Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2017/03/31 5:25 a.m.62 views

Database Firewall: DBShield

Database Firewall DBShield is a Database Firewall written in Go that has protection for MySQL/MariaDB, Oracle and PostgreSQL databases. It works in a proxy fashion inspecting traffic and dropping abnormal queries after a learning period to populate the internal database with regular queries. For...

1.1AI score
Exploits0References3
n0where
n0where
added 2015/12/07 8:45 p.m.62 views

Fastest Internet Port Scanner: MASSCAN

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap , the most famous port scanner. Internally, it operates more like scanrand , unicornscan , and ZMap , using asynchronous...

7AI score
Exploits0References4
n0where
n0where
added 2015/07/21 5:19 a.m.62 views

John the Ripper GUI Frontend: Johnny

Johnny the open source cross-platform GUI frontend for John the Ripper, the popular password cracker, written in C++ using the Qt framework. Johnny’s aim is to automate and simplify the password cracking routine on the Desktop as well as add extra functionality like session management and easy...

0.7AI score
Exploits0References1
n0where
n0where
added 2017/10/19 4:42 a.m.61 views

DumpsterFire Toolset: Security Incidents In A Box

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support a...

7.8AI score
Exploits0References1
n0where
n0where
added 2016/12/12 12:51 p.m.61 views

Real Time Performance Monitoring: netdata

Real Time Performance Monitoring Netdata is a daemon that collects data in realtime per second and presents a web site to view and analyze them. The presentation is also real-time and full of interactive charts that precisely render all collected values. netdata is the fastest way to visualize...

7.4AI score
Exploits0References3
n0where
n0where
added 2016/11/03 1:17 a.m.61 views

Low Interaction Honeypot: HoneyPy

A low interaction honeypot with the capability to be more of a medium interaction honeypot. HoneyPy is written in Python and is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations. The level of interaction is determined by the functionality of a...

0.5AI score
Exploits0References1
n0where
n0where
added 2016/09/14 6:22 p.m.61 views

Build Your Own PwnPhone

Build Your Own PwnPhone We’ll attempt to show you how to build your own Pwn Phone running the Kali operating system and our AOPP Android Open Pwn Project image. Let’s get cracking… Flashing the Phone 1. Download the Recovery image for your device: https://twrp.me/Devices 2. Connect the device to...

0.1AI score
Exploits0
n0where
n0where
added 2015/01/19 5:51 p.m.61 views

MAT: Metadata Anonymisation Toolkit

MAT: Metadata Anonymisation Toolkit What is metadata? Metadata consists of information that characterizes data e.g. Word documents, pictures, music files, etc. In essence, metadata answers who, what, when, where, why, and how about every facet of the data that is being characterized. Why metadata...

0.6AI score
Exploits0References1
n0where
n0where
added 2018/07/10 7:49 p.m.60 views

Block Unauthorized macOS Outgoing Network Traffic: LuLu

LuLu is the free, shared-source firewall for macOS. It’s goal is simple; block any unknown outgoing connections, until approved by the user. While it was designed to generically detect malware by flagging unauthorized networking connections, LuLu can also be used to block OS components or 3rd-par...

0.7AI score
Exploits0References1
n0where
n0where
added 2016/11/12 5:45 a.m.60 views

LLMNR, NBT-NS and MDNS Responder for Windows

LLMNR, NBT-NS and MDNS Responder for Windows This tool is first an LLMNR, NBT-NS and MDNS responder, it will answer to specific NBT-NS NetBIOS Name Service queries based on their name suffix see: http://support.microsoft.com/kb/163409 . By default, the tool will only answers to File Server Servic...

0.3AI score
Exploits0References1
n0where
n0where
added 2015/09/15 3:6 a.m.60 views

Offline WPS Bruteforce Utility: PixieWPS

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack Additional Video: http://video.adm.ntnu.no/pres/549931214e18d Pixiewps requires libssl. To install it: sudo apt-get install libssl-dev Installation:...

0.2AI score
Exploits0References2
n0where
n0where
added 2015/01/26 12:2 p.m.60 views

socat – Multipurpose Relay (SOcket CAT)

socat socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device serial line etc. or a pseudo terminal, a socket UNIX, IP4, IP6 – raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin...

1.6AI score
Exploits0
n0where
n0where
added 2015/07/21 10:53 p.m.59 views

Web Services Penetration Testing: WS-Attacker

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

0.2AI score
Exploits0References1
n0where
n0where
added 2017/06/22 11:48 p.m.58 views

Python Backdoor Framework: NXcrypt

Python Backdoor Framework: NXcrypt Features NXcrypt is a polymorphic ‘python backdoors’ crypter written in python by Hadi Mene h4d3s . The output is fully undetectable . NXcrypt can inject malicious python file into a normal file with multi-threading system . Run it with superuser’s permissions...

7.6AI score
Exploits0References1
n0where
n0where
added 2017/03/20 4:51 a.m.58 views

BGP Swiss Army Knife: ExaBGP

ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS. It is routinely used to improve service resilience and provide protection against network or...

7.1AI score
Exploits0References3
n0where
n0where
added 2016/12/19 3:11 a.m.58 views

Backdooring Android APK: backdoor-apk

Backdooring Android APK backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without...

Exploits0References1
n0where
n0where
added 2015/09/15 3:39 a.m.58 views

WPS attack tool: Penetrator-WPS

This is experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time Penetrator-WPS utilizes the pixie-dust attack every time it receives M3 message, unless it is disabled with -P – pixie-dust requires pixiewps to be installed. Installation First, you ne...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/09/20 5:28 a.m.57 views

Office for Mac Macro Payload Generator: MacPhish

Attack vectors There are 4 attack vectors available: beacon creds meterpreter meterpreter-grant For the ‘creds’ method, macphish can generate the Applescript script directly, in case you need to run it from a shell. beacon On execution, this payload will signal our listening host and provide basi...

1AI score
Exploits0References2
n0where
n0where
added 2017/06/19 5:23 p.m.57 views

Process Heap Analysis Framework: Python Haystack

Process Heap Analysis Framework python-haystack is an heap analysis framework, focused on searching and reversing of C structure in allocated memory. The first function/API is the SEARCH function. It gives the ability to search for known record types in a process memory dump or live process’s...

7AI score
Exploits0References9
n0where
n0where
added 2017/05/30 5:23 p.m.57 views

Open Source Incident Management & Response Platform: Cyphon

Open Source Incident Management & Response Platform Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and...

0.5AI score
Exploits0References2
n0where
n0where
added 2015/03/13 7:6 p.m.57 views

VPN daemon written in Go: GoVPN

GoVPN is simple secure virtual private network daemon. It uses Diffie-Hellman Encrypted Key Exchange DH-EKE for mutual zero-knowledge peers authentication and authenticated encrypted data transport. It is written entirely in Go programming language . All packets captured on a network interface ar...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/09/04 11:47 p.m.56 views

PEI Stage Backdoor for UEFI Compatible Firmware: PeiBackdoor

PEI Stage Backdoor for UEFI Compatible Firmware This project implements early stage firmware backdoor for UEFI based firmware. It allows to execute arbitrary code written in C during Pre EFI Init PEI phase of Platform Initialization PI. This backdoor might be useful for low level manipulations wi...

7.9AI score
Exploits0References15
n0where
n0where
added 2015/02/06 12:34 a.m.56 views

packETH – Ethernet Packet Generator

packETH Ethernet Packet Generator packETH is GUI and CLI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet link. It is very simple to use, powerful and supports many adjustments of parameters while sending sequence of...

0.8AI score
Exploits0
n0where
n0where
added 2011/04/09 2:31 p.m.56 views

Wireless Network Monitoring Tool: Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD,...

0.3AI score
Exploits0
n0where
n0where
added 2018/05/31 6:56 p.m.55 views

File System Crawler: diskover

diskover is an open source file system crawler and disk space usage software that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files and system administrators are able to manage storage...

Exploits0References4
n0where
n0where
added 2017/11/07 6:2 a.m.55 views

Interface Aware Fuzzing for Kernel Drivers: DIFUZE

Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system...

1.1AI score
Exploits0References2
n0where
n0where
added 2017/05/11 4:7 a.m.55 views

Very Fast Network Logon Cracker: THC-Hydra

Very Fast Network Logon Cracker Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. This fast, and...

7.5AI score
Exploits0References1
n0where
n0where
added 2017/01/24 7:0 a.m.55 views

WordPress Exploit Framework

WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Requirements Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command...

0.7AI score
Exploits0References2
n0where
n0where
added 2016/08/30 4:11 p.m.55 views

Packet Capture Generator for IDS: Sniffles

Packet Capture Generator for IDS and Regular Expression Evaluation Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior. Sniffles works very simply. It takes a set of regular expressions or rules and...

Exploits0References1
n0where
n0where
added 2018/02/03 8:26 p.m.54 views

Find Vulnerable Settings in AD Group Policy: Grouper

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft’s Group Policy module and identifies all the settings defined in...

6.8AI score
Exploits0References1
n0where
n0where
added 2017/08/06 9:20 p.m.54 views

Automated Information Gathering & Service Enumeration: Reconnoitre

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. Usage This...

0.1AI score
Exploits0References1
n0where
n0where
added 2016/08/09 3:59 a.m.54 views

Free Cross Platform Information Sharing: DemonSaw

THE FUTURE OF INFORMATION SHARING Finally, simple and truly secure sharing is available – for free – across every platform Demonsaw is a new type of information sharing application that allows you to share your files securely. It’s the next leap in the evolution of a free internet, and the debut ...

0.3AI score
Exploits0
n0where
n0where
added 2016/07/16 9:11 p.m.54 views

Python Remote Access Tool: Ares

Ares is a Python Remote Access Tool Only use this software according to your current legislation. Misuse of this software can raise legal and ethical issues which I don’t support nor can be held responsible for. Ares is made of two main programs: A Command aNd Control server, which is a Web...

0.4AI score
Exploits0References2
n0where
n0where
added 2015/03/25 6:7 p.m.54 views

Malware Communication Analyzer: Malcom

Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. Malcom can help you...

7.1AI score
Exploits0References5
n0where
n0where
added 2017/06/12 6:13 a.m.53 views

Domain Name Permutation Engine: dnstwist

Domain Name Permutation Engine Domain name permutation engine for detecting typo squatting, phishing and corporate espionage See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters,...

0.1AI score
Exploits0References2
n0where
n0where
added 2016/02/29 7:7 p.m.53 views

Free Open Source Face Recognition Neural Network: OpenFace

OpenFace is a Python and Torch implementation of face recognition with deep neural networks and is based on the CVPR 2015 paper FaceNet: A Unified Embedding for Face Recognition and Clustering by Florian Schroff, Dmitry Kalenichenko, and James Philbin at Google. Torch allows the network to be...

0.4AI score
Exploits0References14
n0where
n0where
added 2014/02/14 7:26 p.m.53 views

Arch Linux Penetration Testers Layer: ArchAssault

Arch Linux Penetration Testers Layer 2014-09-30 – Tyler Bennett We have released a new iso, its updated with our latest tools. We have updated our custom kernel to 3.16.3, as well. We have corrected the size issue on the x8664 ISO, allowing it to be burned to a single layer DVD. Official Note: Th...

0.1AI score
Exploits0
n0where
n0where
added 2011/07/06 1:3 a.m.53 views

Web Application Testing: Vega

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting XSS, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows...

1.7AI score
Exploits0
n0where
n0where
added 2018/03/18 9:45 p.m.52 views

Disable Risky Windows Features: Hardentools

Hardentools is a collection of simple utilities designed to disable a number of “features” exposed by operating systems Microsoft Windows, for now, and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose ...

0.5AI score
Exploits0References1
n0where
n0where
added 2018/03/10 5:35 a.m.52 views

Distributed YARA Malware Scanning System: KLara project

Klara project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara . In order to hunt efficiently for malware, one needs a large collection of samples to search over. Researchers usually need to fire a Yara rule over a collection / set of malicious files and then ge...

1AI score
Exploits0References2
n0where
n0where
added 2016/01/18 6:50 p.m.52 views

Open Source Database Fuzzing: FuzzDB

FuzzDB is the most comprehensive Open Source database of malicious inputs, predictable resource names, greppable strings for server response messages, and other resources like web shells. It’s like an application security scanner, without the scanner. What’s in FuzzDB? Predictable Resource...

7.7AI score
Exploits0References7
n0where
n0where
added 2013/11/28 6:12 p.m.52 views

Protection Against Port Scanners: Portspoof

The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure. The general goal of the program is to...

7.5AI score
Exploits0References1
n0where
n0where
added 2018/05/29 2:57 a.m.51 views

Adversarial Robustness Toolbox: ART

The Adversarial Robustness Toolbox ART, an open source software library, supports both researchers and developers in defending deep neural networks against adversarial attacks, making AI systems more secure. Its purpose is to allow rapid crafting and analysis of attack and defense methods for...

0.6AI score
Exploits0References1
n0where
n0where
added 2018/02/28 2:35 a.m.51 views

Advanced Network Monitoring & MITM Attack Framework: Bettercap

Evil socket just announced the release of the second generation of bettercap , a complete re-implementation of the most complete and advanced Man-in-the-Middle attack framework. This release not only brings MITM attacks to the next level, but it aims to be the reference framework for network...

7.3AI score
Exploits0References7
n0where
n0where
added 2017/01/21 5:6 a.m.51 views

Android Security Assessment Framework: drozer

Android Security Assessment Framework drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the...

0.1AI score
Exploits0References9
n0where
n0where
added 2016/04/15 12:16 p.m.51 views

Firmware File System Extraction: firmwalker

A simple bash script for searching the extracted or mounted firmware file system. It will search through the extracted or mounted firmware file system for things of interest such as: etc/shadow and etc/passwd list out the etc/ssl directory search for SSL related files such as .pem, .crt, etc...

0.6AI score
Exploits0References1
n0where
n0where
added 2015/03/20 7:49 p.m.51 views

Monitoring Large-Scale Networks: YAF

Monitoring Large-Scale Networks Why does the world need another network flow event generator? yaf was originally intended as an experimental implementation tracking developments in the IETF IPFIX working group, specifically bidirectional flow representation, archival storage formats, and structur...

0.3AI score
Exploits0
n0where
n0where
added 2015/02/06 10:18 p.m.51 views

DNS Enumeration Script: DNSRecon

DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...

Exploits0References1
n0where
n0where
added 2014/10/13 7:20 p.m.51 views

Website Traffic Visualization: Logstalgia

Website Traffic Visualization Logstalgia is a website traffic visualization that replays or streams web-server access logs as a pong-like battle between the web server and an never ending torrent of requests. Requests appear as colored balls the same color as the host which travel across the scre...

Exploits0References1
n0where
n0where
added 2014/08/10 1:27 a.m.51 views

CLI Magic: I Didn’t Know That !

Command Editing Shortcuts Ctrl + a – go to the start of the command line Ctrl + e – go to the end of the command line Ctrl + k – delete from cursor to the end of the command line Ctrl + u – delete from cursor to the start of the command line Ctrl + w – delete from cursor to start of word i.e...

7.7AI score
Exploits0
Total number of security vulnerabilities1052