Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/02/27 5:29 p.m.18 views

Shellcode Builder: Shell Factory

Shellcode Builder: Shell Factory Shell Factory is a framework for compiling shellcodes from a C++ source for multiple systems and architectures. It is composed of multiple parts: a Rakefile for compiling and linking against different compilers and architectures. the factory, a set of C++ headers ...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/02/20 4:51 a.m.18 views

Powerful WiFi Social Trap: RogueSploit

Powerful WiFi Social Trap RogueSploit is an open source automated script made to create a Fake Access Point, with dhcpd server, dns spoofing, host redirection, browserautopwn1 or autopwn2 or beef+mitmf. What you need: Aircrack-ng Suite https://github.com/aircrack-ng/aircrack-ng Dhcpd server...

0.5AI score
Exploits0References5
n0where
n0where
added 2017/01/15 3:44 a.m.18 views

UNIX security auditing tool: lunar

UNIX security auditing tool Lockdown UNix Auditing and Reporting This scripts generates a scored audit report of a Unix host’s security. It is based on the CIS and other frameworks. Why a shell script? I wanted a tool that was able to run on locked down systems where other tools may not be...

0.1AI score
Exploits0References2
n0where
n0where
added 2016/11/02 4:47 p.m.18 views

Interactive Disassembler: Plasma

Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api. The project is still in big...

0.6AI score
Exploits0References6
n0where
n0where
added 2016/09/04 11:27 p.m.18 views

Forensic File System Reconstruction: RecuperaBit

Forensic File System Reconstruction A software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. RecuperaBit attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/09/02 5:34 p.m.18 views

Special Customizable Payload Generator: Hercules

Special Customizable Payload Generator HERCULES is a special customizable payload generator that can bypass all antivirus software. Installation Supported Platforms: Operative system | Version ---|--- Ubuntu | 16.04 / 15.10 Kali linux | Rolling / Sana Manjaro | Arch Linux | Black Arch | Parrot OS...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/07/19 5:20 p.m.18 views

Network-based DNS logging in Go: GoPassiveDNS

A network-capture based DNS logger, inspired by passivedns. It uses gopacket to deal with libpcap and packet processing. It outputs JSON logs. It is intended to deal with high volume query capture in environments with anywhewre from one to hundreds of DNS resolvers. Why not use PassiveDNS from...

0.2AI score
Exploits0References1
n0where
n0where
added 2016/06/27 3:37 a.m.19 views

Command Line Certificate Examination Utility: certigo

Command Line Certificate Examination Utility Certigo is a utility to examine and validate certificates in a variety of formats. Install To install certigo, simply use: go get -u github.com/square/certigo Note that certigo requires Go 1.6 or later to build. Usage Certigo can read...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/04/22 9:51 a.m.18 views

Obfuscated String Solver: Floss

Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources used to configure domains, files, and other artifacts of an infection. These key...

0.1AI score
Exploits0References4
n0where
n0where
added 2016/04/19 5:16 p.m.18 views

Run Binaries From Memory: Pazuzu

Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios. For example, if you want to exploit a vulnerability and run your ow...

7.4AI score
Exploits0References1
n0where
n0where
added 2016/03/10 5:6 p.m.18 views

Automate Incident Handling Process : IntelMQ

IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol. It’s a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by European CERTs during several...

7.5AI score
Exploits0References3
n0where
n0where
added 2016/02/03 8:0 p.m.18 views

Fast and Full Featured SSL Scanner: SSLyze

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. SSLyze is all Python code but it uses an OpenSSL wrapper...

Exploits0References2
n0where
n0where
added 2016/01/14 12:43 a.m.18 views

Open-Source Phishing Toolkit: gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute hishing engagements and security awareness training. Installing Gophish Using Pre-Built Binaries Gophish is provided as a pre-built binary fo...

7.5AI score
Exploits0References1
n0where
n0where
added 2015/11/12 2:18 a.m.18 views

Email Reconnaissance Tool: SimplyEmail

This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Current Platforms Supported: Kali Linux 2.0 A few...

7.4AI score
Exploits0References1
n0where
n0where
added 2015/09/18 5:52 p.m.18 views

Automate Vulnerability Scanning: Seccubus

Seccubus automates regular vulnerability scans with vrious tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/06/07 4:7 p.m.18 views

Reverse Engineering Malicious Software: REMnux Distro

REMnux v6 – A Linux Toolkit for Reverse-Engineering and Analyzing Malware – has been released. REMnux v6 updates the tools that were present in the earlier revisions of the distro and introduces several new ones. Moreover, it implements major architectural changes behind the scenes to allow REMnu...

6.9AI score
Exploits0
n0where
n0where
added 2015/05/26 12:16 a.m.18 views

WordPress FingerPrinter Tool: Plecost

Plecost is a vulnerability fingerprinting and vulnerability finder for WordPress blog engine Why? There are a huge number of WordPress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner...

7.4AI score
Exploits0References1
n0where
n0where
added 2014/12/18 11:1 p.m.18 views

Fast Password Cracker: John the Ripper

Fast Password Cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix 11 are officially supported, not counting different architectures, Windows, DOS, BeOS, and OpenVMS the latter requires a contributed patch. Its primary purpose is to detect weak Unix...

0.1AI score
Exploits0
n0where
n0where
added 2012/05/31 12:3 a.m.18 views

Open Source Vulnerability Scanner: OpenVAS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. Open Source Vulnerability Scanner:...

Exploits0
n0where
n0where
added 2018/08/19 1:23 a.m.17 views

A framework for creating proxies: Mallet

Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic. It is built upon the Netty framework, and relies heavily on the Netty pipeline concept, which allows the graphical assembly of graphs of handlers. In the...

0.9AI score
Exploits0References1
n0where
n0where
added 2018/06/16 9:24 a.m.17 views

Satellite Tracking Application: Gpredict

Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data in lists, tables, maps, and polar plots radar view. Gpredict can also predict the time of future passes for a satellite, and provide you...

0.1AI score
Exploits0References1
n0where
n0where
added 2018/01/02 5:0 a.m.17 views

AWS infrastructure Security Auditing: Cloud Security Suite

CS Suite is a one stop tool for auditing the security posture of the AWS infrastructure and does system audits as well. CS Suite leverages current open source tools capabilities and has other missing checks added into one tool to rule them all. The major features include: Simple installation with...

Exploits0References1
n0where
n0where
added 2017/12/20 12:20 a.m.17 views

Advance Android Malware Analysis Framework: Droidefense

Droidefense originally named atom: analysis through observation machine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

Exploits0References4
n0where
n0where
added 2017/11/02 3:13 p.m.17 views

Social Engineering Framework: Cartero

A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and...

7.5AI score
Exploits0References1
n0where
n0where
added 2017/02/20 3:10 a.m.17 views

Centrally Manage SSH Administrative Access: KeyBox

Centrally Manage SSH Administrative Access KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user’s public SSH keys. Key management and administration is based on profiles assigned to...

0.2AI score
Exploits0References3
n0where
n0where
added 2017/02/07 6:27 a.m.17 views

Interactive CLI Tool for HTTP Inspection: Wuzz

Interactive cli tool for HTTP inspection Wuzz command line arguments are similar to cURL’s arguments, so it can be used to inspect/modify requests copied from the browser’s network inspector with the “copy as cURL” feature. Installation and usage $ go get github.com/asciimoo/wuzz $...

0.8AI score
Exploits0References1
n0where
n0where
added 2017/01/26 5:29 a.m.17 views

Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN

Security Using Pre-Existing Routing for Mobile Ad hoc Networks The flexibility and mobility of Mobile Ad hoc Networks MANETs have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data...

6.8AI score
Exploits0References1
n0where
n0where
added 2017/01/09 6:35 a.m.17 views

Real Time Network Monitoring: Cyberprobe

Real Time Network Monitoring Cyberprobe is a distrbuted architecture for real-time monitoring of networks against attack. The software consists of a number of components, including: a probe, which collects data packets and forwards it over a network in standard streaming protocols. a monitor, whi...

Exploits0
n0where
n0where
added 2016/09/14 3:29 a.m.17 views

Arbitrary TCP Connection Proxy: BinProxy

Arbitrary TCP Connection Proxy BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem. BinProxy is a tool for understanding and manipulating binary network traffic. BinProxy gives you a TCP proxy and an interface to write protocol-specific...

0.2AI score
Exploits0References3
n0where
n0where
added 2016/08/06 5:26 a.m.17 views

Continuous Security Integration Framework: CSI

Continuous Security Integration Framework It’s easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation…broad collaboration is key to any...

7.3AI score
Exploits0References1
n0where
n0where
added 2016/07/21 8:42 p.m.17 views

Deepmagic Information Gathering Tool: DMitry

Deepmagic Information Gathering Tool DMitry Deepmagic Information Gathering Tool is a UNIX/GNU Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base functionality with the ability to add new functions, the basic...

6.8AI score
Exploits0
n0where
n0where
added 2016/03/08 6:8 p.m.17 views

Security Intelligence Collector: Machinae

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by Automater , another excellent tool for collecting information. The Machinae...

Exploits0References2
n0where
n0where
added 2015/10/13 6:36 p.m.17 views

PE Static Malware Analysis: PortEx

PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading Header information from: MSDOS Header, COFF File Header,...

6.9AI score
Exploits0References3
n0where
n0where
added 2015/07/17 2:23 a.m.17 views

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

6.1AI score
Exploits0References2
n0where
n0where
added 2015/06/13 4:57 p.m.17 views

Malicious Microsoft Office Documents: Generate-Macro

This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for an IP address and port you will receive your shell at this address and port and the name of the malicious document. From there, the script will then prompt you to choose from a...

0.7AI score
Exploits0References1
n0where
n0where
added 2015/02/13 7:11 p.m.17 views

Multi Purpose Bruteforcer: Patator

Multi Purpose Bruteforcer Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors...

0.2AI score
Exploits0References1
n0where
n0where
added 2015/02/06 7:40 a.m.17 views

RAWR – Rapid Assessment of Web Resources

RAWR is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats. It uses NMaplive or from file, Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an...

6.7AI score
Exploits0References2
n0where
n0where
added 2015/01/19 7:53 a.m.17 views

Security auditing tool for AWS: AWS Scout2

Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...

0.9AI score
Exploits0References1
n0where
n0where
added 2014/01/09 5:22 p.m.17 views

Linux Performance Monitor: Nmon

Nmon Nigel’s performance Monitor for Linux is another very useful command line utility that can display information about various system resources like cpu, memory, disk, network etc. It was developed at IBM and later released open source. It is available for most common architectures like x86, A...

6.8AI score
Exploits0
n0where
n0where
added 2018/04/17 7:4 p.m.16 views

Dump Active Directory Domain Information: goddi

goddi go dump domain info dumps domain users, groups, domain controllers, and more in CSV output and it runs on Windows and Linux. Functionality StartTLS and TLS tls.Client func connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the curren...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/08/06 4:6 p.m.16 views

Artificial Inteligent Packet Inspection Engine: AIEngine

AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS Network Intrusion Detection System functionality, DNS domain classification, network collector, network forensics and many others...

7.4AI score
Exploits0References3
n0where
n0where
added 2017/04/03 4:57 p.m.16 views

Monitor USB Devices: USB Canary

Monitor USB Devices for potential security breach USB Canary is a Linux tool that uses pyudev to monitor devices while your computer is locked. In case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack of the potential security...

1AI score
Exploits0References5
n0where
n0where
added 2016/12/23 8:21 p.m.16 views

Exploits and Security Tools Framework: EaST Framework

Exploits and Security Tools Framework Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. The need of native comprehensive open...

7.4AI score
Exploits0References2
n0where
n0where
added 2016/10/07 5:10 a.m.16 views

Automated Memory Analyzer For Malware Samples: VolatilityBot

Automated Memory Analyzer For Malware Samples VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automaticall...

0.8AI score
Exploits0References1
n0where
n0where
added 2016/07/25 4:51 p.m.16 views

Security auditing tool for Unix/Linux systems: Lynis

Lynis Security Auditing Tool Lynis is an open source security auditing tool for UNIX derivatives like Linux, Mac OS X, BSD, and Solaris . Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based...

0.2AI score
Exploits0
n0where
n0where
added 2016/06/15 7:53 p.m.16 views

Identify Web Application Firewall: WAFW00F

WAFW00F Fingerprints and Identify Web Application Firewall WAF products WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall WAF products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/06/09 2:8 p.m.16 views

Very fast network stress tool: T50

T50 f.k.a. F22 Raptor is a tool designed to perform “Stress Testing”. The concept started on 2001, right after release ‘nb-isakmp.c’, and the main goal was: Having a tool to perform TCP/IP protocol fuzzer, covering common regularprotocols, such as: ICMP, TCP and UDP. Things have changed, and the...

0.2AI score
Exploits0
n0where
n0where
added 2016/05/11 11:43 p.m.16 views

DNS reconnaissance tool: Fierce

Fierce is a DNS reconnaissance tool for locating non-contiguous IP space Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require...

Exploits0References1
n0where
n0where
added 2016/04/19 7:34 p.m.16 views

Automated SQL Vulnerability Scanner: Whitewidow

Open Source Automated SQL Vulnerability Scanner Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/03/31 2:8 p.m.16 views

Nginx Web Application Firewall: NAXSI

NAXSI means Nginx Anti XSS & SQL Injection . Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple and readable rules containing 99% of known patterns involved in website vulnerabilities. For...

1.3AI score
Exploits0References4
Total number of security vulnerabilities1052