Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2016/09/20 2:53 p.m.20 views

Web Application Security Scanner: Netsparker

THE ONLY FALSE POSITIVE FREE WEB APPLICATION SECURITY AND VULNERABILITY SCANNER Almost every business entity on the market today is trying hard to stretch out this year’s budget and somehow fit ‘security’ in the environment. Preferably, with minimal cost. Business owners, board directors, stock...

7.5AI score
Exploits0
n0where
n0where
added 2016/09/02 4:52 p.m.20 views

Python Keylogger: Radium

Python Keylogger With Multiple Features Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording logging the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Keyloggi...

Exploits0References1
n0where
n0where
added 2016/08/25 2:30 p.m.20 views

Not Your Average Banner Grabber: BannerGrab

Not Your Average Banner Grabber BannerGrab is a PHP-based banner-grabber, which not only helps you find juicy response headers but also, fetches subdomains, and scans the site’s plugins/themes/components if the site is running WordPress/Joomla. To get the subdomains, It uses one of the best...

0.9AI score
Exploits0References1
n0where
n0where
added 2016/08/09 4:48 a.m.20 views

Malware DNA Profiling Search Engine: CodexGigas

Malware DNA Profiling Search Engine Codex Gigas malware DNA profiling search engine discovers malware patterns and characteristics assisting individuals who are attracted in malware hunting. Codex Gigas is a malware profiling search engine that allows malware hunters and analysts to truly...

0.9AI score
Exploits0References2
n0where
n0where
added 2016/07/21 6:36 p.m.20 views

Evolutionary Knowledge Based Fuzzer: Choronzon

Evolutionary Knowledge Based Fuzzer Choronzon is an evolutionary fuzzer. It tries to imitate the evolutionary process in order to keep producing better results. To achieve this, it has an evaluation system to classify which of the fuzzed files are interesting and which should be dropped. Moreover...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/07/17 9:28 p.m.20 views

IDPS SandBox AntiVirus Stealth Killer: MorphAES

IDPS SandBox AntiVirus Stealth Killer MorphAES is the world’s first polymorphic shellcode/malware engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it’s cross-platform as well and library-independent. Properties: Polymorphism AES...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/04/19 2:42 p.m.20 views

Heuristics File System Secret Search: blueflower

blueflower is a command-line tool that looks for secrets such as private keys or passwords in a file structure. Interesting files are detected using heuristics on their names and on their content. Unlike some forensics tools, blueflower does not search in RAM, and does not attempt to identify...

6.9AI score
Exploits0References3
n0where
n0where
added 2016/04/12 10:52 p.m.20 views

Dynamic Tracing Tools for Linux: BCC

BCC – BPF Compiler Collection – is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of eBPF Extended Berkeley Packet Filters, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Lin...

1.4AI score
Exploits0References2
n0where
n0where
added 2015/12/21 5:13 p.m.20 views

Dynamic Shellcode Injection: Shellter

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...

0.2AI score
Exploits0
n0where
n0where
added 2015/08/09 7:51 p.m.20 views

Nosql Exploitation Framework

The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...

0.1AI score
Exploits0References1
n0where
n0where
added 2014/11/15 12:50 a.m.20 views

Meterpreter over SSH – MeterSSH

Meterpreter over SSH As penetration testers, it’s crucial to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there...

1.2AI score
Exploits0References2
n0where
n0where
added 2014/10/15 7:8 a.m.20 views

Browser Exploitation Framework: BeEF

Browser Exploitation Framework The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging...

6.3AI score
Exploits0References4
n0where
n0where
added 2013/10/11 4:40 p.m.20 views

Graphical Interface for Powershell Scripts: PoshSec Framework

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, funcions, modules and cmdlets The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool...

7AI score
Exploits0References1
n0where
n0where
added 2013/04/20 6:1 a.m.20 views

Network Traffic Interception: Intercepter-NG

With great power comes great responsibility. New release for Intercepter-NG have been announced, this tool can be used for MITM attack on network during penetration test. the tool is very solid in sniffing passwords ,encrypted traffic , pictures transmitted over messengers and more. Intercepter i...

0.8AI score
Exploits0
n0where
n0where
added 2012/04/10 9:0 p.m.20 views

Mobile Terminal Application for Intermittent Connectivity: Mosh

Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes. This is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance inks. Mosh is free...

7.6AI score
Exploits0References1
n0where
n0where
added 2018/08/01 5:5 p.m.19 views

Network and System Reconnaissance Tool: Sandmap

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine . It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine...

6.9AI score
Exploits0References2
n0where
n0where
added 2018/01/12 4:59 p.m.19 views

NSE Nmap Script Development IDE: Halcyon

Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project always...

7.1AI score
Exploits0References1
n0where
n0where
added 2018/01/06 9:15 p.m.19 views

Wireless MITM Cryptocurrency Mining Pool: CoffeeMiner

Collaborative mitm cryptocurrency mining pool in wifi networks. This script performs autonomous MITM attack on WiFi networks. It will inject a javascript in the html pages and force all the devices connected to a WiFi network to mine cryptocurrency for the attacker. Warning: this project is for...

0.7AI score
Exploits0References1
n0where
n0where
added 2017/11/14 7:15 p.m.19 views

Open Source Threat Intelligence Gathering & Processing Framework: GOSINT

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...

6.8AI score
Exploits0References2
n0where
n0where
added 2017/10/02 1:24 a.m.19 views

Open Source Invalid Traffic Detection: Nameles

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. Comprehensive Detection Detects display, video and in-app based ad fraud, web scraping and other...

6.7AI score
Exploits0References3
n0where
n0where
added 2017/09/19 6:33 a.m.19 views

Encrypted Exploit Delivery For The Masses: Ironsquirrel

This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...

7.2AI score
Exploits0References2
n0where
n0where
added 2017/08/30 3:39 a.m.19 views

Powershell-based Windows Security Auditing Toolbox: WINspect

WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that need further hardening. The main targets for the current version are...

1.4AI score
Exploits0References1
n0where
n0where
added 2017/08/07 8:13 p.m.19 views

iOS macOS Remote Administration Tool: EggShell

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

Exploits0References2
n0where
n0where
added 2017/04/27 5:35 a.m.19 views

Wide Range Mass Audit Toolkit: Leviathan

Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. It consists open source tools such masscan, ncrack, dsss and gives you the flexibility of using them with a combination. The main goal of this...

0.5AI score
Exploits0References3
n0where
n0where
added 2017/04/03 4:13 p.m.19 views

WMI Based Agentless Post-Exploitation PowerShell RAT: WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine. It is designed to run both...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/03/27 4:2 p.m.19 views

Open Source Smart Gateway: FalconGate

Open Source Smart Gateway Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new business model has become popular amo...

7.4AI score
Exploits0References3
n0where
n0where
added 2017/02/14 6:15 a.m.19 views

Network Reconnaissance & Vulnerability Assessment Tool: ReconScan

Network Reconnaissance & Vulnerability Assessment Tool The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from the perspective of exploitability. In terms...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/01/30 5:39 a.m.19 views

Linux Malware Detect: LMD

Linux Malware Detect LMD is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/10/10 1:22 a.m.19 views

Windows Remote Incident Response: CimSweep

Windows Remote Incident Response CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaissance without the need to drop any payload to...

1.4AI score
Exploits0References1
n0where
n0where
added 2016/08/27 2:34 a.m.19 views

Configurable DNS Proxy: foghorn

Configurable DNS Proxy foghorn is a configurable DNS proxy to allow for black-, white-, and greylisting of DNS resources. DNS is an essential utility for the functioning of internet-connected resources, and one which a careful administrator can control. The foghorn utility provides a means to add...

6.7AI score
Exploits0References1
n0where
n0where
added 2016/07/10 2:44 a.m.19 views

Detect Shared Passwords: shard

A command line tool to detect shared passwords List available modules: $ java -jar shard-1.0.jar -l Available modules: Facebook LinkedIn Reddit Twitter Instagram Given a username and password shard will attempt to authenticate with multiple sites: $ java -jar shard-1.0.jar -u -p - Tried credentia...

0.6AI score
Exploits0References1
n0where
n0where
added 2016/05/19 1:55 p.m.19 views

Compression Side-Channel Attack Framework: Rupture

A COMPRESSION SIDE-CHANNEL ATTACK FRAMEWORK Rupture is a framework for easily conducting BREACH and other compression-based attacks Rupture is a framework for conducting network attacks against web services. It is focused on compression-attacks, but provides a generalized scalable system for...

0.5AI score
Exploits0References2
n0where
n0where
added 2016/03/10 4:48 p.m.19 views

System Scanner: Binmap

Binmap is a system scanner; it takes a system or system image and walks through all files, looking for programs and libraries and collecting various information such as dependencies, symbols etc. It supports ELF and PE formats. binmap builds a database of hashes and informations for systems. One ...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/01/22 3:6 p.m.19 views

Malware Analysis System: Cuckoo Sandbox

Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to: Analyze many different malicious files executables, office documents, pdf files, emails, etc as well as malicious websites...

Exploits0
n0where
n0where
added 2016/01/18 7:33 p.m.19 views

Database Assessment Tool: DbDat

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

8.4AI score
Exploits0References1
n0where
n0where
added 2015/12/10 11:28 p.m.19 views

Private Messaging System: Vuvuzela

Vuvuzela is a messaging system that protects the privacy of message contents and message metadata. Users communicating through Vuvuzela do not reveal who they are talking to, even in the presence of powerful nation-state adversaries. Vuvuzela is the first system that provides strong metadata...

1.1AI score
Exploits0References1
n0where
n0where
added 2015/10/04 3:15 a.m.19 views

Network Security Toolkit: NST

Network Security Toolkit NST is a bootable ISO image Live DVD based on Fedora providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x8664 platforms. The main intent of developing this toolkit was to provide the security professional and networ...

7.2AI score
Exploits0
n0where
n0where
added 2015/06/08 5:22 p.m.19 views

Exploit Database Git Repository

Exploit Database Git Repository The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/04/11 5:54 p.m.19 views

Send-Only Postfix Server

Postfix is an MTA Mail Transfer Agent, an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only. Why would you want to do that? If you’re already using a third-party email provider for...

7AI score
Exploits0
n0where
n0where
added 2015/03/30 3:18 p.m.19 views

Simulate Network Conditions: ATC

Simulate Network Conditions: ATC Augmented Traffic Control ATC is a tool to simulate network conditions. It allows controlling the connection that a device has to the internet. Developers can use ATC to test their application across varying network conditions, easily emulating high speed, mobile,...

0.6AI score
Exploits0References7
n0where
n0where
added 2015/01/30 5:49 p.m.19 views

Nscan: Fast internet-wide scanner

Nscan: Fast internet-wide scanner Nscan is a fast Network scanner optimized for internet-wide scanning purposes and inspired by Masscan and Zmap. It has it’s own tiny TCP/IP stack and uses Raw sockets to send TCP SYN probes. It doesn’t need to set SYN Cookies so it doesn’t wastes time checking if...

6.8AI score
Exploits0References1
n0where
n0where
added 2018/08/21 4:53 p.m.18 views

Security Competition Infrastructure Automation Framework: Laforge

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a...

Exploits0References1
n0where
n0where
added 2018/02/28 3:14 a.m.18 views

Targeted Evil Twin Wireless Access Point Attack Toolkit: The Rogue Toolkit

The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points AP for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil tw...

7.3AI score
Exploits0References1
n0where
n0where
added 2018/02/03 1:32 a.m.18 views

One-Liners That Aids in Penetration Testing Operations: One-Lin3r

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

7.6AI score
Exploits0References2
n0where
n0where
added 2018/01/09 5:14 a.m.18 views

Web Application Spider: BlackWidow

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/10/11 3:4 a.m.18 views

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

Exploits0References1
n0where
n0where
added 2017/07/03 6:3 p.m.18 views

Totally Automatic LFI Exploiter & Scanner: LFISuite

Totally Automatic LFI Exploiter & Scanner LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local Fil...

1.1AI score
Exploits0References1
n0where
n0where
added 2017/06/15 7:15 a.m.18 views

Amnesic Incognito Live System: Tails

Amnesic Incognito Live System Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating...

6.7AI score
Exploits0
n0where
n0where
added 2017/05/29 6:7 p.m.18 views

WMI Command Shell Wrapper: WMIcmd

WMI Command Shell Wrapper When doing low impact investigations and other similar activities you may want to minimize what is written to disk / obvious. This tool allows us to execute commands via WMI and get information not otherwise available via this channel. Purpose A small utility which only...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/03/03 6:14 a.m.18 views

Open Source SIP Sniffer: pcapsipdump

Open Source SIP Sniffer pcapsipdump is libpcap-based SIP sniffer with per-call sorting capabilities. It writes SIP/RTP sessions to disk in a same format, as “tcpdump -w”, but one file per SIP session even if there is thousands of concurrent SIP sessions. Each session goes in a separate, fancy-nam...

0.1AI score
Exploits0
Total number of security vulnerabilities1052