Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2015/09/21 9:24 p.m.23 views

Test SSL Ciphersuite: Cipherscan

Test SSL Ciphersuite: Cipherscan Simple way to find out which SSL ciphersuites are supported by a target Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and...

7.3AI score
Exploits0References2
n0where
n0where
added 2015/09/14 5:20 a.m.23 views

Security Oriented Fuzzer: American Fuzzy Lop

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage fo...

7.4AI score
Exploits0References3
n0where
n0where
added 2015/09/05 9:52 p.m.23 views

Systems Integrity Management Platform – SIMP

The System Integrity Management Platform SIMP is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding upon this philosophy, SIMP also aims t...

6.9AI score
Exploits0References1
n0where
n0where
added 2015/02/05 11:56 p.m.23 views

OWASP SSL audit: O-Saft

O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important...

0.3AI score
Exploits0References1
n0where
n0where
added 2015/01/10 6:7 p.m.23 views

Sabotage The System: Encryption as Surveillance State Monkey Wrench

Sabotage The System Since Snowden’s 2013 disclosures confirmed long-standing assumptions that the NSA and other Western spy agencies have secretly constructed a massive global surveillance infrastructure – at a cost of well in excess of $50 billion – much focus has been brought to bear on...

Exploits0
n0where
n0where
added 2012/09/26 10:31 p.m.23 views

Portable Multi-boot Security Suite: Katana

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware...

0.6AI score
Exploits0
n0where
n0where
added 2012/08/10 10:28 p.m.23 views

Blind SQL injection: BBQSQL

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is...

Exploits0References1
n0where
n0where
added 2018/06/18 8:23 p.m.22 views

Educational Ubuntu Linux Rootkit

The rootkit was tested to work on Linux kernels 2.6.32-38 and 4.4.0-22 as provided by Ubuntu in Ubuntu 10.04.4 LTS and Ubuntu 16.04 LTS respectively, but it should be very easy to port to kernels in-between, as well as newer ones. There is some architecture-specific code in the rootkit which is...

0.3AI score
Exploits0References1
n0where
n0where
added 2018/04/09 1:57 a.m.22 views

REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

0.2AI score
Exploits0References1
n0where
n0where
added 2018/04/08 3:0 p.m.22 views

Network Security Monitoring: Security Onion

Network Security Monitoring NSM is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an...

7AI score
Exploits0References2
n0where
n0where
added 2018/04/03 4:8 p.m.22 views

Dynamic DNS Rebinding: Whonow DNS Server

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves . respond to DNS queries for this domain with 52.23.194.42 the first time it is requested and then 192.168.1.1 every time afte...

6.9AI score
Exploits0References2
n0where
n0where
added 2017/11/07 5:30 a.m.22 views

Popular Pentesting Scanner: v3n0m

v3n0m is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and...

7.6AI score
Exploits0References1
n0where
n0where
added 2017/10/11 4:58 a.m.22 views

DNS Diagnostics & Performance Measurement Tools: DNSDiag

Ever been wondering if your ISP is hijacking your DNS traffic ? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to ma...

Exploits0References3
n0where
n0where
added 2017/08/15 3:32 a.m.22 views

Transparent Proxy Server: sshuttle

Transparent proxy server that works as a poor man’s VPN. Forwards over ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling. Sshuttle solves the following common case: Your client machine or router is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/08/15 2:56 a.m.22 views

Simple multi-threaded web crawler: dcrawl

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site’s body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/07/03 6:13 p.m.22 views

Advanced Hash Manipulation: Dagon

Advanced Hash Manipulation Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, an...

0.3AI score
Exploits0References2
n0where
n0where
added 2017/06/26 5:3 a.m.22 views

IoT Network Security Analysis Tool: ASTo

IoT Network Security Analysis Tool Apparatus is a security framework to facilitate security analysis in IoT systems. To make the usage of the Apparatus framework easier the ASTo app was created ASTo stands for Apparatus Software Tool. ASTo is based on electron and cytoscape.js . The application i...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/06/19 5:29 a.m.22 views

IPv6 Address Spoofing: sylkie

IPv6 Address Spoofing A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. Getting Started Dependencies libseccomp json-c Build Get the code and compile it! Get the code git clone...

0.2AI score
Exploits0References3
n0where
n0where
added 2017/06/12 6:57 p.m.22 views

An All In One Information Gathering Tool: RED HAWK

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling.Coded In PHP Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois Lookup IMPROVED...

8AI score
Exploits0References1
n0where
n0where
added 2017/06/02 4:9 a.m.22 views

Digital Forensics Platform: Autopsy

Digital Forensics Platform Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from...

6.9AI score
Exploits0
n0where
n0where
added 2017/05/23 6:4 a.m.22 views

Open Source Hackers Tool Belt: Pybelt

Open Source Hackers Tool Belt Pybelt is an open source hackers tool belt complete with: A port scanner SQL injection scanner Dork checker Hash cracker Hash type verification tool Proxy finding tool XSS scanner It is capable of cracking hashes without prior knowledge of the algorithm, scanning por...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/04/03 8:4 p.m.22 views

Mobile Ad Hoc Mesh Network: Serval Mesh

Mobile Ad Hoc Mesh Network Serval Mesh, and it is free software that allows smart-phones to communicate, even in the face of catastrophic failure of cellular networks. Serval Mesh allows people to make voice calls, send text messages and share files with other Serval Mesh users, without requiring...

0.3AI score
Exploits0
n0where
n0where
added 2017/02/13 8:15 p.m.22 views

Simple Static Malware Analyzer: SSMA

Simple Static Malware Analyzer SSMA is a simple malware analyzer written in Python 3. Features: Analyze PE file’s header and sections number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc. Searches for possible...

7.3AI score
Exploits0References2
n0where
n0where
added 2016/12/19 3:26 a.m.22 views

Automating Phishing Activities: PhishLulz

Automating Phishing Activities PhishLulz is a Ruby toolset aimed at automating Phishing activities When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are:...

Exploits0References2
n0where
n0where
added 2016/08/30 8:4 p.m.22 views

USB Anti Forensic Tool: usbdeath

USB Anti Forensic Tool anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb device insertion or specific usb device removal. usbdeath is a small script inspired by usbkill , “an anti-forensic kill-switch that waits for a change on your USB ports and th...

0.7AI score
Exploits0References2
n0where
n0where
added 2016/08/25 4:16 p.m.22 views

HTTPS best practices: pshtt

HTTPS best practices “pshtt” is the sound you make when you feel mildly astonished. pshtt “pushed” is a tool to scan domains for HTTPS best practices. It saves its results to a CSV or JSON. pshtt was developed to push organizations— especially large ones like the US Federal Government — to adopt...

7AI score
Exploits0References1
n0where
n0where
added 2016/06/27 3:3 a.m.22 views

GDB Front End: PINCE

GDB Front End: PINCE is not Cheat Engine PINCE is a front-end/reverse engineering tool for the GNU Project Debugger GDB, focused on games. But it can be used for any reverse-engineering related stuff. PINCE is an abbreviation for “PINCE is not Cheat Engine”. PINCE’s GUI is heavily “inspired;D” by...

7.7AI score
Exploits0References3
n0where
n0where
added 2016/06/15 3:39 p.m.22 views

Complex Code Reuse Attacks: ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks Talos has developed ROPMEMU, a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/05/14 12:22 p.m.22 views

Python Based Windows Backdoor with Gmail C&C: gDog

A stealthy Python based Windows backdoor that uses Gmail as a command and control server Gdog is a stealthy Python Windows backdoor that uses Gmail as a command and control server. It is mostly inspired by Gcat with which it shares code base but it adds additional options and features and goes...

0.8AI score
Exploits0References3
n0where
n0where
added 2016/05/10 10:19 p.m.22 views

Fast Golang DNS Proxy: grimd

Fast golang dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers Incoming requests spawn a goroutine and are served concurrently, and the block cache resides in-memory to allow for rapid lookups, allowing grimd to serve thousands of queries at once whil...

0.9AI score
Exploits0References2
n0where
n0where
added 2016/04/07 5:59 p.m.22 views

Automated Security Assessment Reporting Tool: Guinevere

Automated Security Assessment Reporting Tool Automated Security Assessment Reporting Tool Guinevere works with Gauntlet to automate assessment reporting. Main features include: Generate Assessment Report Export Assessment Generate Retest Report Generate Pentest Checklist Generate Assessment Repor...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/03/17 12:19 a.m.22 views

Adversary Resistant Computing Platform: SubgraphOS

Subgraph OS is an adversary resistant computing platform. The main purpose of Subgraph OS is to empower people to communicate, share, and collaborate without fear of surveillance and interference. What this means in practical terms is that users of Subgraph OS can safely perform their day-to-day...

7.3AI score
Exploits0References2
n0where
n0where
added 2015/06/17 2:15 p.m.22 views

The Internet Scanner: ZMap

The Internet Scanner: ZMap ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes,...

7.2AI score
Exploits0References1
n0where
n0where
added 2015/03/20 5:45 p.m.22 views

Web Application Bruteforcer: 0d1n

0d1n is a Open Source web application bruteforcer and Fuzzer. If your objective is automate exhaustive tests and search for anomalies read vulnerabilities 0d1n can increase your productivity following web parameters, files, directories, forms and other things. With 0d1n you can brute force...

7.9AI score
Exploits0References2
n0where
n0where
added 2015/02/06 7:6 a.m.22 views

proxychains-ng

ProxyChains is a UNIX program, that hooks network-related libc functions in DYNAMICALLY LINKED programs via a preloaded DLL dlsym, LDPRELOAD and redirects the connections through SOCKS4a/5 or HTTP proxies. It supports TCP only no UDP/ICMP etc. The way it works is basically a HACK; so it is possib...

7.2AI score
Exploits0References1
n0where
n0where
added 2015/01/30 5:39 p.m.22 views

Dshell – Network Forensic Analysis Framework

Dshell An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04...

1.3AI score
Exploits0References6
n0where
n0where
added 2015/01/03 4:5 p.m.22 views

HTTP/HTTPs MITM Proxy and Traffic Recorder: Hyperfox

HTTP/HTTPs MITM Proxy and Traffic Recorder Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN Network Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key both provided by the user. If the targe...

0.1AI score
Exploits0References1
n0where
n0where
added 2013/11/22 8:9 p.m.22 views

Lightweight System Monitoring: Monitorix

Lightweight System Monitoring Monitorix is a free, open source, lightweight system monitoring tool designed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size can be used on...

7.2AI score
Exploits0
n0where
n0where
added 2013/11/22 7:20 p.m.22 views

Archlinux Ultimate Install Script

Install and configure archlinux has never been easier! You can try it first with a virtualbox Prerequisites A working internet connection Logged in as ‘root’ How to get it With git Increase cowspace partition: mount -o remount,size=2G /run/archiso/cowspace Get list of packages and install git:...

7.3AI score
Exploits0References1
n0where
n0where
added 2013/10/06 6:57 p.m.22 views

Bedrock Linux

Bedrock Linux Bedrock Linux is a Linux distribution created with the aim of making most of the often seemingly mutually-exclusive benefits of various other Linux distributions available simultaneously and transparently. If one would like a rock-solid stable base for example, from Debian or a RHEL...

1.6AI score
Exploits0
n0where
n0where
added 2012/06/21 12:44 a.m.22 views

Bluetooth scanner: Bluelog

Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode. It is intended to be used as a site survey tool, determining how many discoverable Bluetooth devices there are in the area. It has also proven to be very well suited to Bluetooth traffic...

0.5AI score
Exploits0
n0where
n0where
added 2018/08/21 5:12 p.m.21 views

Defending Elections from Foreign Adversaries: Election Buster

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee DNC IT services company, and foreign adversaries...

0.5AI score
Exploits0References1
n0where
n0where
added 2018/04/03 10:19 p.m.21 views

Identify Misconfigured CloudFront Domains: CloudFrunt

CloudFrunt is a tool for identifying misconfigured CloudFront domains. CloudFront is a Content Delivery Network CDN provided by Amazon Web Services AWS. CloudFront users create “distributions” that serve content from specific sources an S3 bucket, for example. Each CloudFront distribution has a...

0.1AI score
Exploits0References1
n0where
n0where
added 2018/01/09 5:17 a.m.21 views

Web Application Vulnerability Scanner: Wapiti

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

Exploits0
n0where
n0where
added 2018/01/01 5:15 p.m.21 views

Reverse Engineering Android apk Files: Apktool

ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like fil...

7.4AI score
Exploits0References3
n0where
n0where
added 2017/10/31 5:45 a.m.21 views

A Managed Password Cracking Tool: GoCrack

FireEye’s Innovation and Custom Engineering ICE team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks. Simply deploy a GoCrack server...

1.1AI score
Exploits0References3
n0where
n0where
added 2017/09/29 5:58 a.m.21 views

TCP Stream Replay Tool: TCPCopy

Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of Internet server applications, we develop a live flow reproduction tool – TCPCopy, which could generate the...

7.6AI score
Exploits0References2
n0where
n0where
added 2017/09/19 5:12 a.m.21 views

Web Application Security Scanner: Spaghetti

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/08/07 9:56 p.m.21 views

Automated Privilege Escalation: portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...

1AI score
Exploits0References1
n0where
n0where
added 2017/07/10 3:30 p.m.21 views

AWS CIS Benchmark Tool: Prowler

Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 . It covers hardening and security best practices for all regions related to: Identity and Access Management 24 checks Logging 8 checks Monitoring 15 checks...

7.5AI score
Exploits0References1
Total number of security vulnerabilities1052