1052 matches found
Fast TCP tunnel over HTTP: chisel
Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar t...
Open Source Security Incident and Event Management: SIEMonster
Open Source Security Incident and Event Management SIEMonster is free, documented open source Security Incident and Event Management SIEM designed and engineering with stable, supported open source products developed for security, scalability and functionality. The product was developed by...
Firmware Analysis Tool: Binwalk
Binwalk is a fast, easy to use tool for analyzing and extracting firmware images Firmware Analysis Tool Binwalk is: Fast Flexible Extendable Easy to use Binwalk can: Find and extract interesting files / data from binary images Find and extract raw compression streams Identify opcodes for a variet...
Network Protocol Fuzzing: boofuzz
Boofuzz is a fork of and the successor to the Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility, with the eventual goal of being able to fuzz literally anything. Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance...
Free Network Test Utility: Packet Sender
Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. The mainline branch officially supports Windows, Mac, and Ubuntu Desktop Linux. Other places may recompile and redistribute Packet Sender. Packet Sender is free and licensed as GPL v2 or later. It can be...
Free, Open-Source Remote Administration Tool for Windows: QuasarRAT
Quasar is a fast and light-weight remote administration tool coded in C. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream IPv4 & IPv6 support Fast network serialization NetSerializer Compressed...
Antivirus Evasion Framework: Veil Framework
Antivirus Evasion Framework: Veil Framework The Veil-Framework is a collection of red team security tools that implement various attack methods focused on evading detection. It currently consists of: Veil-Evasion : a tool to generate antivirus-evading payloads using a variety of techniques and...
Flexible and Powerful Reverse Proxy: Modlishka
Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...
Create Multiple TOR Instances With Load Balancing: Multitor
A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy . It’s provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. The multitor has been...
Best Self Hosted Alternatives
Best Self Hosted Alternatives Analytics AWStats Generates web, streaming, ftp or mail server statistics graphically. Source Code GPLv3 Perl Countly Real time mobile & web analytics, crash reporting and push notifications platform. Source Code AGPLv3 Javascript Druid A distributed, column-oriented...
Active Directory Reconnaissance: ADRecon
ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...
Black-Box CAN Network Analysis Framework: CANToolz
CANToolz is a framework forCANbus network and device analysis. This tool consist of various different modules which can be piped together and used by security researchers and automotive/OEM security testers for black-box analysis of any CANbus system. You can use this software for ECU discovery,...
High Performance DoS Analyzer: FastNetMon
High Performance DoS Analyzer FastNetMon – A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PFRING, PCAP. What can we do? We can detect hosts in our networks sending or receiving large volumes of...
NET Debugger & Assembly Editor: dnSpy
dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor and more and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies eg. malware without crashing...
Mutiny Fuzzing Framework
The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer. The goal is to begin network fuzzing as quickly as possible, at the expense of being thorough. The general workflow for Mutiny is to take a sample of legitimate traffic, such as a browse...
Graphical User Interface for Metasploit Meterpreter and Session Handler: Kage
Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter Getting Started Please follow these instructions to get a copy of Kage running on your local...
DoD Secure Host Baseline
NSA Information Assurance configuration guidance and files in support of the DoD Secure Host Baseline The Secure Host Baseline SHB provides an automated and flexible approach for assisting the DoD in deploying the latest releases of Windows 10 using a framework that can be consumed by organizatio...
Open Source Big Data Analytics and Visualization: Lumify
Open Source Big Data Integration, Analytics, and Visualization Lumify is an open source project big data fusion, analysis, and visualization platform designed for anyone. Its intuitive web-based interface helps users discover connections and explore relationships in their data via a suite of...
Open Source Host & Endpoint Security: Wazuh
Wazuh is a security detection, visibility, and compliance open source project. It was born as a fork of OSSEC HIDS, later was integrated with Elastic Stack and OpenSCAP evolving into a more comprehensive solution. Wazuh helps you to gain deeper security visibility into your infrastructure by...
Open Source Network Access Control: PacketFence
PacketFence is a fully supported, trusted, Free and Open Source network access control NAC system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices,...
MongoDB Security Audit: mongoaudit
MongoDB Security Audit mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy syst...
A Framework for Secure and Scalable Network Traffic Analysis: Netcap
The Netcap NETwork CAPture framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions. These audit records can be stored on disk or exchanged over the network, and are well suited as a data...
SQL Server Takeover Tool: Sqlninja
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help an...
Network Monitoring System: LibreNMS
LibreNMS is an autodiscovering PHP/MySQL/SNMP based network monitoring tool which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more. LibreNMS is a community-based fork of Observium. Install On t...
Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...
Quick Android Review Kit: QARK
Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating “Proof-of-Concept” deployable APKs and/or ADB commands, capable of exploiting many of the...
Tracking & Visualizing Sysmon Logs: Sysmon View
Sysmon Shell can aid in writing and applying Sysmon XML configuration through a simple GUI interface, it can also be used to learn more about Sysmon configuration options available with each release, in a nutshell: Sysmon Shell can load Sysmon XML files configurations: with version 1.0, I am only...
An Android App for RFID Card Cloning: Project Walrus
Walrus is an Android app that simplifies using several existing contactless card cloning devices during red team engagements and physical security assessments. It offers a common interface and database for storing cloned cards. Currently, Walrus supports the industry standard Proxmark 3, Chameleo...
Pentesting Active Directory Environments: CrackMapExec
Pentesting Active Directory Environments: CrackMapExec CrackMapExec a.k.a CME is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory...
Awesome Windows Exploitation Resources
A curated list of awesome Windows Exploitation resources. Windows stack overflows Stack Base Overflow Articles. Win32 Buffer Overflows Location, Exploitation and Prevention – by Dark spyrit 1999 Writing Stack Based Overflows on Windows – by Nish Bhalla’s 2005 Windows heap overflows Heap Base...
Active Directory Privilege Relationships: BloodHound
BloodHound is a single page Javascript web application, built on top of Linkurious , compiled with Electron , with a Neo4j database fed by a PowerShell ingestor . BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks c...
Volatile Memory Extraction: The Volatility Framework
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated...
Automated Pentest Recon Scanner: Sn1per
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates open ports vi...
Onion Service nMap Scanner: Onion Map
Use nmap to scan hidden “onion” services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS...
Iptables Firewall Generator: FireHOL
FireHOL is an iptables firewall generator producing stateful iptables packet filtering firewalls, on Linux hosts and routers with any number of network interfaces, any number of routes, any number of services served, any number of complexity between variations of the services including positive a...
NSA Software Reverse Engineering Framework: Ghidra
Ghidra is a software reverse engineering SRE framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including...
Scalable Fuzzing Infrastructure: ClusterFuzz
ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz . ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software...
High Performance DNS Stub Resolver: MassDNS
A high performance DNS stub resolver in C MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 100,000,000 domains...
Machine Learning Linux IPS: Stratosphere
This is the linux version of the Stratosphere IPS, a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. It is part of a larger suite of programs that include the Stratosphere Windows IPS and the Stratosphere Testing...
WYSIWYG Network Packet Editor: WireEdit
WYSIWYG Network Packet Editor WireEdit is first-of-a-kind and the only full stack cross-platform WYSIWYG network packets editor. It allows editing packets data at all stack layers as “rich text” in a simple point-and-click interface. The input and output format is Pcap. Is WireEdit a Pcap Editor?...
Semi-Automated Network Penetration Testing Framework: Legion
Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...
Automatic Server Side Template Injection Exploitation: Tplmap
Automatic Server Side Template Injection Exploitation Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This assists SSTI exploitation to compromise the application and achieve remote command...
DoS Attack With hPing3
You guys would be very familiar with the term DOS Attack, it abbreviates for Denial Of service. A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. These are of various types including Teardrop, ICMP Flooding, SYN Flood, etc. Also...
Advanced File Binder: Rakabulle
Advanced File Binder from DarkComet RAT Developer Rakabulle in one word is a file binder from DarkComet RAT Developer with few novel features which could transform a simple binder program to something very complex. What is a file binder? In few words a file binder is a tiny tool which allows...
Visualize network Topologies From pcap Files: PcapViz
PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...
IDS IPS Testing Framework: pytbull
pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to...
Incident Response Malware Analysis: IRMA
Incident Response Malware Analysis: IRMA is an asynchronous and customizable analysis platform for suspicious files! IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files. However, today’s defense is not only about learning about a file, but it is...
Penetration Testing Browser Bundle: PenQ
PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...
Reverse Engineering Framework: radare2
Reverse Engineering Framework: radare2 r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzin...
Free and Open Source Interactive HTTPS Proxy: mitmproxy
mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...