Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/10/11 4:25 a.m.128 views

Massive SQL Injection Scanner: SQLiv

This tool will give you the SQLi Vulnerable Website Just by Adding the Dork. Features 1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo 2. targetted scanning by providing specific domain with crawling 3. reverse domain scanning Note : Both SQLi scanning and domain info...

8.8AI score
Exploits0References3
n0where
n0where
added 2018/11/21 12:32 a.m.126 views

Network and Web Pentest Framework: Jok3r

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

7.4AI score
Exploits0References1
n0where
n0where
added 2018/11/12 6:9 p.m.126 views

Open Source IPS: Suricata

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection IDS, inline intrusion prevention IPS, network security monitoring NSM and offline pcap processing. Suricata inspects the network traffic usi...

Exploits0
n0where
n0where
added 2017/01/17 12:27 a.m.126 views

Malicious Traffic Detection System: Maltrail

Malicious Traffic Detection System Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anythin...

0.2AI score
Exploits0References1
n0where
n0where
added 2014/06/10 3:22 p.m.126 views

Iptables Blacklist Script

iptables blacklist script A small Bash shell script which uses ipset and iptables to ban a large number of IP addresses published in IP blacklists. ipset uses a hashtable to store/fetch IP addresses and thus the IP lookup is a lot faster than thousands of sequentially parsed iptables ban rules...

7.2AI score
Exploits0References3
n0where
n0where
added 2016/04/15 12:44 p.m.123 views

IPv6 Validation Toolkit

The IPv6 framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled network. The built-in modules support enumeration of IPv6 features such as ICMPv6 and Multicast Listener Discovery MLD. In addition, the framework also supports enumeration of Upper Layer Protocol...

7.8CVSS7.1AI score0.13905EPSS
Exploits2References1
n0where
n0where
added 2016/01/15 5:19 p.m.122 views

Kali Linux: Kill Chain

Kill Chain for Kali Linux 2.0 is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependencies: Tor — For the console build in anonymizer. Set — Social-Engineer Toolkit SET,...

1AI score
Exploits0References1
n0where
n0where
added 2017/09/25 4:5 a.m.121 views

Bruteforcing Web Applications: Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections SQL, XSS, LDAP,etc, bruteforce Forms parameters User/Password, Fuzzing,etc...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/03/20 6:43 a.m.120 views

Centralize or Distribute IPset Blacklists: vallumd

Centralize or Distribute IPset Blacklists If you maintain a server on the Internet, it’s very likely you encountered one or more brute force attacks. Not a problem, just install fail2ban. Done. But if you’re running multiple servers, each of them running their fail2ban instance, they’ll all have...

0.1AI score
Exploits0References1
n0where
n0where
added 2015/10/03 4:10 a.m.119 views

SpeedPhishing Framework: SPF

This presentation will start by quickly exploring some of the common phishing attack tools and techniques. During the presentation, audience participation will be encouraged in the form of providing examples and personal experience in what phishing techniques people have used and what would be...

0.3AI score
Exploits0References2
n0where
n0where
added 2018/08/21 9:30 p.m.118 views

Compromising Online Accounts by Cracking Voicemail Systems: VoiceMailAutomator

voicemailautomator is a tool that serves as a Proof of Concept for the research I presented at DEF CON 26, “Compromising online accounts by cracking voicemail systems”. voicemailautomator supports two actions: “message” – retrieves and records the newest message in the voicemail system. It return...

7.1AI score
Exploits0References2
n0where
n0where
added 2017/06/05 7:41 p.m.118 views

Open Source LoRa CSS PHY Implementation: gr-lora

Open Source LoRa CSS PHY Implementation LoRa is a wireless LPWAN PHY that is developed and maintained by Semtech. It is designed to provide long range, low data rate connectivity to IoT-focused devices. A reasonable analogy is that LoRa is like cellular data service, but optimized for embedded...

1.2AI score
Exploits0References2
n0where
n0where
added 2017/09/06 4:26 a.m.116 views

MSFvenom Payload Creator: MSFPC

MSFvenom Payload Creator MSFPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MSFPC itse...

7.3AI score
Exploits0References1
n0where
n0where
added 2017/04/03 4:32 p.m.114 views

Dump cleartext credentials from memory: MimiPenguin

Dump cleartext credentials from memory A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability...

0.3AI score
Exploits0References1
n0where
n0where
added 2019/02/20 4:28 p.m.113 views

Securely and Anonymously Send and Receive Files: OnionShare

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from yo...

7.2AI score
Exploits0References2
n0where
n0where
added 2016/11/14 6:24 a.m.112 views

PowerShell Digital Forensics: PowerForensics

PowerShell Digital Forensics The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support. PowerForensics is built on a C Class...

1AI score
Exploits0References2
n0where
n0where
added 2018/12/12 5:20 a.m.110 views

Framework for Rogue Wi-Fi Access Point Attack: WiFi-Pumpkin

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor,...

Exploits0References8
n0where
n0where
added 2018/11/21 7:19 p.m.110 views

Endpoint for Out-of-Band Exfiltration: Arecibo

In the process of identifying and exploiting vulnerabilities, it is sometimes necessary to resort to Out of Band OOB techniques in order to exfiltrate information through DNS resolutions or HTTP requests. To address this kind of situation the faster and simpler solution can be the use of a Burp...

7.4AI score
Exploits0References1
n0where
n0where
added 2018/11/21 6:35 p.m.109 views

Asynchronous Target Enumeration Tool: bscan

bscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure. bscan was written ...

7.3AI score
Exploits0References5
n0where
n0where
added 2017/10/28 4:50 a.m.108 views

Fastest and Most Advanced Password Recovery Utility: Hashcat

hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enab...

Exploits0References1
n0where
n0where
added 2018/11/08 3:21 a.m.107 views

The AWS Exploitation Framework: Pacu

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

0.8AI score
Exploits0References2
n0where
n0where
added 2018/01/01 7:9 p.m.106 views

A Deep Learning Approach for Password Guessing: PassGAN

State-of-the-art password guessing tools, such as HashCat and John the Ripper JTR, enable users to check billions of passwords per second against password hashes. In addition to straightforward dictionary attacks, these tools can expand dictionaries using password generation rules. Although these...

7.1AI score
Exploits0References3
n0where
n0where
added 2018/03/22 6:48 a.m.105 views

Detect Illegal Wireless Network Activities: WIPI-HUNTER

WipiHunter is developed for detecting illegal wireless network activities; howver, it shouldn’t be seen only as a piece of code. Instead, actually it is a philosophy. You can infer from this project new wireless network illegal activity detection methods. New methods, new ideas and different poin...

2.2AI score
Exploits0References1
n0where
n0where
added 2017/03/31 6:22 a.m.105 views

DHCP Exhaustion Script: DHCPig

DHCP Exhaustion Script DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy =2.1 library and admin...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/03/13 4:15 a.m.105 views

Platform Security Assessment Framework: ChipSec

Platform Security Assessment Framework CHIPSEC is a framework for analyzing security of PC platforms including hardware, system firmware including BIOS/UEFI and the configuration of platform components. It allows creating security test suite, security assessment tools for various low level...

7.5AI score
Exploits0References3
n0where
n0where
added 2018/11/21 6:9 p.m.103 views

Investigate Inline Hooks: PE-sieve

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...

2.2AI score
Exploits0References1
n0where
n0where
added 2018/11/08 4:1 a.m.103 views

Transparent Tor for Windows: Tallow

Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. Any traffic that cannot be handled by Tor, e.g. UDP, is blocked. Tallow also intercepts and handles DNS requests preventing potential leaks. Tallow has several applications,...

0.4AI score
Exploits0References1
n0where
n0where
added 2018/02/23 7:29 a.m.103 views

Open-Source Whistleblowing Framework: GlobaLeaks

GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights . It is an Open Whistleblowing Framework that can be used in many different usage scenarios that may require very...

7.9AI score
Exploits0References5
n0where
n0where
added 2017/05/25 4:31 a.m.103 views

Direct Memory Access Attack: PCILeech

Direct Memory Access Attack The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read...

7.3AI score
Exploits0References1
n0where
n0where
added 2017/04/20 5:23 p.m.103 views

Multi Purpose DevOps Security Auditing Tool: DevAudit

Multi Purpose DevOps Security Auditing Tool DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and DevOps practitioners that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing...

0.1AI score
Exploits0References2
n0where
n0where
added 2016/11/03 7:39 a.m.103 views

Volatile Memory Acquisition Tool: RAM Capturer

Volatile Memory Acquisition Tool Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in...

1.1AI score
Exploits0
n0where
n0where
added 2017/09/26 4:31 a.m.102 views

Open Source BitLocker Password Cracking Tool: BitCracker

BitCracker is the first open source BitLocker password cracking tool. BitLocker is a full-disk encryption feature available in recent Windows versions Vista, 7, 8.1 and 10 Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authenticati...

0.3AI score
Exploits0References2
n0where
n0where
added 2017/07/03 6:35 p.m.102 views

Archive Cryptography: unarcrypto

Archive Cryptography unarcrypto.py is an educational tool to depict the use of cryptography for password verification, headers and content encryption by popular archivers: zip, 7zip, rar v3 and v5. Supported archives format, encryption and compression algorithms: zip password protected or not,...

1AI score
Exploits0References2
n0where
n0where
added 2017/03/04 6:45 p.m.101 views

Android Package Inspector: Inspeckage

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/07/04 3:13 p.m.101 views

Open Source Threat Intelligence Collector: OSTrICa

Open Source Threat Intelligence Collector OSTrICa stands for Open Source Threat Intelligence Collector and is an Open Source plugin-oriented framework to collect and visualize Threat Intelligence Information. Furthermore, OSTrICa is also the Italian word for oyster: that’s where the logo come fro...

7.5AI score
Exploits0References3
n0where
n0where
added 2018/11/21 7:36 p.m.100 views

The Incident Response Tracking Application: DFIRTrack

DFIRTrack Digital Forensics and Incident Response Tracking application is an open source web application mainly based on Django using a PostgreSQL database backend. In contrast to other great incident response tools, which are mainly case-based and support the work of CERTs, SOCs etc. in their...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/02/13 8:56 p.m.100 views

Universal Radio Hacker: URH

Universal Radio Hacker investigate wireless protocols like a boss The Universal Radio Hacker is a software for investigating unknown wireless protocols. Features include hardware interfaces for common Software Defined Radios easy demodulation of signals assigning participants to keep overview of...

Exploits0References2
n0where
n0where
added 2012/04/28 3:12 a.m.100 views

VoIP VLAN Hopper

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. This requires two important steps ...

0.6AI score
Exploits0
n0where
n0where
added 2018/12/03 11:15 p.m.99 views

Kernel-Mode Rootkit Hunter: Tyton

Loadable kernel modules, LKMs for short, are an integral companion to the Linux kernel. Typically, LKMs are used to add support for new hardware as device drivers or file systems or add additional system calls. Without LKMs, an operating system would have to include all possible anticipated...

0.3AI score
Exploits0References2
n0where
n0where
added 2018/11/15 5:14 a.m.99 views

Advanced XSS Detection and Exploitation Suite: XSStrike

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...

6.2AI score
Exploits0References4
n0where
n0where
added 2016/10/28 5:20 a.m.99 views

Unified Diagnostic Services Simulator: UDSim

Unified Diagnostic Services Simulator The UDSim is a graphical simulator that can emulate different modules in a vehicle and respond to UDS request. It was designed as a training tool to run alongside of ICSim. It also has some unique learning features and can even be used to security test...

0.4AI score
Exploits0References1
n0where
n0where
added 2016/04/23 11:30 a.m.99 views

Response Operation Collection Kit: ROCK NSM

MOCYBER’s open source Network Security Monitoring platform ROCK is a collections platform, in the spirit of Network Security Monitoring, designed by members of the Missouri National Guard’s Cyber Team. It’s primary focus is to provide a robust, scalable sensor platform for both enduring security...

0.4AI score
Exploits0References4
n0where
n0where
added 2018/11/20 4:39 p.m.97 views

Unified hosts File With Base Extensions: hosts

Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentially others. You can optionally invoke extensions to block additional sites by category. The unified hosts file is extensible. Extensions are...

Exploits0References5
n0where
n0where
added 2017/06/05 5:49 p.m.97 views

Visual Studio Security Extension: Puma Scan

Visual Studio Security Extension Puma Scan is the leading software security Visual Studio analyzer extension. Built on top of Roslyn, the open-source .NET Compiler Platform, Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are...

7.4AI score
Exploits0References2
n0where
n0where
added 2017/05/11 3:35 a.m.97 views

Reverse Engineering MacOS: HookCase

Reverse Engineering MacOS HookCase is a tool for debugging and reverse engineering applications on macOS aka OS X, and the operating system itself. It re-implements and extends Apple’s DYLDINSERTLIBRARIES functionality . It can be used to hook any method defined in any module’s symbol table,...

7AI score
Exploits0References3
n0where
n0where
added 2016/01/14 1:16 a.m.96 views

Shellcode Generator: Venom

Shellcode Generator The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python “the python funtion will execute the shellcode in ram” and uses compilers like: gcc gnu...

2.5AI score
Exploits0References1
n0where
n0where
added 2017/12/14 6:50 p.m.95 views

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

6.8AI score
Exploits0References5
n0where
n0where
added 2017/05/05 4:18 a.m.95 views

Microsoft Exchange Service Abuse: Ruler

Microsoft Exchange Service Abuse Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules. “ Silentbreak did a great job with this attack and it has served us well. The only downside has been that it...

0.1AI score
Exploits0References1
n0where
n0where
added 2015/02/14 8:46 p.m.95 views

Rekall Memory Forensic Framework

Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and op...

7.3AI score
Exploits0References3
n0where
n0where
added 2016/11/03 6:18 a.m.93 views

Automated Security Response: Falcon Orchestrator

CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program. Falcon Orchestrator has only be...

0.3AI score
Exploits0References2
Total number of security vulnerabilities1052