Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/02/07 7:34 a.m.73 views

Dump and Analyze .Net Applications Memory: MemoScope.Net

Dump and Analyze .Net Applications Memory MemoScope.Net is a tool to analyze .Net process memory: it can dump an application’s memory in a file and read it later. The dump file contains all data objects and threads state, stack, call stack. MemoScope.Net will analyze the data and help you to find...

Exploits0References3
n0where
n0where
added 2016/01/15 4:7 p.m.73 views

RPISEC: Malware Analysis

This material was developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015. This was a university course developed and run solely by students, primarily using the Practical Malware Analysis book by Michael Sikorski and Andrew Honig, to teach skills i...

1.8AI score
Exploits0References1
n0where
n0where
added 2015/11/04 11:20 p.m.73 views

The Artillery Project

Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems. It’s relatively simple, run ./setup.py and hit yes, this will install Artillery in...

1AI score
Exploits0References1
n0where
n0where
added 2014/07/07 4:2 p.m.73 views

Create Linux System Backup: Systemback

Create Linux System Backup Systemback makes it easy to create backups of system and users configuration files. In case of problems you can easily restore the previous state of the system. There are extra features like system copying, system installation and Live system creation. Create Linux Syst...

1.4AI score
Exploits0
n0where
n0where
added 2018/11/08 4:24 a.m.72 views

Security Analysis Toolkit for Proprietary Car Protocols: CANalyzat0r

While car manufacturers steadily refine and advance vehicle systems, requirements of the underlying networks increase even further. Striving for smart cars, a fast-growing amount of components are interconnected within a single car. This results in specialized and often proprietary car protocols...

Exploits0References1
n0where
n0where
added 2015/09/14 3:9 a.m.72 views

DNS visualization: DNSViz

DNSViz is a tool for assessing the health of DNS deployments by issuing diagnostic queries, assessing the responses, and outputting the results in one of several formats. The assessment may be directed towards recursive or authoritative DNS servers, and the output may be textual, graphical, or...

0.9AI score
Exploits0References3
n0where
n0where
added 2018/01/01 9:20 p.m.71 views

QuarkslaB Dynamic binary Instrumentation: QBDI

QuarkslaB Dynamic binary Instrumentation QBDI is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBD...

Exploits0References1
n0where
n0where
added 2018/11/12 5:30 a.m.70 views

Parrot Security OS

Parrot is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Features updated pentesting tools great for forensic analysis custom 4.14...

1.1AI score
Exploits0
n0where
n0where
added 2018/03/18 6:9 p.m.70 views

Open Source Vulnerability Assessment and Management: Archery

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...

0.3AI score
Exploits0References3
n0where
n0where
added 2017/12/19 6:22 p.m.70 views

Abusing Windows Security: mimikatz

mimikatz is well known tool for extraction of plaintexts passwords, hashes, PIN codes and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. A lot of times after the initial exploitation phase attackers may want to get a firmer foothold...

0.4AI score
Exploits0References26
n0where
n0where
added 2016/10/20 7:30 p.m.70 views

Twitter OSINT framework: Birdwatcher

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be...

Exploits0References2
n0where
n0where
added 2016/04/19 10:6 p.m.70 views

American Fuzzy Lop Utilities: afl-utils

Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization afl-utils is a collection of utilities to assist fuzzing with american-fuzzy-lop afl . afl-utils includes tools for: automated crash sample collection, verification, reduction and analys...

6.9AI score
Exploits0References3
n0where
n0where
added 2015/08/30 6:45 p.m.70 views

Man In The Middle Attack Framework: MITMf

Man In The Middle Attack Framework MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools e.g Ettercap, Mallory, it’s been almost complete...

Exploits0References4
n0where
n0where
added 2014/08/05 9:54 p.m.70 views

Secure Disk Encryption Software: CipherShed

Secure Disk Encryption Software CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is cross-platform; It is available for Windows, Mac OS X and GNU/Linux...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/06/02 4:15 a.m.69 views

Open Source Intelligence Automation: Spiderfoot

Open Source Intelligence Automation SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more...

0.1AI score
Exploits0
n0where
n0where
added 2015/06/02 5:2 p.m.69 views

Portable Penetration Testing Distribution for Windows: PentestBox

PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 70% of penetration testing distributions users uses windows and provides an efficient platform for Penetration Testing on windows. It provides all security tools as a...

7.5AI score
Exploits0
n0where
n0where
added 2018/12/20 3:50 p.m.68 views

Phishing Campaign Toolkit: King Phisher

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

7.8AI score
Exploits0References5
n0where
n0where
added 2018/12/03 10:59 p.m.68 views

Tools for capturing and analyzing keyboard input paired with microphone capture

The main goal is to exploit the sound produced by pressing keyboard keys as a side channel in order to guess the content of the text being typed. To achieve this, the algorithm takes as input a training set, consisting of an audio recording, together with the corresponding keys being typed during...

7.1AI score
Exploits0References2
n0where
n0where
added 2018/09/12 7:12 p.m.68 views

PowerShell Front-End for Windows Debugger Engine: DbgShell

The main impetus for DbgShell is that it’s just waaaay too hard to automate anything in the debugger. There are facilities today to assist in automating the debugger, of course. But in my opinion they are not meeting people’s needs. Using the built-in scripting language is arcane, limited,...

6.9AI score
Exploits0References1
n0where
n0where
added 2017/03/03 5:23 a.m.68 views

Browser-based GDB frontend: gdbGUI

A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browse Features Debug a different program in each tab new gdb instance is spawned for each tab Set/remove...

7.1AI score
Exploits0References4
n0where
n0where
added 2016/11/05 2:13 a.m.68 views

Blockchain Based DNS: dnschain

Blockchain Based DNS DNSChain makes it possible to be certain that you’re communicating with who you want to communicate with, and connecting to the sites that you want to connect to, without anyone secretly listening in on your conversations in between, DNSChain provides security properties that...

6.7AI score
Exploits0References9
n0where
n0where
added 2015/09/12 12:1 a.m.68 views

Multiprotocol Network Emulator – Simulator: IMUNES

IMUNES GUI is a simple Tcl/Tk based management console, allowing for specification and management of virtual network topologies. The emulation execution engine itself operates within the operating system kernel. Univesity of Zagreb developed a realistic network topology emulation / simulation...

7.2AI score
Exploits0References1
n0where
n0where
added 2014/10/29 6:50 p.m.68 views

Web Auditing Framework: GoLismero

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. Features: Real platform independence. Tested on Windows, Linux, BSD and OS X. No native library dependencies. All of the framework has bee...

7.3AI score
Exploits0References2
n0where
n0where
added 2013/01/05 7:20 p.m.68 views

Bugtraq Penetration Testing Linux

Bugtraq -2 Blackwidow is a Open-Source Linux Distribution based in Ubuntu and Debian with PAE kernel 3.2 and 3.4 Hacker ‘s suite where you will find all kinds of tools for the best systems auditory. Adapted for beginners in Ethical hacking computer security, and for experts in this field. Is not...

1.9AI score
Exploits0
n0where
n0where
added 2012/05/25 11:24 p.m.68 views

Passive DNS Network Mapper: dnsmap

Passive DNS Network Mapper dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments . During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names,...

7AI score
Exploits0References1
n0where
n0where
added 2018/11/07 6:55 p.m.67 views

The x86 Processor Fuzzer: sandsifter

Your computer is not yours. You may have shelled out thousands of dollars for it. It may be sitting right there on your desk. You may have carved your name deep into its side with a blowtorch and chisel. But it’s still not yours. Some vendors are building secret processor registers into your...

7.9AI score
Exploits0References3
n0where
n0where
added 2018/06/25 3:42 p.m.67 views

The OSINT Omnibus

An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command...

Exploits0References1
n0where
n0where
added 2017/09/20 4:12 a.m.67 views

Credentials Recovery: The LaZagne Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

Exploits0References2
n0where
n0where
added 2017/08/25 4:57 p.m.67 views

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

0.2AI score
Exploits0References2
n0where
n0where
added 2018/06/18 4:47 a.m.66 views

Automated Wireless Attack Tool: WiFite

Wifite is a Python script for auditing wireless networks which aims to be the “set it and forget it” wireless auditing tool. What’s new in Wifite 2? Less bugs Cleaner process management. Does not leave processes running in the background the old wifite was bad about this. No longer “one monolithi...

Exploits0References1
n0where
n0where
added 2015/02/06 6:49 p.m.66 views

UFONet Open Redirect DDoS Attack

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet. See this links for more info: CWE-601:Open Redirect OWASP:URL Redirector Abuse Installing UFONet UFONet runs on many platforms. It requires Python 2.x.y...

0.1AI score
Exploits0References1
n0where
n0where
added 2015/01/20 1:39 a.m.66 views

Honeypot Deployment Made Easy: Beeswarm

Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak...

0.3AI score
Exploits0References1
n0where
n0where
added 2016/06/25 3:58 p.m.65 views

Python Exploit Development GDB Assistance: Peda

Python Exploit Development GDB Assistance PEDA is a Python GDB script with many handy commands to help speed up exploit development process on Linux/Unix. It is also a framework for writing custom interactive Python GDB commands. PEDA v1.1 Released Requirements PEDA 1.0 is only support Linux GDB...

7.5AI score
Exploits0References1
n0where
n0where
added 2016/06/15 7:17 p.m.65 views

OWASP Offensive Web Testing Framework: OWFT

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming. OWASP OWTF is a project focused on penetration testing efficiency and...

6.8AI score
Exploits0References1
n0where
n0where
added 2014/10/23 3:5 p.m.65 views

VoIP Penetration Testing Kit: Viproy

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support,...

0.5AI score
Exploits0References1
n0where
n0where
added 2012/08/16 10:12 p.m.65 views

EncFS and TrueCrypt for Android: Cryptonite

Cryptonite brings EncFS and TrueCrypt to Android. You can browse, export and open EncFS-encrypted directories and files on your Dropbox and on your phone. On rooted phones that support FUSE e.g. CyanogenMod you can also mount EncFS and TrueCrypt volumes. TrueCrypt is only available as a...

0.7AI score
Exploits0References2
n0where
n0where
added 2017/09/19 5:48 a.m.64 views

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Exploits0References10
n0where
n0where
added 2017/08/15 5:59 a.m.64 views

Kick Devices Off Your Network: KickThemOut

A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them off your local area network. KickThemOut ARP Spoofs devices in your Local Area Network killing their internet connectivity and therefore allowin...

0.3AI score
Exploits0References3
n0where
n0where
added 2017/03/17 6:13 a.m.64 views

Online Malware & URL Analysis: MalSub

Online Malware & URL Analysis malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces APIs . It supports submitting files or URLs for analysis, retrieving reports by hash values, domains,...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/01/04 3:42 p.m.64 views

Automated DeAuth Attack: zizzania

zizzania sniffs wireless traffic listening for WPA handshakes and dumping only those frames suitable to be decrypted one beacon + EAPOL frames + data. In order to speed up the process, zizzania sends IEEE 802.11 DeAuth frames to the stations whose handshake is needed, properly handling...

1.3AI score
Exploits0References2
n0where
n0where
added 2013/01/06 3:23 p.m.64 views

Platform Independent Network Packet Generator: Hyenae

Platform Independent Network Packet Generator Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant. Features ARP-Request floodin...

1.8AI score
Exploits0
n0where
n0where
added 2018/11/08 3:52 a.m.64 views

Memory Man in the Middle: MemITM

The MemITM Mem In The Middle tool has been developed in order to easily intercept “messages” in Windows processes memory. We developed a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them to...

7.1AI score
Exploits0References1
n0where
n0where
added 2017/03/30 6:42 p.m.63 views

AntiVirus Evasion Tool: AVET

AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. What & Why: when running an exe file made with msfpayload & co, the exe file will often be recognized by the antivirus software avet is a antivirus...

7.6AI score
Exploits0References1
n0where
n0where
added 2016/07/06 4:46 p.m.63 views

Post Exploitation Powershell Tool: mimikittenz

Post Exploitation Powershell Tool mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes usi...

2.1AI score
Exploits0References1
n0where
n0where
added 2014/11/15 4:23 p.m.63 views

Host Based Intrusion Detection System: Samhain

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...

0.1AI score
Exploits0
n0where
n0where
added 2018/12/03 10:47 p.m.62 views

Powershell Script for Enumerating Vulnerable DCOM Applications: DCOMrade

DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently...

Exploits0References3
n0where
n0where
added 2018/09/19 1:55 a.m.62 views

Mail Security Testing Framework

Mail Security Testing Framework is a testing framework for mail security and filtering solutions. The mail security testing framework works with with Python =3.5. Just pull this repository and go ahead. No further dependencies are required. Usage The script mail-tester.py runs the tests. Read the...

6.4AI score
Exploits0References2
n0where
n0where
added 2018/09/04 12:18 a.m.62 views

Mobile Application Testing Toolkit: Scrounger

Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment. The idea behind Scrounger is to make a metasploit-like tool that will not...

Exploits0References5
n0where
n0where
added 2018/07/10 7:49 p.m.62 views

Block Unauthorized macOS Outgoing Network Traffic: LuLu

LuLu is the free, shared-source firewall for macOS. It’s goal is simple; block any unknown outgoing connections, until approved by the user. While it was designed to generically detect malware by flagging unauthorized networking connections, LuLu can also be used to block OS components or 3rd-par...

0.7AI score
Exploits0References1
n0where
n0where
added 2017/10/04 4:4 a.m.62 views

Wireless Monitoring, Intrusion Detection & Forensics: Nzyme

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog Open Source log management setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode. Think about this like a long-term months or years...

6.6AI score
Exploits0References1
Total number of security vulnerabilities1052