Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2015/10/22 9:5 p.m.16 views

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

7.5AI score
Exploits0References3
n0where
n0where
added 2014/12/04 7:4 p.m.16 views

Lightweight Disassembly Framework: Capstone

Lightweight Disassembly Framework Capstone is a multi-platform, multi-architecture lightweight disassembly framework. Capstone Disassembly Engine v3.0 Released Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features...

7.1AI score
Exploits0
n0where
n0where
added 2014/11/29 5:44 p.m.16 views

Passively Sniff Wireless Devices: iSniff GPS

Passively Sniff Wireless Devices iSniff GPS passively sniffs for SSID probes, ARPs and MDNS Bonjour packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based sole...

0.8AI score
Exploits0References2
n0where
n0where
added 2014/04/08 5:49 p.m.16 views

System Level Exploration: sysdig

Linux system exploration and troubleshooting tool with first class support for containers Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events. Sysdig also makes it possible to create trace files f...

6.4AI score
Exploits0References6
n0where
n0where
added 2013/11/08 1:14 a.m.16 views

Network Security Monitor Framework: Bro

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including...

Exploits0
n0where
n0where
added 2012/11/06 11:23 p.m.16 views

Peer-to-Peer Framework: GNUnet

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

0.3AI score
Exploits0
n0where
n0where
added 2010/07/18 7:51 p.m.16 views

Wireless and Wired Network Interceptor: the Interceptor

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. I haven’t done extensive research but all the ones I found when looking passed the copy of the traffic onto a specified wired interface which was then plugged into ...

6.7AI score
Exploits0
n0where
n0where
added 2018/01/02 4:51 a.m.15 views

The Automated Collection and Enrichment Platform: ACE

The Automated Collection and Enrichment ACE platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports...

1.7AI score
Exploits0References2
n0where
n0where
added 2017/06/23 2:3 a.m.15 views

Security and Privacy Assurance Research: SPARTA Framework

Security and Privacy Assurance Research Developed as a part of MIT Lincoln Laboratory’s test and evaluation role in the SPAR Security and Privacy Assurance Research program , SPARTA SPAR Testing and Assessment framework is a set of software applications used to evaluate the functionality and...

1.2AI score
Exploits0References5
n0where
n0where
added 2017/05/23 6:15 a.m.15 views

Meterpreter Session Proxy: Metasploit Aggregator

Meterpreter Session Proxy The Metasploit Aggregator is a proxy for Meterpreter sessions. Normally, Meterpreter sessions connect directly to a Metasploit listener. However, this has a few problems: 1. Multiple users cannot easily share the session once it is established, without some sort of...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/05/22 5:40 a.m.15 views

Visual Malware Analysis: ProcDOT

Visual Malware Analysis There are plenty of tools for behavioral malware analysis. The defacto standard ones, though, are Sysinternals’s Process Monitor also known as Procmon and PCAP generating network sniffers like Windump, Tcpdump, Wireshark, and the like. These “two” tools cover almost...

0.6AI score
Exploits0
n0where
n0where
added 2017/05/16 4:5 p.m.15 views

Static Code Analyzer: PVS-Studio

Static Code Analyzer PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is also useful to search for misprints and Copy-Paste errors. Examples of such errors: V501 , V517 , V522 , V523 ,...

7.3AI score
Exploits0
n0where
n0where
added 2017/03/30 6:19 p.m.15 views

Analyze Web-based Network Traffic: squidmagic

Analyze Web-based Network Traffic squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control C&C servers and Malicious site, using Squid proxy server and Spamhaus. Install Ubuntu 16.04 Clone this repo & execute the script squidmagic ./install.sh ✓...

0.6AI score
Exploits0References1
n0where
n0where
added 2017/01/30 5:32 a.m.15 views

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers: GEF

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provides additional features to GDB usi...

7.1AI score
Exploits0References4
n0where
n0where
added 2017/01/24 6:21 a.m.15 views

Test IPv6 Security: THC-IPv6

Test IPv6 Security: THC-IPv6 Attacking IPV6 Weaknesses with a complete tool set for exploiting the inherent IPV6 and ICMP6 protocol weaknesses, with included easy to use packet factory library. THC-IPV6 v3.2 Released Included Tools parasite6 icmp neighbor solitication/advertisement spoofer, puts...

7.7AI score
Exploits0References1
n0where
n0where
added 2016/10/25 4:29 a.m.15 views

SSL Enabled Basic Auth Credential Harvester: phishery

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/09/26 4:15 p.m.15 views

Microsoft Exchange Sensitive Data Search: MailSniper

Microsoft Exchange Sensitive Data Search MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms passwords, insider intel, network architecture information, etc.. It can be used as a non-administrative user to search their own...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/08/04 2:38 a.m.15 views

Automated Malware Incident Response & Analysis: AMIRA

Automated Malware Incident Response & Analysis AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All : the Analyze Filter. AMIRA takes care of...

0.8AI score
Exploits0References4
n0where
n0where
added 2016/05/25 3:28 p.m.15 views

Modern Reverse Proxy: Traefik

Modern Reverse Proxy Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends Docker , Swarm , Mesos/Marathon , Kubernetes , Consul , Etcd , Zookeeper , BoltDB , Rest API, file… to manage its configuration automatically and...

0.2AI score
Exploits0References5
n0where
n0where
added 2015/07/07 4:8 a.m.15 views

Windows shell: Babun

Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Installation Just download the dist file from http://babun.github.io , unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to t...

7.2AI score
Exploits0References2
n0where
n0where
added 2015/07/03 7:46 p.m.15 views

Cowrie SSH Honeypot

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Cowrie is directly based on Kippo by Upi Tamminen. Features Some interesting features: Fake filesystem with the ability to add/remove file...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/03/16 12:53 a.m.15 views

Wireless Toolsuite: WRAITH

Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...

0.5AI score
Exploits0References1
n0where
n0where
added 2014/06/25 5:13 p.m.15 views

How to: Version Control

How to: Version Control In Linux, /etc directory contains important system-related or application-specific configuration files. Especially in a server environment, it is wise to back up various server configurations in /etc directory regularly, to save trouble from any accidental changes in the...

0.8AI score
Exploits0References1
n0where
n0where
added 2013/09/11 4:19 p.m.15 views

Transparent proxy that decrypts SSL traffic: sslnuke

Transparent proxy that decrypts SSL traffic We have all heard over and over that SSL without verification is not secure. If an SSL connection is not verified with a cached certificate, it can easily be hijacked by any attacker. So in 2013, one would think we had totally done away with this proble...

0.1AI score
Exploits0References2
n0where
n0where
added 2018/05/09 3:33 a.m.14 views

Web Application Penetration Testing Tool: Tracy

Tracy is a pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy...

6.6AI score
Exploits0References2
n0where
n0where
added 2017/06/12 4:43 p.m.14 views

Simple tc Command Wrapper Tool: tcconfig

Simple tc Command Wrapper Tool A Simple tc command wrapper tool. Easy to set up traffic control of network bandwidth/latency/packet-loss to a network interface. Traffic control features Traffic shaping target Apply traffic shaping rules to specific target: Outgoing/Incoming packets Certain IP...

1AI score
Exploits0References9
n0where
n0where
added 2016/12/05 2:47 a.m.14 views

WinAPI User Hunter: hunter

WinAPI User Hunter During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user no matter how, always “assume compromise” in a Windows Domain and we want to spread laterally. We want to know where the user is logged on, if he...

7AI score
Exploits0References2
n0where
n0where
added 2016/11/28 5:0 a.m.14 views

Spear Phishing Helper: Hemingway

Spear Phishing Helper This tool was built to allow simpler campaigns of phishing. It does not try to resolve issues with SMTP relaying or reputation but rather to allow a penetration tester or red team member to create a phishing campaign with a ready made server for the phishing. We also assume...

6.7AI score
Exploits0References1
n0where
n0where
added 2016/11/28 4:47 a.m.14 views

Human Interface Device Exploit Deployment: Brutal

Human Interface Device Exploit Deployment Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device Payload Teensy . Extremely useful for executing scripts on a target machine without the need for human-to-keyboard...

1.6AI score
Exploits0References2
n0where
n0where
added 2016/06/15 6:17 p.m.14 views

Phishing Template Generation Made Easy: SimplyTemplate

Phishing Template Generation Made Easy. The goal of this project was to hopefully speed up Phishing Template Gen as well as an easy way to ensure accuracy of your templates. All templates will provide you with a small meta tag. This tag will help you quickly identify the capabilities of the modul...

6.9AI score
Exploits0References1
n0where
n0where
added 2016/05/11 8:35 p.m.14 views

Download Wayback Machine Archive: waybackpack

Download Wayback Machine archive for a given URL Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL. Waypackback is written in pure Python, depends only on requests , and should work wherever Python works. Should be compatible with both...

0.1AI score
Exploits0References2
n0where
n0where
added 2016/05/10 11:59 p.m.14 views

Modular File Scanning Analysis Framework: MultiScanner

MultiScanner is a file analysis framework that allows the user to evaluate a set of files with a set of tools. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules a...

Exploits0References2
n0where
n0where
added 2016/04/18 12:24 a.m.14 views

Vulnerability Static Analysis for Containers: clair

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten ...

Exploits0References3
n0where
n0where
added 2016/02/22 6:9 p.m.14 views

Protecting Personal Information: Freedom Box

FreedomBox is a personal server that protects your privacy. It hosts on demand applications such as file sharing, shared calendaring, instant messaging, secure voice conference calling, blog and wiki. FreedomBox is a free software stack, a subset of the Debian universal operating system, that can...

0.7AI score
Exploits0
n0where
n0where
added 2016/02/03 7:5 p.m.14 views

Python Fuzzing Framework: Kitty

Kitty is an open-source modular and extensible fuzzing framework written in python, inspired by OpenRCE’s Sulley and Michael Eddington’s and now Deja Vu Security’s Peach Fuzzer . Goal The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP...

7.4AI score
Exploits0References3
n0where
n0where
added 2015/11/10 4:35 a.m.14 views

OWASP Mth3l3m3nt Framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots,...

7.3AI score
Exploits0References1
n0where
n0where
added 2015/08/19 4:15 a.m.14 views

OWASP ZeroDay Cyber Research Shellcoder

OWASP ZeroDay Cyber Research Shellcoder Generator is an open source software in python language which lets you generate customized shellcodes for listed operation systems. This software can be run on Linux under python 2.7.x. Installation Download last version. Extract and run installer.py or use...

0.1AI score
Exploits0References5
n0where
n0where
added 2014/12/06 5:28 p.m.14 views

Minimalistic CLI Tool to Manage Encrypted Volumes: Tomb

Tomb is an 100% free and open source system for file encryption on GNU/Linux, facilitating the backup of secret files. Tomb is written in code that is easy to review and links commonly shared components. Tomb generates encrypted storage folders to be opened and closed using their associated...

7.3AI score
Exploits0References4
n0where
n0where
added 2014/03/25 3:34 p.m.14 views

Auditing Network Activity: Argus

Auditing Network Activity Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity,...

0.1AI score
Exploits0
n0where
n0where
added 2014/01/13 7:13 p.m.14 views

Network Security Assessment: Subterfuge

Subterfuge is no longer a Beta! Now it is a full fledged network security assessment tool in its own right Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as...

7.3AI score
Exploits0
n0where
n0where
added 2017/08/25 5:47 p.m.13 views

Packet Trace Parser: Sniffer

Sniffer is a C program that parses and interprets captured Ethernet traffic containing IP datagrams UDP/TCP, and stores the captured payloads, email messages and HTTP cookies sent into files. General Supply any pcap file, produced by tcpdump, that contains a packet trace for the program to use as...

1.2AI score
Exploits0References1
n0where
n0where
added 2017/05/06 4:5 a.m.13 views

iOS Security Testing Framework: needle

iOS Security Testing Framework Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes...

0.6AI score
Exploits0References2
n0where
n0where
added 2017/01/30 7:10 a.m.13 views

Verified, Efficient TLS Implementation In C: Project Everest

Verified, Efficient TLS Implementation In C The HTTPS ecosystem HTTPS and TLS protocols, X.509 public key infrastructure, crypto algorithms is the foundation on which Internet security is built. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks such as FREAK and...

Exploits0References3
n0where
n0where
added 2016/08/06 4:46 a.m.13 views

Command line Network Diagnostic Tool: myLG

Command line Network Diagnostic Tool myLG, my looking glass is software utility which combines the functions of the different network probes in one network diagnostic tool. Features Popular looking glasses ping/trace/bgp like Telia, Level3 More than 200 countries DNS Lookup information Local fast...

7.2AI score
Exploits0References1
n0where
n0where
added 2012/11/08 3:7 a.m.13 views

Large Scale Brute Force Cryptanalysis: Wisecracker

Large scale brute force cryptanalysis needs a tremendous amount of computational power that government agencies like the NSA and companies like Google® have. An average security researcher might want to have such capabilities as well but they do not have the tools or the computational resources...

Exploits0References1
n0where
n0where
added 2017/08/25 2:44 a.m.12 views

Abusing BITS: BITSInject

Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? We have uncovered the way BITS maintains its jobs queue using a state file on disk, and found...

8AI score
Exploits0References1
n0where
n0where
added 2017/05/25 5:53 a.m.12 views

Anti-DDoS Solution Based on iptables: nShield

Anti-DDoS Solution Based on iptables An Easy and Simple Anti-DDoS solution for VPS, Dedicated Servers and IoT devices based on iptables Requirements Linux System with python, iptables Nginx Will be installed automatically by install.sh Quickstart cd /home/ && git clone...

7.4AI score
Exploits0References1
n0where
n0where
added 2017/01/19 1:47 a.m.12 views

Open Source File System Digital Forensics: The Sleuth Kit

Open Source File System Digital Forensics The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth...

6.8AI score
Exploits0References1
n0where
n0where
added 2016/04/19 9:29 p.m.12 views

Advanced Forensics File Format: AFF4

The Advanced Forensics File format 4 was originally designed and published in “Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow” M.I. Cohen, Simson Garfinkel and Bradley Schatz, digital investigation 6 2009...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/01/11 3:12 p.m.12 views

Packet Capture Utility: Stenographer

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back...

1AI score
Exploits0References3
Total number of security vulnerabilities1052