Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/06/05 5:13 p.m.20 views

Sandia Cyber Omni Tracker: SCOT

Sandia Cyber Omni Tracker The Sandia Cyber Omni Tracker SCOT is a cyber security incident response management system and knowledge base. Designed by cyber security incident responders, SCOT provides a new approach to manage security alerts, analyze data for deeper patterns, coordinate team effort...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/04/03 4:13 p.m.20 views

WMI Based Agentless Post-Exploitation PowerShell RAT: WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine. It is designed to run both...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/03/27 4:2 p.m.20 views

Open Source Smart Gateway: FalconGate

Open Source Smart Gateway Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new business model has become popular amo...

7.4AI score
Exploits0References3
n0where
n0where
added 2017/03/23 5:39 p.m.20 views

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...

Exploits0References1
n0where
n0where
added 2017/02/14 6:41 a.m.20 views

Python Remote Administration Tool: Stitch

Python Remote Administration Tool This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/02/13 7:43 p.m.20 views

Test your barcode scanners: MalQR

Test your barcode scanners MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse...

1.2AI score
Exploits0References1
n0where
n0where
added 2017/01/30 5:39 a.m.20 views

Linux Malware Detect: LMD

Linux Malware Detect LMD is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/11/12 11:26 p.m.20 views

Decompression Bomb Testing

Decompression Bomb Testing A decompression bomb is a file designed to crash or render useless the program or system reading it, i.e. a denial of service. The files in this project can be used to test whether an application is vulnerable to this type of attack. A zip bomb, also known as a zip of...

7.4AI score
Exploits0References2
n0where
n0where
added 2016/11/03 2:52 a.m.20 views

OS Instrumentation Framework: osquery

OS Instrumentation Framework osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/09/20 2:53 p.m.20 views

Web Application Security Scanner: Netsparker

THE ONLY FALSE POSITIVE FREE WEB APPLICATION SECURITY AND VULNERABILITY SCANNER Almost every business entity on the market today is trying hard to stretch out this year’s budget and somehow fit ‘security’ in the environment. Preferably, with minimal cost. Business owners, board directors, stock...

7.5AI score
Exploits0
n0where
n0where
added 2016/08/27 2:34 a.m.20 views

Configurable DNS Proxy: foghorn

Configurable DNS Proxy foghorn is a configurable DNS proxy to allow for black-, white-, and greylisting of DNS resources. DNS is an essential utility for the functioning of internet-connected resources, and one which a careful administrator can control. The foghorn utility provides a means to add...

6.7AI score
Exploits0References1
n0where
n0where
added 2016/08/09 4:48 a.m.20 views

Malware DNA Profiling Search Engine: CodexGigas

Malware DNA Profiling Search Engine Codex Gigas malware DNA profiling search engine discovers malware patterns and characteristics assisting individuals who are attracted in malware hunting. Codex Gigas is a malware profiling search engine that allows malware hunters and analysts to truly...

0.9AI score
Exploits0References2
n0where
n0where
added 2016/07/21 6:36 p.m.20 views

Evolutionary Knowledge Based Fuzzer: Choronzon

Evolutionary Knowledge Based Fuzzer Choronzon is an evolutionary fuzzer. It tries to imitate the evolutionary process in order to keep producing better results. To achieve this, it has an evaluation system to classify which of the fuzzed files are interesting and which should be dropped. Moreover...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/04/19 2:42 p.m.20 views

Heuristics File System Secret Search: blueflower

blueflower is a command-line tool that looks for secrets such as private keys or passwords in a file structure. Interesting files are detected using heuristics on their names and on their content. Unlike some forensics tools, blueflower does not search in RAM, and does not attempt to identify...

6.9AI score
Exploits0References3
n0where
n0where
added 2016/04/12 10:52 p.m.20 views

Dynamic Tracing Tools for Linux: BCC

BCC – BPF Compiler Collection – is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of eBPF Extended Berkeley Packet Filters, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Lin...

1.4AI score
Exploits0References2
n0where
n0where
added 2016/03/10 4:48 p.m.20 views

System Scanner: Binmap

Binmap is a system scanner; it takes a system or system image and walks through all files, looking for programs and libraries and collecting various information such as dependencies, symbols etc. It supports ELF and PE formats. binmap builds a database of hashes and informations for systems. One ...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/01/18 7:33 p.m.20 views

Database Assessment Tool: DbDat

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

8.4AI score
Exploits0References1
n0where
n0where
added 2015/12/21 5:13 p.m.20 views

Dynamic Shellcode Injection: Shellter

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...

0.2AI score
Exploits0
n0where
n0where
added 2015/10/04 3:15 a.m.20 views

Network Security Toolkit: NST

Network Security Toolkit NST is a bootable ISO image Live DVD based on Fedora providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x8664 platforms. The main intent of developing this toolkit was to provide the security professional and networ...

7.2AI score
Exploits0
n0where
n0where
added 2015/01/30 5:49 p.m.20 views

Nscan: Fast internet-wide scanner

Nscan: Fast internet-wide scanner Nscan is a fast Network scanner optimized for internet-wide scanning purposes and inspired by Masscan and Zmap. It has it’s own tiny TCP/IP stack and uses Raw sockets to send TCP SYN probes. It doesn’t need to set SYN Cookies so it doesn’t wastes time checking if...

6.8AI score
Exploits0References1
n0where
n0where
added 2014/11/15 12:50 a.m.20 views

Meterpreter over SSH – MeterSSH

Meterpreter over SSH As penetration testers, it’s crucial to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there...

1.2AI score
Exploits0References2
n0where
n0where
added 2014/10/15 7:8 a.m.20 views

Browser Exploitation Framework: BeEF

Browser Exploitation Framework The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging...

6.3AI score
Exploits0References4
n0where
n0where
added 2013/10/11 4:40 p.m.20 views

Graphical Interface for Powershell Scripts: PoshSec Framework

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, funcions, modules and cmdlets The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool...

7AI score
Exploits0References1
n0where
n0where
added 2013/04/20 6:1 a.m.20 views

Network Traffic Interception: Intercepter-NG

With great power comes great responsibility. New release for Intercepter-NG have been announced, this tool can be used for MITM attack on network during penetration test. the tool is very solid in sniffing passwords ,encrypted traffic , pictures transmitted over messengers and more. Intercepter i...

0.8AI score
Exploits0
n0where
n0where
added 2012/04/10 9:0 p.m.20 views

Mobile Terminal Application for Intermittent Connectivity: Mosh

Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes. This is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance inks. Mosh is free...

7.6AI score
Exploits0References1
n0where
n0where
added 2018/02/28 3:14 a.m.19 views

Targeted Evil Twin Wireless Access Point Attack Toolkit: The Rogue Toolkit

The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points AP for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil tw...

7.3AI score
Exploits0References1
n0where
n0where
added 2018/01/12 4:59 p.m.19 views

NSE Nmap Script Development IDE: Halcyon

Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project always...

7.1AI score
Exploits0References1
n0where
n0where
added 2018/01/09 5:14 a.m.19 views

Web Application Spider: BlackWidow

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’...

0.6AI score
Exploits0References1
n0where
n0where
added 2018/01/06 9:15 p.m.19 views

Wireless MITM Cryptocurrency Mining Pool: CoffeeMiner

Collaborative mitm cryptocurrency mining pool in wifi networks. This script performs autonomous MITM attack on WiFi networks. It will inject a javascript in the html pages and force all the devices connected to a WiFi network to mine cryptocurrency for the attacker. Warning: this project is for...

0.7AI score
Exploits0References1
n0where
n0where
added 2017/11/14 7:15 p.m.19 views

Open Source Threat Intelligence Gathering & Processing Framework: GOSINT

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...

6.8AI score
Exploits0References2
n0where
n0where
added 2017/10/02 1:24 a.m.19 views

Open Source Invalid Traffic Detection: Nameles

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. Comprehensive Detection Detects display, video and in-app based ad fraud, web scraping and other...

6.7AI score
Exploits0References3
n0where
n0where
added 2017/09/19 6:33 a.m.19 views

Encrypted Exploit Delivery For The Masses: Ironsquirrel

This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...

7.2AI score
Exploits0References2
n0where
n0where
added 2017/08/30 3:39 a.m.19 views

Powershell-based Windows Security Auditing Toolbox: WINspect

WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that need further hardening. The main targets for the current version are...

1.4AI score
Exploits0References1
n0where
n0where
added 2017/08/07 8:13 p.m.19 views

iOS macOS Remote Administration Tool: EggShell

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

Exploits0References2
n0where
n0where
added 2017/04/27 5:35 a.m.19 views

Wide Range Mass Audit Toolkit: Leviathan

Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. It consists open source tools such masscan, ncrack, dsss and gives you the flexibility of using them with a combination. The main goal of this...

0.5AI score
Exploits0References3
n0where
n0where
added 2017/03/03 6:14 a.m.19 views

Open Source SIP Sniffer: pcapsipdump

Open Source SIP Sniffer pcapsipdump is libpcap-based SIP sniffer with per-call sorting capabilities. It writes SIP/RTP sessions to disk in a same format, as “tcpdump -w”, but one file per SIP session even if there is thousands of concurrent SIP sessions. Each session goes in a separate, fancy-nam...

0.1AI score
Exploits0
n0where
n0where
added 2017/02/27 5:29 p.m.19 views

Shellcode Builder: Shell Factory

Shellcode Builder: Shell Factory Shell Factory is a framework for compiling shellcodes from a C++ source for multiple systems and architectures. It is composed of multiple parts: a Rakefile for compiling and linking against different compilers and architectures. the factory, a set of C++ headers ...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/02/14 6:15 a.m.19 views

Network Reconnaissance & Vulnerability Assessment Tool: ReconScan

Network Reconnaissance & Vulnerability Assessment Tool The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from the perspective of exploitability. In terms...

6.9AI score
Exploits0References1
n0where
n0where
added 2016/10/10 1:22 a.m.19 views

Windows Remote Incident Response: CimSweep

Windows Remote Incident Response CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaissance without the need to drop any payload to...

1.4AI score
Exploits0References1
n0where
n0where
added 2016/09/04 11:27 p.m.19 views

Forensic File System Reconstruction: RecuperaBit

Forensic File System Reconstruction A software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. RecuperaBit attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/09/02 5:34 p.m.19 views

Special Customizable Payload Generator: Hercules

Special Customizable Payload Generator HERCULES is a special customizable payload generator that can bypass all antivirus software. Installation Supported Platforms: Operative system | Version ---|--- Ubuntu | 16.04 / 15.10 Kali linux | Rolling / Sana Manjaro | Arch Linux | Black Arch | Parrot OS...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/07/10 2:44 a.m.19 views

Detect Shared Passwords: shard

A command line tool to detect shared passwords List available modules: $ java -jar shard-1.0.jar -l Available modules: Facebook LinkedIn Reddit Twitter Instagram Given a username and password shard will attempt to authenticate with multiple sites: $ java -jar shard-1.0.jar -u -p - Tried credentia...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/05/19 1:55 p.m.19 views

Compression Side-Channel Attack Framework: Rupture

A COMPRESSION SIDE-CHANNEL ATTACK FRAMEWORK Rupture is a framework for easily conducting BREACH and other compression-based attacks Rupture is a framework for conducting network attacks against web services. It is focused on compression-attacks, but provides a generalized scalable system for...

0.5AI score
Exploits0References2
n0where
n0where
added 2016/04/19 5:16 p.m.19 views

Run Binaries From Memory: Pazuzu

Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios. For example, if you want to exploit a vulnerability and run your ow...

7.4AI score
Exploits0References1
n0where
n0where
added 2016/01/22 3:6 p.m.19 views

Malware Analysis System: Cuckoo Sandbox

Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to: Analyze many different malicious files executables, office documents, pdf files, emails, etc as well as malicious websites...

Exploits0
n0where
n0where
added 2016/01/14 12:43 a.m.19 views

Open-Source Phishing Toolkit: gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute hishing engagements and security awareness training. Installing Gophish Using Pre-Built Binaries Gophish is provided as a pre-built binary fo...

7.5AI score
Exploits0References1
n0where
n0where
added 2015/12/10 11:28 p.m.19 views

Private Messaging System: Vuvuzela

Vuvuzela is a messaging system that protects the privacy of message contents and message metadata. Users communicating through Vuvuzela do not reveal who they are talking to, even in the presence of powerful nation-state adversaries. Vuvuzela is the first system that provides strong metadata...

1.1AI score
Exploits0References1
n0where
n0where
added 2015/06/08 5:22 p.m.19 views

Exploit Database Git Repository

Exploit Database Git Repository The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/03/30 3:18 p.m.19 views

Simulate Network Conditions: ATC

Simulate Network Conditions: ATC Augmented Traffic Control ATC is a tool to simulate network conditions. It allows controlling the connection that a device has to the internet. Developers can use ATC to test their application across varying network conditions, easily emulating high speed, mobile,...

0.6AI score
Exploits0References7
n0where
n0where
added 2018/08/21 4:53 p.m.18 views

Security Competition Infrastructure Automation Framework: Laforge

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a...

Exploits0References1
Total number of security vulnerabilities1052