Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2018/03/19 1:0 a.m.24 views

Fast CLI DNS Lookup Tool: ZDNS

ZDNS is a command-line utility that provides high-speed DNS lookups. For example, the following will perform MX lookups and a secondary A lookup for the IPs of MX servers for the domains in the Alexa Top Million: cat top-1m.csv | zdns MX --ipv4-lookup --alexa ZDNS is written in golang and is...

7.2AI score
Exploits0References2
n0where
n0where
added 2018/02/23 6:53 a.m.24 views

Microsoft SQL Database Attacking Tool: MSDAT

MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...

1AI score
Exploits0References1
n0where
n0where
added 2018/01/01 8:43 p.m.24 views

Spy Microphone Detection Tool: Salamandra

Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the microphone and the amount of noise and overlapped frequencies. Based on the generated noise it can estimate how close or far away you are from the...

7.3AI score
Exploits0References1
n0where
n0where
added 2017/10/28 5:48 p.m.24 views

Distributed File Analysis Framework: Assemblyline

Assemblyline is a scalable distributed file analysis framework . It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, ...

1.3AI score
Exploits0References4
n0where
n0where
added 2017/09/20 5:48 a.m.24 views

Python Network Hacking Toolkit: Habu

These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Much of the functions are really basic like get our public IP address, but are really useful in some cases. Installation To install Habu, simply: $ pip install habu Dependencies Habu requires: Click...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/08/10 5:59 p.m.24 views

Packet Manipulation Framework: PcapPlusPlus

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use. What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap? Designed to be lightweight and efficient Support...

1AI score
Exploits0References1
n0where
n0where
added 2017/06/15 5:40 a.m.24 views

Network Mapper: Nmap

the Network Mapper Nmap is a free and open source utility for network discovery and security auditing. Network mapper was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for...

6.7AI score
Exploits0References1
n0where
n0where
added 2017/03/17 5:27 a.m.24 views

Interactive Multi User Javascript Shell: JSShell

Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/02/13 9:25 p.m.24 views

USB Key Cleaner: CIRCLean

USB Key Cleaner Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection. CIRCLean is an independent hardware solution to clean documents from untrusted obtained USB keys / USB sticks. The device automatically converts untrusted documents in...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/11/28 5:17 a.m.24 views

Domain Password Audit Tool: DPAT

Domain Password Audit Tool This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with...

7AI score
Exploits0References3
n0where
n0where
added 2016/11/14 5:57 a.m.24 views

Auditing Web Applications Firewalls: LightBulb

Auditing Web Applications Firewalls LightBulb is an open source python framework for auditing web applications firewalls Web Applications Firewalls WAFs are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transaction...

6.5AI score
Exploits0References1
n0where
n0where
added 2016/11/12 11:46 p.m.24 views

Low Bandwidth DoS Tool: Slowloris

Low Bandwidth DoS Tool Slowloris is a type of denial of service attack invented by Robert “RSnake” Hansen which allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. Slowloris tries to keep many connections to th...

0.5AI score
Exploits0References1
n0where
n0where
added 2016/10/27 5:34 a.m.24 views

OWASP SSL TLS Scanning : DeepViolet

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfo...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/07/29 6:14 p.m.24 views

Windows Process Filtering System: ProcFilter

Windows Process Filtering System ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft’s ETW API , making...

7.3AI score
Exploits0References7
n0where
n0where
added 2016/07/29 4:2 a.m.24 views

Exploit Unsafe Java Object Deserialization: ysoserial

Exploit Unsafe Java Object Deserialization How deserializing objects will ruin your day ysoserial is a collection of utilities and property-oriented programming “gadget chains” discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/06/08 2:12 a.m.24 views

Firefox Security Toolkit

Firefox Security Toolkit will download the most important security extensions and add them all into your browser. All the extensions have been chosen by a survey among the information security community. Based on the results, the Firefox Security Toolkit was made. Also, the Firefox Security Toolk...

6.3AI score
Exploits0References1
n0where
n0where
added 2016/04/14 8:56 p.m.24 views

High Speed Network Authentication Cracking: Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/02/29 11:41 p.m.24 views

Recursively Crawl Single Page Applications: htcap

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s focused mainly on the crawling process and uses external tools to discover vulnerabilities. It’...

7.9AI score
Exploits0References1
n0where
n0where
added 2015/10/27 1:10 a.m.24 views

SSH Port Knocking

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of pre-specified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which se...

7.3AI score
Exploits0
n0where
n0where
added 2015/09/06 4:27 p.m.24 views

Automated Evil Twin Attack: infernal-twin

Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a lapto...

1.7AI score
Exploits0References1
n0where
n0where
added 2015/09/05 9:52 p.m.24 views

Systems Integrity Management Platform – SIMP

The System Integrity Management Platform SIMP is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding upon this philosophy, SIMP also aims t...

6.9AI score
Exploits0References1
n0where
n0where
added 2015/02/06 9:2 p.m.24 views

stunnel – an SSL encryption wrapper

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local inetd-startable or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. Stunnel uses t...

7.6AI score
Exploits0
n0where
n0where
added 2015/02/05 11:56 p.m.24 views

OWASP SSL audit: O-Saft

O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important...

0.3AI score
Exploits0References1
n0where
n0where
added 2015/01/10 6:7 p.m.24 views

Sabotage The System: Encryption as Surveillance State Monkey Wrench

Sabotage The System Since Snowden’s 2013 disclosures confirmed long-standing assumptions that the NSA and other Western spy agencies have secretly constructed a massive global surveillance infrastructure – at a cost of well in excess of $50 billion – much focus has been brought to bear on...

Exploits0
n0where
n0where
added 2015/01/08 1:40 p.m.24 views

Social Engineering Email Sender – SEES

SEES – Social Engineering Email Sender Most of the companies nowadays have their firewalls, threat monitoring and prevention security appliances setup. With these mechanisms in place, security precautions are taken and incidents are monitored. Inbound traffic being restricted, SEES on the other...

7.6AI score
Exploits0References1
n0where
n0where
added 2014/11/11 6:50 a.m.24 views

Monitor Networks for Rogue DHCP servers – DHCPSnoop

Monitor Networks for Rogue DHCP servers DHCPSnoop will listen on a network interface for DHCP replies from it’s own DHCP requests and any other requests it can see during the runtime. It will then verify the DHCP response parameters that are returned against the settings in it’s configuration fil...

1AI score
Exploits0References1
n0where
n0where
added 2014/03/05 4:53 p.m.24 views

Mobile Security Audit: zANTI

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety zANTI offers a host of penetration-testing features, including...

0.8AI score
Exploits0
n0where
n0where
added 2013/10/11 5:3 p.m.24 views

Find Misconfigurations: unix-privesc-check

Unix-privesc-check is a script that runs on Unix systems tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2. It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps e.g. databases. It is written as a single...

7.4AI score
Exploits0
n0where
n0where
added 2012/09/26 10:31 p.m.24 views

Portable Multi-boot Security Suite: Katana

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware...

0.6AI score
Exploits0
n0where
n0where
added 2018/09/05 4:19 p.m.23 views

CLI for Ephemeral Penetration Testing: hideNsneak

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...

1.2AI score
Exploits0References1
n0where
n0where
added 2018/08/23 4:23 p.m.23 views

Offensive and Defensive Cryptography: Crypton

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems Symmetric and Asymmetric, Digital Signatures, Message...

1.4AI score
Exploits0References1
n0where
n0where
added 2018/08/23 4:0 p.m.23 views

Bounded Model Checking Framework for Heap-implementations: HeapHopper

Heap metadata attacks have become one of the primary ways in which attackers exploit memory corruption vulnerabilities. While heap implementation developers have introduced mitigations to prevent and detect corruption, it is still possible for attackers to work around them. In part, this is becau...

Exploits0References1
n0where
n0where
added 2018/08/19 2:43 a.m.23 views

OWA for hackers: ExchangeRelayX

ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

1.2AI score
Exploits0References1
n0where
n0where
added 2018/06/18 7:4 p.m.23 views

Search and Dump System Configuration: otseca

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...

7AI score
Exploits0References1
n0where
n0where
added 2018/05/02 10:27 p.m.23 views

Binary Whitelisting Blacklisting System for macOS: Santa

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/04/09 1:57 a.m.23 views

REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

0.2AI score
Exploits0References1
n0where
n0where
added 2018/03/05 4:6 p.m.23 views

Fuzzing and Data Manipulation Framework: Fuddly

Among the variety of complementary approaches used in the security evaluation of a target e.g. , software, an embedded equipment, etc. , fuzz testing—abbreviated fuzzing —is widely recognized as an effective means to help discovering security weaknesses in a target. Fuzzing is a software testing...

7.5AI score
Exploits0References5
n0where
n0where
added 2018/01/01 5:15 p.m.23 views

Reverse Engineering Android apk Files: Apktool

ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like fil...

7.4AI score
Exploits0References3
n0where
n0where
added 2017/12/14 7:11 p.m.23 views

MS-Word Payload Delivery: Macro Creator

Invoke-MacroCreator is a powershell Cmdlet that allows for the creation of an MS-Word document embedding a VBA macro with various payload delivery and execution capabilities. Description Basically the script supports three types of payload that you MUST specify using the -t argument: 1. shellcode...

6.9AI score
Exploits0References3
n0where
n0where
added 2017/12/13 2:25 p.m.23 views

Automated WPA Phishing Attacks: WiFiPhisher

Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an ea...

7.5AI score
Exploits0References1
n0where
n0where
added 2017/11/14 5:51 p.m.23 views

Linux Process Hunter: Prochunter

Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...

1AI score
Exploits0References1
n0where
n0where
added 2017/11/14 3:17 p.m.23 views

Network Interference Detection Tool: ooniprobe

OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software FL/OSS to share observations and data about the various types, methods, and amounts of network tampering in...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/10/16 2:0 p.m.23 views

Cloud Client Side File Encryption: Cryptomator

Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors...

7.1AI score
Exploits0References5
n0where
n0where
added 2017/08/07 8:45 p.m.23 views

Raspberry Pi Network Security Monitoring: SweetSecurity

Raspberry Pi Network Security Monitoring Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device. Installation: sudo python setup.py Follow prompts to enter appropriate information for chosen installation type Installation Types 1. Full Install : Th...

7.2AI score
Exploits0References1
n0where
n0where
added 2017/08/06 5:35 p.m.23 views

the Crypto Undertaker: Tomb

Tomb aims to be a free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links shared GNU/Linux components. At present, Tomb consists of a simple shell script Zsh using standard filesystem tools GNU and the cryptographic API of the...

7.6AI score
Exploits0References6
n0where
n0where
added 2017/06/19 4:38 p.m.23 views

Automated ettercap TCP/IP Hijacking Tool: Morpheus

morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host… workflow: 1. attacker - arp poison local lan mit...

0.8AI score
Exploits0References1
n0where
n0where
added 2017/06/19 4:5 a.m.23 views

Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

7.2AI score
Exploits0References1
n0where
n0where
added 2017/05/23 6:4 a.m.23 views

Open Source Hackers Tool Belt: Pybelt

Open Source Hackers Tool Belt Pybelt is an open source hackers tool belt complete with: A port scanner SQL injection scanner Dork checker Hash cracker Hash type verification tool Proxy finding tool XSS scanner It is capable of cracking hashes without prior knowledge of the algorithm, scanning por...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/03/20 6:37 p.m.23 views

Synchronize Your DNS to Multiple Providers: DNSControl

Synchronize Your DNS to Multiple Providers DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It ca...

0.5AI score
Exploits0References2
n0where
n0where
added 2017/03/13 5:40 a.m.23 views

Python Steganography Tool: Stegosaurus

Python Steganography Tool A steganography tool for embedding payloads within Python bytecode. Stegosaurus is a steganography tool that allows embedding arbitrary payloads in Python bytecode pyc or pyo files. The embedding process does not alter the runtime behavior or file size of the carrier fil...

0.4AI score
Exploits0References1
Total number of security vulnerabilities1052