic Evidence Collection: OSXCollector Forensic Collection The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis...

6.5AI score
Exploits0References1
n0where
n0where
added 2016/06/08 2:12 a.m.24 views

Firefox Security Toolkit

Firefox Security Toolkit will download the most important security extensions and add them all into your browser. All the extensions have been chosen by a survey among the information security community. Based on the results, the Firefox Security Toolkit was made. Also, the Firefox Security Toolk...

6.3AI score
Exploits0References1
n0where
n0where
added 2016/04/14 8:56 p.m.24 views

High Speed Network Authentication Cracking: Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...

0.3AI score
Exploits0References1
n0where
n0where
added 2015/10/27 1:10 a.m.24 views

SSH Port Knocking

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of pre-specified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which se...

7.3AI score
Exploits0
n0where
n0where
added 2015/10/25 9:59 p.m.24 views

System Hardening Guide

The purpose of system hardening is to eliminate as many security risks as possible. Hardening is the process of securing a system by reducing its attack surface. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a...

7.2AI score
Exploits0
n0where
n0where
added 2015/09/06 4:27 p.m.24 views

Automated Evil Twin Attack: infernal-twin

Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a lapto...

1.7AI score
Exploits0References1
n0where
n0where
added 2015/08/09 5:0 p.m.24 views

Automate Security Audit: netool.sh

Netool is a toolkit written in bash, python and ruby and provides easy automation for frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap – mostly MitM attacks. This toolkit makes tasks as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in...

0.4AI score
Exploits0
n0where
n0where
added 2015/04/08 5:47 p.m.24 views

Booting Kali Linux Live over HTTP

The basic premise involves using the Kali Live kernel and initrd for booting, while calling the Kali root filesystem through an HTTP URI. The initial boot process can take place over the network via PXE or a minimal USB/CD – while the remote root filesystem is a squashfs image served over HTTP vi...

7.4AI score
Exploits0
n0where
n0where
added 2015/02/06 9:2 p.m.24 views

stunnel – an SSL encryption wrapper

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local inetd-startable or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. Stunnel uses t...

7.6AI score
Exploits0
n0where
n0where
added 2015/01/08 1:40 p.m.24 views

Social Engineering Email Sender – SEES

SEES – Social Engineering Email Sender Most of the companies nowadays have their firewalls, threat monitoring and prevention security appliances setup. With these mechanisms in place, security precautions are taken and incidents are monitored. Inbound traffic being restricted, SEES on the other...

7.6AI score
Exploits0References1
n0where
n0where
added 2014/11/11 6:50 a.m.24 views

Monitor Networks for Rogue DHCP servers – DHCPSnoop

Monitor Networks for Rogue DHCP servers DHCPSnoop will listen on a network interface for DHCP replies from it’s own DHCP requests and any other requests it can see during the runtime. It will then verify the DHCP response parameters that are returned against the settings in it’s configuration fil...

1AI score
Exploits0References1
n0where
n0where
added 2013/10/11 5:3 p.m.24 views

Find Misconfigurations: unix-privesc-check

Unix-privesc-check is a script that runs on Unix systems tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2. It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps e.g. databases. It is written as a single...

7.4AI score
Exploits0
n0where
n0where
added 2018/09/05 4:19 p.m.23 views

CLI for Ephemeral Penetration Testing: hideNsneak

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...

1.2AI score
Exploits0References1
n0where
n0where
added 2018/08/23 4:23 p.m.23 views

Offensive and Defensive Cryptography: Crypton

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems Symmetric and Asymmetric, Digital Signatures, Message...

1.4AI score
Exploits0References1
n0where
n0where
added 2018/08/23 4:0 p.m.23 views

Bounded Model Checking Framework for Heap-implementations: HeapHopper

Heap metadata attacks have become one of the primary ways in which attackers exploit memory corruption vulnerabilities. While heap implementation developers have introduced mitigations to prevent and detect corruption, it is still possible for attackers to work around them. In part, this is becau...

Exploits0References1
n0where
n0where
added 2018/08/19 2:43 a.m.23 views

OWA for hackers: ExchangeRelayX

ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

1.2AI score
Exploits0References1
n0where
n0where
added 2018/06/18 7:4 p.m.23 views

Search and Dump System Configuration: otseca

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...

7AI score
Exploits0References1
n0where
n0where
added 2018/05/02 10:27 p.m.23 views

Binary Whitelisting Blacklisting System for macOS: Santa

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/03/05 4:6 p.m.23 views

Fuzzing and Data Manipulation Framework: Fuddly

Among the variety of complementary approaches used in the security evaluation of a target e.g. , software, an embedded equipment, etc. , fuzz testing—abbreviated fuzzing —is widely recognized as an effective means to help discovering security weaknesses in a target. Fuzzing is a software testing...

7.5AI score
Exploits0References5
n0where
n0where
added 2017/12/14 7:11 p.m.23 views

MS-Word Payload Delivery: Macro Creator

Invoke-MacroCreator is a powershell Cmdlet that allows for the creation of an MS-Word document embedding a VBA macro with various payload delivery and execution capabilities. Description Basically the script supports three types of payload that you MUST specify using the -t argument: 1. shellcode...

6.9AI score
Exploits0References3
n0where
n0where
added 2017/12/13 2:25 p.m.23 views

Automated WPA Phishing Attacks: WiFiPhisher

Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an ea...

7.5AI score
Exploits0References1
n0where
n0where
added 2017/11/14 5:51 p.m.23 views

Linux Process Hunter: Prochunter

Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...

1AI score
Exploits0References1
n0where
n0where
added 2017/11/14 3:17 p.m.23 views

Network Interference Detection Tool: ooniprobe

OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software FL/OSS to share observations and data about the various types, methods, and amounts of network tampering in...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/10/28 5:48 p.m.23 views

Distributed File Analysis Framework: Assemblyline

Assemblyline is a scalable distributed file analysis framework . It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, ...

1.3AI score
Exploits0References4
n0where
n0where
added 2017/10/16 2:0 p.m.23 views

Cloud Client Side File Encryption: Cryptomator

Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors...

7.1AI score
Exploits0References5
n0where
n0where
added 2017/08/07 8:45 p.m.23 views

Raspberry Pi Network Security Monitoring: SweetSecurity

Raspberry Pi Network Security Monitoring Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device. Installation: sudo python setup.py Follow prompts to enter appropriate information for chosen installation type Installation Types 1. Full Install : Th...

7.2AI score
Exploits0References1
n0where
n0where
added 2017/08/06 5:35 p.m.23 views

the Crypto Undertaker: Tomb

Tomb aims to be a free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links shared GNU/Linux components. At present, Tomb consists of a simple shell script Zsh using standard filesystem tools GNU and the cryptographic API of the...

7.6AI score
Exploits0References6
n0where
n0where
added 2017/06/19 4:38 p.m.23 views

Automated ettercap TCP/IP Hijacking Tool: Morpheus

morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host… workflow: 1. attacker - arp poison local lan mit...

0.8AI score
Exploits0References1
n0where
n0where
added 2017/06/19 4:5 a.m.23 views

Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

7.2AI score
Exploits0References1
n0where
n0where
added 2017/06/15 5:40 a.m.23 views

Network Mapper: Nmap

the Network Mapper Nmap is a free and open source utility for network discovery and security auditing. Network mapper was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for...

6.7AI score
Exploits0References1
n0where
n0where
added 2017/03/20 6:37 p.m.23 views

Synchronize Your DNS to Multiple Providers: DNSControl

Synchronize Your DNS to Multiple Providers DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It ca...

0.5AI score
Exploits0References2
n0where
n0where
added 2017/03/17 5:27 a.m.23 views

Interactive Multi User Javascript Shell: JSShell

Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/03/13 5:40 a.m.23 views

Python Steganography Tool: Stegosaurus

Python Steganography Tool A steganography tool for embedding payloads within Python bytecode. Stegosaurus is a steganography tool that allows embedding arbitrary payloads in Python bytecode pyc or pyo files. The embedding process does not alter the runtime behavior or file size of the carrier fil...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/02/13 9:25 p.m.23 views

USB Key Cleaner: CIRCLean

USB Key Cleaner Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection. CIRCLean is an independent hardware solution to clean documents from untrusted obtained USB keys / USB sticks. The device automatically converts untrusted documents in...

7.3AI score
Exploits0References1
n0where
n0where
added 2017/02/02 5:40 a.m.23 views

Collaborative Penetration Test & Vulnerability Management Platform: Faraday

Collaborative Penetration Test & Vulnerability Management Platform Faraday introduces a new concept – IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit. The main purpose of...

Exploits0References4
n0where
n0where
added 2016/11/28 5:17 a.m.23 views

Domain Password Audit Tool: DPAT

Domain Password Audit Tool This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with...

7AI score
Exploits0References3
n0where
n0where
added 2016/11/14 5:57 a.m.23 views

Auditing Web Applications Firewalls: LightBulb

Auditing Web Applications Firewalls LightBulb is an open source python framework for auditing web applications firewalls Web Applications Firewalls WAFs are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transaction...

6.5AI score
Exploits0References1
n0where
n0where
added 2016/11/11 5:11 p.m.23 views

Linux Network Analyzer: netsniff-ng

Linux Network Analyzer A Swiss army knife for your daily Linux network plumbing netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/10/27 5:34 a.m.23 views

OWASP SSL TLS Scanning : DeepViolet

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfo...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/10/08 4:38 p.m.23 views

WPA Enterprise Brute Force Attack Tool: Air-Hammer

WPA Enterprise Brute Force Attack Tool Air-Hammer is a new tool for performing online, horizontal brute-force attacks against wireless networks secured with WPA Enterprise. This is a completely different attack than the usual “ evil twin ” attacks against those networks. Although WPA Enterprise i...

Exploits0References3
n0where
n0where
added 2016/08/06 1:35 p.m.23 views

1-click IPSEC VPN in the Cloud: algo

1-click IPSEC VPN in the Cloud Algo short for “Al Gore”, the V ice P resident of N etworks everywhere for inventing the Internet is a set of Ansible scripts that simplifies the setup of an IPSEC VPN. It contains the most secure defaults available, works with common cloud providers, and does not...

7AI score
Exploits0References2
n0where
n0where
added 2016/07/29 6:14 p.m.23 views

Windows Process Filtering System: ProcFilter

Windows Process Filtering System ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft’s ETW API , making...

7.3AI score
Exploits0References7
n0where
n0where
added 2016/07/29 4:2 a.m.23 views

Exploit Unsafe Java Object Deserialization: ysoserial

Exploit Unsafe Java Object Deserialization How deserializing objects will ruin your day ysoserial is a collection of utilities and property-oriented programming “gadget chains” discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/07/13 2:35 p.m.24 views

DNS Analysis Tool: Bluto

The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they a...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/05/12 12:42 a.m.23 views

Wireless Network Security Auditing Bash Script: airgeddon

airgeddon is a living project growing day by day. This is the list of features so far: Interface mode switcher Monitor-Managed keeping selection even on interface name changing DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping available...

7.4AI score
Exploits0References5
n0where
n0where
added 2016/02/29 11:41 p.m.23 views

Recursively Crawl Single Page Applications: htcap

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s focused mainly on the crawling process and uses external tools to discover vulnerabilities. It’...

7.9AI score
Exploits0References1
n0where
n0where
added 2015/09/21 9:24 p.m.23 views

Test SSL Ciphersuite: Cipherscan

Test SSL Ciphersuite: Cipherscan Simple way to find out which SSL ciphersuites are supported by a target Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and...

7.3AI score
Exploits0References2
n0where
n0where
added 2015/09/14 5:20 a.m.23 views

Security Oriented Fuzzer: American Fuzzy Lop

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage fo...

7.4AI score
Exploits0References3
Total number of security vulnerabilities1052