Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2018/08/29 3:22 a.m.357 views

Fast TCP tunnel over HTTP: chisel

Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar t...

7.3AI score
Exploits0References8
n0where
n0where
added 2016/07/19 3:49 p.m.356 views

Open Source Security Incident and Event Management: SIEMonster

Open Source Security Incident and Event Management SIEMonster is free, documented open source Security Incident and Event Management SIEM designed and engineering with stable, supported open source products developed for security, scalability and functionality. The product was developed by...

0.1AI score
Exploits0
n0where
n0where
added 2015/12/23 5:10 p.m.353 views

Firmware Analysis Tool: Binwalk

Binwalk is a fast, easy to use tool for analyzing and extracting firmware images Firmware Analysis Tool Binwalk is: Fast Flexible Extendable Easy to use Binwalk can: Find and extract interesting files / data from binary images Find and extract raw compression streams Identify opcodes for a variet...

0.4AI score
Exploits0References6
n0where
n0where
added 2016/01/11 6:16 p.m.340 views

Network Protocol Fuzzing: boofuzz

Boofuzz is a fork of and the successor to the Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility, with the eventual goal of being able to fuzz literally anything. Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance...

7.3AI score
Exploits0References2
n0where
n0where
added 2015/02/23 5:12 p.m.331 views

Free Network Test Utility: Packet Sender

Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. The mainline branch officially supports Windows, Mac, and Ubuntu Desktop Linux. Other places may recompile and redistribute Packet Sender. Packet Sender is free and licensed as GPL v2 or later. It can be...

7.1AI score
Exploits0
n0where
n0where
added 2017/11/14 7:54 p.m.328 views

Free, Open-Source Remote Administration Tool for Windows: QuasarRAT

Quasar is a fast and light-weight remote administration tool coded in C. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream IPv4 & IPv6 support Fast network serialization NetSerializer Compressed...

1.2AI score
Exploits0References1
n0where
n0where
added 2017/03/04 4:32 p.m.328 views

Antivirus Evasion Framework: Veil Framework

Antivirus Evasion Framework: Veil Framework The Veil-Framework is a collection of red team security tools that implement various attack methods focused on evading detection. It currently consists of: Veil-Evasion : a tool to generate antivirus-evading payloads using a variety of techniques and...

0.1AI score
Exploits0References2
n0where
n0where
added 2019/01/22 3:47 a.m.326 views

Flexible and Powerful Reverse Proxy: Modlishka

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...

1.8AI score
Exploits0References2
n0where
n0where
added 2018/05/29 3:13 a.m.322 views

Create Multiple TOR Instances With Load Balancing: Multitor

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy . It’s provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. The multitor has been...

7AI score
Exploits0References2
n0where
n0where
added 2015/08/04 6:19 p.m.313 views

Best Self Hosted Alternatives

Best Self Hosted Alternatives Analytics AWStats Generates web, streaming, ftp or mail server statistics graphically. Source Code GPLv3 Perl Countly Real time mobile & web analytics, crash reporting and push notifications platform. Source Code AGPLv3 Javascript Druid A distributed, column-oriented...

7.3AI score
Exploits0References516
n0where
n0where
added 2018/07/02 3:11 p.m.312 views

Active Directory Reconnaissance: ADRecon

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

0.6AI score
Exploits0References3
n0where
n0where
added 2016/04/07 2:28 p.m.308 views

Black-Box CAN Network Analysis Framework: CANToolz

CANToolz is a framework forCANbus network and device analysis. This tool consist of various different modules which can be piped together and used by security researchers and automotive/OEM security testers for black-box analysis of any CANbus system. You can use this software for ECU discovery,...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/09/05 2:33 p.m.301 views

High Performance DoS Analyzer: FastNetMon

High Performance DoS Analyzer FastNetMon – A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PFRING, PCAP. What can we do? We can detect hosts in our networks sending or receiving large volumes of...

6.7AI score
Exploits0References21
n0where
n0where
added 2017/10/11 4:0 a.m.296 views

NET Debugger & Assembly Editor: dnSpy

dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor and more and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies eg. malware without crashing...

7.5AI score
Exploits0References3
n0where
n0where
added 2018/10/28 1:32 a.m.294 views

Mutiny Fuzzing Framework

The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer. The goal is to begin network fuzzing as quickly as possible, at the expense of being thorough. The general workflow for Mutiny is to take a sample of legitimate traffic, such as a browse...

7AI score
Exploits0References3
n0where
n0where
added 2019/03/05 10:35 p.m.292 views

Graphical User Interface for Metasploit Meterpreter and Session Handler: Kage

Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter Getting Started Please follow these instructions to get a copy of Kage running on your local...

0.4AI score
Exploits0References4
n0where
n0where
added 2017/06/23 2:30 a.m.282 views

DoD Secure Host Baseline

NSA Information Assurance configuration guidance and files in support of the DoD Secure Host Baseline The Secure Host Baseline SHB provides an automated and flexible approach for assisting the DoD in deploying the latest releases of Windows 10 using a framework that can be consumed by organizatio...

1.1AI score
Exploits0References12
n0where
n0where
added 2016/02/29 10:54 p.m.282 views

Open Source Big Data Analytics and Visualization: Lumify

Open Source Big Data Integration, Analytics, and Visualization Lumify is an open source project big data fusion, analysis, and visualization platform designed for anyone. Its intuitive web-based interface helps users discover connections and explore relationships in their data via a suite of...

7AI score
Exploits0References1
n0where
n0where
added 2018/08/28 5:27 p.m.278 views

Open Source Host & Endpoint Security: Wazuh

Wazuh is a security detection, visibility, and compliance open source project. It was born as a fork of OSSEC HIDS, later was integrated with Elastic Stack and OpenSCAP evolving into a more comprehensive solution. Wazuh helps you to gain deeper security visibility into your infrastructure by...

0.1AI score
Exploits0References2
n0where
n0where
added 2018/11/13 1:0 a.m.275 views

Open Source Network Access Control: PacketFence

PacketFence is a fully supported, trusted, Free and Open Source network access control NAC system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices,...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/02/16 6:5 a.m.273 views

MongoDB Security Audit: mongoaudit

MongoDB Security Audit mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy syst...

6.8CVSS9.6AI score0.44543EPSS
Exploits13References1
n0where
n0where
added 2019/01/22 3:21 a.m.268 views

A Framework for Secure and Scalable Network Traffic Analysis: Netcap

The Netcap NETwork CAPture framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions. These audit records can be stored on disk or exchanged over the network, and are well suited as a data...

0.6AI score
Exploits0References2
n0where
n0where
added 2011/07/09 2:34 p.m.268 views

SQL Server Takeover Tool: Sqlninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help an...

7.2CVSS1.2AI score0.29253EPSS
Exploits13
n0where
n0where
added 2015/07/26 2:47 a.m.267 views

Network Monitoring System: LibreNMS

LibreNMS is an autodiscovering PHP/MySQL/SNMP based network monitoring tool which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more. LibreNMS is a community-based fork of Observium. Install On t...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/11/14 8:21 p.m.262 views

Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...

7.1AI score
Exploits0References16
n0where
n0where
added 2015/09/05 2:33 a.m.262 views

Quick Android Review Kit: QARK

Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating “Proof-of-Concept” deployable APKs and/or ADB commands, capable of exploiting many of the...

Exploits0References1
n0where
n0where
added 2017/08/23 4:43 p.m.257 views

Tracking & Visualizing Sysmon Logs: Sysmon View

Sysmon Shell can aid in writing and applying Sysmon XML configuration through a simple GUI interface, it can also be used to learn more about Sysmon configuration options available with each release, in a nutshell: Sysmon Shell can load Sysmon XML files configurations: with version 1.0, I am only...

7.4AI score
Exploits0References1
n0where
n0where
added 2018/03/22 7:6 a.m.255 views

An Android App for RFID Card Cloning: Project Walrus

Walrus is an Android app that simplifies using several existing contactless card cloning devices during red team engagements and physical security assessments. It offers a common interface and database for storing cloned cards. Currently, Walrus supports the industry standard Proxmark 3, Chameleo...

0.3AI score
Exploits0References4
n0where
n0where
added 2017/04/10 4:36 a.m.250 views

Pentesting Active Directory Environments: CrackMapExec

Pentesting Active Directory Environments: CrackMapExec CrackMapExec a.k.a CME is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory...

0.1AI score
Exploits0References5
n0where
n0where
added 2016/02/19 1:44 p.m.250 views

Awesome Windows Exploitation Resources

A curated list of awesome Windows Exploitation resources. Windows stack overflows Stack Base Overflow Articles. Win32 Buffer Overflows Location, Exploitation and Prevention – by Dark spyrit 1999 Writing Stack Based Overflows on Windows – by Nish Bhalla’s 2005 Windows heap overflows Heap Base...

8.1AI score
Exploits0References16
n0where
n0where
added 2018/08/23 4:56 a.m.249 views

Active Directory Privilege Relationships: BloodHound

BloodHound is a single page Javascript web application, built on top of Linkurious , compiled with Electron , with a Neo4j database fed by a PowerShell ingestor . BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks c...

7.7AI score
Exploits0References6
n0where
n0where
added 2015/11/13 12:27 a.m.249 views

Volatile Memory Extraction: The Volatility Framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated...

6.5AI score
Exploits0References4
n0where
n0where
added 2018/11/12 5:56 a.m.246 views

Automated Pentest Recon Scanner: Sn1per

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates open ports vi...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/10/28 7:20 p.m.246 views

Onion Service nMap Scanner: Onion Map

Use nmap to scan hidden “onion” services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS...

7.2AI score
Exploits0References4
n0where
n0where
added 2016/01/18 1:17 p.m.236 views

Iptables Firewall Generator: FireHOL

FireHOL is an iptables firewall generator producing stateful iptables packet filtering firewalls, on Linux hosts and routers with any number of network interfaces, any number of routes, any number of services served, any number of complexity between variations of the services including positive a...

7.1AI score
Exploits0
n0where
n0where
added 2019/03/06 3:58 a.m.233 views

NSA Software Reverse Engineering Framework: Ghidra

Ghidra is a software reverse engineering SRE framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including...

Exploits0
n0where
n0where
added 2019/02/21 3:51 a.m.225 views

Scalable Fuzzing Infrastructure: ClusterFuzz

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz . ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software...

Exploits0References6
n0where
n0where
added 2017/05/22 4:14 a.m.221 views

High Performance DNS Stub Resolver: MassDNS

A high performance DNS stub resolver in C MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 100,000,000 domains...

Exploits0References1
n0where
n0where
added 2016/02/29 7:21 p.m.221 views

Machine Learning Linux IPS: Stratosphere

This is the linux version of the Stratosphere IPS, a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. It is part of a larger suite of programs that include the Stratosphere Windows IPS and the Stratosphere Testing...

0.9AI score
Exploits0References3
n0where
n0where
added 2016/03/10 2:36 p.m.219 views

WYSIWYG Network Packet Editor: WireEdit

WYSIWYG Network Packet Editor WireEdit is first-of-a-kind and the only full stack cross-platform WYSIWYG network packets editor. It allows editing packets data at all stack layers as “rich text” in a simple point-and-click interface. The input and output format is Pcap. Is WireEdit a Pcap Editor?...

Exploits0
n0where
n0where
added 2019/03/05 11:31 p.m.218 views

Semi-Automated Network Penetration Testing Framework: Legion

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...

0.5AI score
Exploits0References1
n0where
n0where
added 2016/09/04 10:41 p.m.217 views

Automatic Server Side Template Injection Exploitation: Tplmap

Automatic Server Side Template Injection Exploitation Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This assists SSTI exploitation to compromise the application and achieve remote command...

0.3AI score
Exploits0References2
n0where
n0where
added 2014/11/06 4:48 p.m.213 views

DoS Attack With hPing3

You guys would be very familiar with the term DOS Attack, it abbreviates for Denial Of service. A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. These are of various types including Teardrop, ICMP Flooding, SYN Flood, etc. Also...

0.1AI score
Exploits0
n0where
n0where
added 2014/01/23 6:31 p.m.209 views

Advanced File Binder: Rakabulle

Advanced File Binder from DarkComet RAT Developer Rakabulle in one word is a file binder from DarkComet RAT Developer with few novel features which could transform a simple binder program to something very complex. What is a file binder? In few words a file binder is a tiny tool which allows...

8.2AI score
Exploits0
n0where
n0where
added 2017/08/12 1:38 a.m.208 views

Visualize network Topologies From pcap Files: PcapViz

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

6.7AI score
Exploits0References1
n0where
n0where
added 2016/05/09 12:1 a.m.208 views

IDS IPS Testing Framework: pytbull

pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to...

0.9AI score
Exploits0
n0where
n0where
added 2015/06/24 8:14 p.m.208 views

Incident Response Malware Analysis: IRMA

Incident Response Malware Analysis: IRMA is an asynchronous and customizable analysis platform for suspicious files! IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files. However, today’s defense is not only about learning about a file, but it is...

0.3AI score
Exploits0
n0where
n0where
added 2013/09/03 11:34 p.m.208 views

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

0.1AI score
Exploits0
n0where
n0where
added 2017/05/31 8:10 p.m.205 views

Reverse Engineering Framework: radare2

Reverse Engineering Framework: radare2 r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzin...

7.5AI score
Exploits0References2
n0where
n0where
added 2018/02/24 4:17 p.m.204 views

Free and Open Source Interactive HTTPS Proxy: mitmproxy

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...

Exploits0References2
Total number of security vulnerabilities1052