Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/06/23 3:16 a.m.21 views

Portable Virtual Private Network: goSecure

Portable Virtual Private Network goSecure is an easy to use and portable Virtual Private Network VPN solution. The system consists of a single server and one or many clients. strongSwan is used to establish a Suite B IPsec tunnel with pre-shared keys between the server and clients. The core crypt...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/05/25 5:36 a.m.21 views

Low Interaction Honeypot: honeytrap

Honeytrap is a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. In its default configuration, it runs as a daemon and starts server processes on demand when a connection attempt to a port is made. Different modes of operation are available...

0.7AI score
Exploits0References1
n0where
n0where
added 2017/04/26 4:19 p.m.21 views

PowerShell Payload Stager: PowerStager

PowerShell Payload Stager This script creates an executable stager that downloads a selected powershell payload, loads it into memory and executes it using obfuscated EC methods. The script will also encrypt the stager for dynamic signatures and some additional obfuscation. This enables the actua...

1.2AI score
Exploits0References1
n0where
n0where
added 2017/02/27 5:55 p.m.21 views

Google Cloud Platform Audit

Google Cloud Platform Audit gcp-audit takes a set of projects and audits them for common issues as defined by its ruleset. Issues can include, but are certainly not limited to, storage buckets with read/write permissions for anyone and compute engine instances with services exposed to the Interne...

7AI score
Exploits0References2
n0where
n0where
added 2017/02/07 6:12 a.m.21 views

Universal MITM Web Server: CopyCat

Universal MITM Web Server CopyCat is a Node.js based universal MITM web server. Used with DNS spoofing or another redirect attack, this server will act as a MITM for web traffic between the victim and a real server. Most often we see DNS spoofing used to redirect victims to an attackers server...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/12/24 5:26 a.m.21 views

Tests Crypto Libraries Against Known Attacks: Wycheproof

Rests Crypto Libraries Against Known Attacks Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. In cryptography, subtle mistakes can have catastrophic consequences. Good...

6.7AI score
Exploits0References7
n0where
n0where
added 2016/12/19 6:43 a.m.21 views

IT Threat GeoDashboard: Suspicious

IT Threat GeoDashboard Suspicious is a combination of Open Source software configured to give end users a view on IT threats over an interactive geographical dashboard. You’ll just need an Internet Browser to access the dashboard. This application has been build on a GNU/Linux environment and may...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/12/19 3:48 a.m.21 views

Python JSON Fuzzer: PyJFuzz

Python JSON Fuzzer PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Dependencies In order to work PyJFuzz need a single dependency, bottle , you can install it from...

7.5AI score
Exploits0References1
n0where
n0where
added 2016/11/02 5:23 p.m.21 views

High Throughput Fuzzer: Grr

High Throughput Fuzzer GRR is an x86 to amd64 binary translator. GRR was created to emulate and fuzzer DECREE challenge binaries. GRR was created for the DARPA Cyber Grand Challenge. Features Code cache persistence avoids translation overheads across separate runs. Optimization of the code cache,...

1.5AI score
Exploits0References6
n0where
n0where
added 2016/09/23 4:55 p.m.21 views

WPA WPA2 Phishing Tool: Linset

WPA WPA2 Phishing Tool: Linset Linset Is Not a Social Enginering Tool To run linset in Kali-linux, only two2 additional programs are requiredrqr. They are lighttpd and php5-cgi. apt-get install lighttpd apt-get install php5-cgi After you unzip the download, place the linset folder found in the...

7.5AI score
Exploits0References1
n0where
n0where
added 2016/09/08 4:10 a.m.21 views

Open Source Disk Encryption: VeraCrypt

VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume data storage device. On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an...

0.9AI score
Exploits0
n0where
n0where
added 2016/09/02 6:46 p.m.21 views

MODBUS Penetration Testing Framework: smod

MODBUS Penetration Testing Framework smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x...

Exploits0References1
n0where
n0where
added 2016/08/27 6:56 p.m.21 views

SSH Server Auditing: ssh-audit

ssh-audit is a tool for ssh server auditing Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information...

1.7AI score
Exploits0References1
n0where
n0where
added 2016/08/25 4:55 p.m.21 views

Centralized IPTables Firewall Control Script: CFC

Centralized IPTables Firewall Control Script Centralized firewall control provides a centralized way to manage the firewall on multiple servers or loadbalancers running iptables. This way you can quickly allow/block/del/search abuse ranges etc. with one command on several servers. It accesses tho...

1.4AI score
Exploits0References1
n0where
n0where
added 2016/08/04 3:59 a.m.21 views

Dynamic Network Analysis Tool: FakeNet-NG

Dynamic Network Analysis Tool FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/08/02 4:50 p.m.21 views

Scrapy Python Crawler: Crawlpy

Python web spider/crawler based on scrapy with support for POST/GET login, variable level of recursions/depth and optionally save to disk. Requirements python 2.7 lxml pip pip install Scrapy Features POST/GET Login prior crawling Can handle logins that requires dynamic CSRF token Variable level o...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/07/14 3:26 p.m.21 views

Incident Response Forensic Framework: nightHawk Response

Incident Response Forensic Framework Custom built application for asynchronus forensic data presentation on an ElasticSearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The application was born out of the...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/06/14 3:19 p.m.21 views

Fully Integrated Defense Operation: FIDO

Fully Integrated Defense Operation Fully Integrated Defense Operation FIDO plays a important role in the defense of the Netflix corporate network. The premise of FIDO is simple… each year companies are receiving an ever increasing amount of security related alerts. Instead of hiring more analyst ...

1.2AI score
Exploits0References11
n0where
n0where
added 2016/05/17 12:35 p.m.21 views

Incident Response Suite: CimSweep

Incident Response Suite used to engage in offensive reconnaissance CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaisance without...

1.6AI score
Exploits0References1
n0where
n0where
added 2016/05/11 9:5 p.m.21 views

Black Box WordPress Vulnerability Scanner: WPScan

WPScan is a Black Box WordPress Vulnerability Scanner that attempts to find known security weaknesses within WordPress installations. The application is provided for security professionals or WordPress administrators to help them find security problems and vulnerabilities in their installations. ...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/02/17 6:25 p.m.21 views

Powershell Penetration Testing Framework: Pentestly

Python Powershell penetration testing framework Pentestly is a combination of expanding Python tools designed for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python. Current features Import NMAP XML...

1.5AI score
Exploits0References6
n0where
n0where
added 2016/01/15 4:43 p.m.21 views

Linux Privilege Escalation: RootHelper

Linux Privilege Escalation: Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads four scripts. Two enumeration shellscripts and two exploit suggester...

0.4AI score
Exploits0References1
n0where
n0where
added 2015/12/21 8:53 p.m.21 views

Sandboxed Execution Environment: SEE

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

2.2AI score
Exploits0References1
n0where
n0where
added 2015/10/22 9:47 p.m.21 views

Social Media Mining: MassMine

MassMine is a social media mining and archiving application that simplifies the process of collecting and managing large amounts of data across multiple sources. It is designed with the researcher in mind, providing a flexible framework for tackling individualized research needs. MassMine is...

1.2AI score
Exploits0
n0where
n0where
added 2015/10/12 4:12 p.m.21 views

PowerShell Incident Response: Psrecon

Psrecon is an open source script that you can use to gather data from a remote Windows host using PowerShell v2 or later, organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushe...

Exploits0References1
n0where
n0where
added 2015/09/23 6:19 p.m.21 views

User Friendly Interactive Shell: Fish

Fish is a smart and user-friendly command line shell for OS X, Linux, and the rest of the family. fish includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required. FISH is designed to work with any other shell like...

7.4AI score
Exploits0References1
n0where
n0where
added 2015/08/09 7:17 p.m.21 views

Vulnerability Assessment Penetration Testing: VAPT

The set of scripts included in this package will create a Kali/SamuraiWTF type environment for the performing of Vulnerability Assessments and Penetration Testing. The goal of this project was to allow a portable set of tools to be installed onto an Ubuntu or Raspbian system, allowing the tester ...

7.5AI score
Exploits0References1
n0where
n0where
added 2015/03/25 5:4 p.m.21 views

Sniff Sensitive Data From Interface or pcap: net-creds

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC...

0.6AI score
Exploits0References1
n0where
n0where
added 2015/02/07 5:57 p.m.21 views

Collect DNS Records Passively: PassiveDNS

Collect DNS Records Passively A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring NSM and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can...

6.9AI score
Exploits0References1
n0where
n0where
added 2014/12/06 8:2 a.m.21 views

Next Generation Web Scanner – WhatWeb

Next Generation Web Scanner WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded...

7.7AI score
Exploits0
n0where
n0where
added 2018/08/22 5:9 p.m.20 views

Ring 0 Army Knife: r0ak

r0ak is a Windows command-line utility that enables you to easily read, write, and execute kernel-mode code with some limitations from the command prompt, without requiring anything else other than Administrator privileges. Motivation The Windows kernel is a rich environment in which hundreds of...

7.5AI score
Exploits0References1
n0where
n0where
added 2018/08/22 3:9 p.m.20 views

Subdomain Enumeration Tool: Amass

Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...

6.9AI score
Exploits0References1
n0where
n0where
added 2018/01/01 7:21 p.m.20 views

Data Exfiltration over DNS Request Covert Channel: DNSExfiltrator

DNSExfiltrator allows for transfering exfiltrate a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: 1. The server side , coming as a single python script dnsexfiltrator.py , which ac...

1AI score
Exploits0References1
n0where
n0where
added 2017/09/25 4:23 a.m.20 views

Easy Intelligence Gathering: theHarvester

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/08/06 7:5 p.m.20 views

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

0.5AI score
Exploits0References1
n0where
n0where
added 2017/07/03 4:25 p.m.20 views

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/06/26 4:25 a.m.20 views

Open Source OSINT Assistant: datasploit

Open Source OSINT Assistant Utilizing various Open Source Intelligence OSINT tools DataSploit correlates the raw data captured and gives the user, all the relevant information about the domain / email / phone number / person, etc. It allows you to collect relevant information about a target which...

6.8AI score
Exploits0References2
n0where
n0where
added 2017/06/05 5:13 p.m.20 views

Sandia Cyber Omni Tracker: SCOT

Sandia Cyber Omni Tracker The Sandia Cyber Omni Tracker SCOT is a cyber security incident response management system and knowledge base. Designed by cyber security incident responders, SCOT provides a new approach to manage security alerts, analyze data for deeper patterns, coordinate team effort...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/05/31 11:31 p.m.20 views

SIP-Based DoS Attack Simulator: SIP-DAS

SIP-DAS DoS Attack Simulator is a tool developed to simulate SIP-based DoS attacks. It has been developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches in original. SIP-DAS was originally written in Java, but it has been rewritten using Python,...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/03/23 5:39 p.m.20 views

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...

Exploits0References1
n0where
n0where
added 2017/03/20 7:39 a.m.20 views

Personalized User Focused Security: Stethoscope

Stethoscope is a web application that collects information from existing device data sources e.g., JAMF or LANDESK on a given user’s devices and gives them clear and specific recommendations for securing their systems. Stethoscope consists of two primary pieces: a Python-based back-end and a...

Exploits0References1
n0where
n0where
added 2017/03/09 5:39 a.m.20 views

Docker Security Analysis Tools: dockerscan

Docker Security Analysis Tools Currently Docker Scan support these actions: Registry Delete: Delete remote image / tag Info: Show info from remote registry Push: Push and image like Docker client Upload: Upload random a file Image Analyze: Looking for sensitive information in a Docker image...

1.4AI score
Exploits0References1
n0where
n0where
added 2017/03/02 8:49 p.m.20 views

Malicious Debian Package Generator: kimi

Malicious Debian Package generator Script to generate malicious debian packages debain trojans. Kimi is a script which generates Malicious debian package for metasploit which consists of bash file. the bash file is deployed into “/usr/local/bin/” directory. Backdoor gets executed just when victim...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/03/02 7:59 p.m.20 views

Stealth Post Exploitation Framework: PhpSploit

Stealth Post Exploitation Framework PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/02/14 6:41 a.m.20 views

Python Remote Administration Tool: Stitch

Python Remote Administration Tool This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/02/13 7:43 p.m.20 views

Test your barcode scanners: MalQR

Test your barcode scanners MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse...

1.2AI score
Exploits0References1
n0where
n0where
added 2017/01/31 6:28 a.m.20 views

Simple Twitter Metadata Scraper

Simple Twitter Metadata Scraper The goal of this simple python script is to analyze a Twitter profile through its tweets by detecting: Average tweet activity, by hour and by day of the week Timezone and language set for the Twitter interface Sources used mobile application, web browser, …...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/11/12 11:26 p.m.20 views

Decompression Bomb Testing

Decompression Bomb Testing A decompression bomb is a file designed to crash or render useless the program or system reading it, i.e. a denial of service. The files in this project can be used to test whether an application is vulnerable to this type of attack. A zip bomb, also known as a zip of...

7.4AI score
Exploits0References2
n0where
n0where
added 2016/11/03 2:52 a.m.20 views

OS Instrumentation Framework: osquery

OS Instrumentation Framework osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/09/28 11:38 p.m.20 views

The YAWAST Antecedent Web Application Security Toolkit

The YAWAST Antecedent Web Application Security Toolkit YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL – Versions and cipher suites supported; common issues...

6.8AI score
Exploits0References1
Total number of security vulnerabilities1052