Lucene search
K
N0whereMost viewed

1052 matches found

n0where
n0where
added 2016/08/06 1:23 p.m.43 views

AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...

0.5AI score
Exploits0References2
n0where
n0where
added 2016/04/17 11:49 p.m.43 views

Open Source Real Time Network Analyzer: skydive

Open Source Real Time Network Topology and Protocols Analyzer Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flow...

7.5AI score
Exploits0References2
n0where
n0where
added 2016/04/16 11:26 p.m.43 views

Backdoor Android APK: backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and ...

0.4AI score
Exploits0References1
n0where
n0where
added 2015/06/22 11:31 p.m.43 views

Bruteforce Attack Protection: sentry

Safe and effective protection against bruteforce attacks ssh, FTP, SMTP, and more Sentry detects and prevents bruteforce attacks against sshd using minimal system resources. Sentry does NOT make changes to your firewall configuration. It merely adds IPs to a table/list/chain. It does this...

7.4AI score
Exploits0References1
n0where
n0where
added 2018/05/31 7:32 p.m.42 views

Automatic Machine Learning Penetration Test Tool: Deep Exploit

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. DeepExploit consists of the machine learning model A3C and Metasploit . The A3C executes exploit t...

2.3AI score
Exploits0References1
n0where
n0where
added 2017/10/02 4:24 a.m.42 views

BLE Scanner for Smart Devices Hacking: BLEAH

A BLE scanner for “smart” devices hacking based on the bluepy library, dead easy to use because retarded devices should be dead easy to hack. How to Install Install bluepy from source: git clone https://github.com/IanHarvey/bluepy.git cd bluepy python setup.py build sudo python setup.py install...

0.1AI score
Exploits0References2
n0where
n0where
added 2016/12/12 2:54 p.m.42 views

Data Exfiltration In Plain Sight: Cloakify Toolset

Data Exfiltration In Plain Sight -Cloakify Toolset Evade DLP/MLS Devices; Social Engineering of Analysts; Evade AV Detection CloakifyFactory transforms any filetype e.g. .zip, .exe, .xls, etc. into a list of harmless-looking strings. This lets you hide the file in plain sight, and transfer the fi...

7.1AI score
Exploits0References2
n0where
n0where
added 2016/12/04 10:35 p.m.42 views

Open Source Malware Clusterization Toolkit: Cosa Nostra

Open Source Malware Clusterization Toolkit Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Required 3rd...

0.7AI score
Exploits0References3
n0where
n0where
added 2015/07/22 3:52 a.m.42 views

Tunneling C&C Over DNS: dnscat2

This tool is designed to create a command-and-control C&C channel over the DNS protocol, which is an effective tunnel out of almost every network. dnscat2 comes in two parts: the client and the server. The client is designed to be run on a compromised machine. It’s written in C and has the minimu...

Exploits0References5
n0where
n0where
added 2015/06/21 5:48 p.m.42 views

Web Security Dojo

Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions are available for download. Dojo is an open source project intended to be used as a training environment, and shouldn’t be used as a pen-testing platform due to the...

1AI score
Exploits0
n0where
n0where
added 2018/03/22 7:43 a.m.41 views

Retrieving NTLM Hashes without Touching LSASS: Internal Monologue Attack

Mimikatz, developed by Benjamin Delpy @gentilkiwi, is a well-regarded post-exploitation tool, which allows adversaries to extract plain text passwords, NTLM hashes and Kerberos tickets from memory, as well as perform attacks such as pass-the-hash, pass-the-ticket or build a golden ticket. Arguabl...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/06/12 6:38 p.m.41 views

Application Level Firewall OpenSnitch

Application Level Firewall OpenSnitch OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. OpenSnitch is an application level firewall, meaning then while running, it will detect and alert the user for every outgoing connection applications he’s running are creating. This can...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/06/03 2:51 a.m.41 views

Infect Android Application With Meterpreter Payload: kwetza

Infect Android Application With Meterpreter Payload Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target application’s default permissions or inject...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/03/09 5:1 a.m.41 views

Lightweight Arch Linux Based Security Distribution: BlackArch Linux

BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up to be used by security professionals for penetration testing tasks and security auditing. While the distribution can be installed on top of...

0.5AI score
Exploits0
n0where
n0where
added 2016/11/28 6:7 a.m.41 views

Targeted Geolocation Framework: HoneyBadger v2

HoneyBadger is a framework for targeted geolocation. While honeypots are traditionally used to passively detect malicious actors, HoneyBadger is an Active Defense tool to determine who the malicious actor is and where they are located. HoneyBadger leverages “agents” built in various technologies...

6.8AI score
Exploits0References1
n0where
n0where
added 2016/11/03 6:48 a.m.41 views

Facebook Threat Exchange

Facebook Threat Exchange Most threat intelligence solutions suffer because the data is too hard to standardize and verify. Facebook created the ThreatExchange platform so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides priva...

7.2AI score
Exploits0References1
n0where
n0where
added 2016/06/09 2:29 p.m.41 views

Arch Linux Security Layer: ArchStrike

Arch Linux Security Layer done the Arch Way optimized for i686, x8664, ARMv6, and ARMv7 An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x8664, ARMv6, and ARMv7. ArchStrike is a penetration testing and security layer on top of Arch...

7.1AI score
Exploits0References1
n0where
n0where
added 2016/04/15 12:33 p.m.41 views

Linux Vulnerability Scanner: Vuls

Vulnerability scanner for Linux, agentless, written in golang For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use...

0.2AI score
Exploits0References2
n0where
n0where
added 2015/12/07 6:18 p.m.41 views

Offensive Powershell Console: PSPunch

PSPunch combines some of the best projects in the infosec powershell community into a self contained executable. It’s designed to evade antivirus and Incident Response teams. 1. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the dotNet framework. 2. The modules th...

2.9AI score
Exploits0References3
n0where
n0where
added 2013/07/25 10:59 p.m.41 views

Raspberry Pi HoneyPot

Glastopf is a web application honeypot project lead by Lukas Rist a.k.a glaslos of the Honeynet Project. The Glastopf project started in the year 2009. It is a simple and minimalistic web server written in Python that records information of web-based application attacks like Structured Query...

Exploits0References1
n0where
n0where
added 2018/06/25 4:26 p.m.40 views

Indonesian Penetration Testing LFS: Dracos Linux

Dracos Linux is the Linux operating system from Indonesian, open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing penetration testing...

1.7AI score
Exploits0
n0where
n0where
added 2018/03/18 3:19 p.m.40 views

Next Generation Graphical Network Analyzer: Deplug

Deplug is a graphical network analyzer powered by web technologies. Features Cross-Platform macOS, Linux, Windows Web-based UI Built-in Package Manager SDK for JavaScript and Rust Concurrency Support Import / Export Deplug supports following formats by default. Pcap File .pcap Preferences...

7.2AI score
Exploits0References1
n0where
n0where
added 2018/02/23 7:52 a.m.40 views

Intelligent Software Composition Analysis Platform: Dependency-Track

Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top o...

Exploits0References3
n0where
n0where
added 2018/02/07 9:12 p.m.40 views

Serverless, Low Cost, Threat Intel Aggregation: ElasticIntel

ElasticIntel is serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch. It is an alternative to expensive threat intel aggregation platforms which ingest the same data feeds you could get for free. ElasticIntel is designed to provide a central,...

0.2AI score
Exploits0References2
n0where
n0where
added 2017/12/04 3:23 a.m.40 views

Automated Adversary Emulation System: CALDERA

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge ATT&CK...

1.6AI score
Exploits0References3
n0where
n0where
added 2017/11/28 4:13 a.m.40 views

Transparent Man-in-the-Middle TLS Proxy: ratched

ratched is a Man-in-the-Middle MitM proxy that specifically intercepts TLS connections. It is intended to be used in conjunction with the Linux iptables REDIRECT target; all connections that should be intercepted can be redirected to the local ratched port. Through the SOORIGINALDST sockopt,...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/08/23 5:57 p.m.40 views

Onion Decoy Server

A platform to run private unannounced Honeypots as Tor Hidden Services aka Onion Decoys inside the Tor Network. The Onion Decoys are implemented with Docker containers as honeypots. The reason to choose Docker is that it is good at process and filesystem isolation, which ultimately gives the...

7.3AI score
Exploits0References1
n0where
n0where
added 2017/05/22 5:7 a.m.40 views

SSH MITM Tool

SSH MITM Tool This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk. Of course, the...

0.4AI score
Exploits0References1
n0where
n0where
added 2017/01/31 6:50 a.m.40 views

DNS Poisoning Attacks Made Easy: Judas DNS

DNS Poisoning Attacks Made Easy A DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas’s rule configurations which allow you to...

0.8AI score
Exploits0References2
n0where
n0where
added 2016/07/05 1:51 a.m.40 views

The Correlated Vulnerability And Threat Database: vFeed

vFeed Framework is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema. It also improves the reliability of CVEs by providing a flexible and...

0.3AI score
Exploits0References2
n0where
n0where
added 2018/09/05 5:4 p.m.39 views

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

Exploits0References4
n0where
n0where
added 2018/05/24 6:11 p.m.39 views

The Empire Multiuser GUI: Empire GUI

The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework. It was written in Electron and utilizes websockets SocketIO on the backend to support multiuser interaction. The main goal of this project is to enable red teams, or any other color team, to work together...

7.8AI score
Exploits0References1
n0where
n0where
added 2017/03/30 3:21 p.m.39 views

LLMNR NBT-NS MDNS Poisoner: Responder

LLMNR NBT-NS MDNS Poisoner: Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. This tool is an LLMNR, NBT-NS and MDNS responder, it will...

7.9AI score
Exploits0References1
n0where
n0where
added 2016/10/05 4:14 a.m.39 views

Windows Crypto Ransomware in Go: Ransomware

Windows Crypto Ransomware in Go Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware,...

7.5AI score
Exploits0References1
n0where
n0where
added 2016/05/01 9:58 p.m.39 views

Dark Internet Mail Environment: DIME

Internet electronic mail email was designed in the early days of the Internet, and so lacks any mechanism to protect the privacy of the sender and addressee. Several techniques have been used in an attempt to increase the privacy of email. These techniques have provided either modest increases in...

7AI score
Exploits0References1
n0where
n0where
added 2016/01/07 4:12 a.m.39 views

Linux System Call Fuzzer: Trinity

System call fuzzers aren’t a particularly new idea. As far back as 1991, people have written apps that bomb syscall inputs with garbage data, that have had a variety of success in crashing assorted operating systems. After fixing the obvious dumb bugs however, a majority of the time these calls...

6.9AI score
Exploits0References1
n0where
n0where
added 2014/08/21 6:11 p.m.39 views

HashCat Introduction: Break That Hash

When the Bitcoin mining craze hit its peak, people felt the tug to join this new community and make some easy money. The Concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors GPUs. With a moderately expensive video card, you could bring in enough money to p...

6.7AI score
Exploits0
n0where
n0where
added 2014/01/24 4:39 p.m.39 views

Tor Exit Relay Scanner: Exitmap

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. An exit node, the final destination in the series of servers Tor users hop through...

7AI score
Exploits0References3
n0where
n0where
added 2013/08/24 3:52 p.m.39 views

Kali Applications Automatic Installer Script: KAAIS

KAAIS Kali Applications Automatic Installer Script Let’s you easily install some applications which doesn’t come by default with the Kali Linux distribution. It’s user friendly and it incorporates some other things. It also gets updated regularly. Features Skype VideoChat Application TeamViewer...

7.2AI score
Exploits0
n0where
n0where
added 2012/02/02 3:46 a.m.39 views

Open-Source Collaboration Framework: Dradis

Collaboration and reporting framework for InfoSec teams Some of the features: Platform independent Markup support for the notes: text styles, code blocks, images, links, etc. Integration with existing systems and tools: Brakeman Burp Suite MediaWiki Metasploit Nessus NeXpose Nikto Nmap OpenVAS...

7.2AI score
Exploits0
n0where
n0where
added 2018/07/02 5:33 p.m.38 views

Spoof SSDP replies to phish for NTLM hashes: evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage. By default, this...

6.8AI score
Exploits0References1
n0where
n0where
added 2018/06/25 2:9 a.m.38 views

Search Secrets in Various File Types: DumpsterDiver

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys based on counting the entropy. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file...

7.1AI score
Exploits0References1
n0where
n0where
added 2018/06/16 8:53 a.m.38 views

Make Tor Network Your Default Gateway: Nipe

Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes...

7.2AI score
Exploits0References1
n0where
n0where
added 2018/05/24 8:12 p.m.38 views

Open Source Deception Framework: DejaVU

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...

0.1AI score
Exploits0References1
n0where
n0where
added 2018/05/08 4:10 a.m.38 views

Exploitation Framework for Embedded Devices: RouterSploit

The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. The RouteSploit Framework consists of various modules that aids penetration testing operations: exploits – modules that take advantage of identified vulnerabilities creds – modules designed to test...

0.3AI score
Exploits0References1
n0where
n0where
added 2017/10/28 6:27 p.m.38 views

Low Resource Defeat of reCaptcha’s Audio Challenge: unCaptcha

Across the Internet, hundreds of thousands of sites rely on Google’s reCaptcha system for defense against bots in fact, Devpost uses reCaptcha when creating a new account. After a Google research team demonstrated a near complete defeat of the text reCaptcha in 2012, the reCaptcha system evolved ...

0.1AI score
Exploits0References1
n0where
n0where
added 2017/08/06 6:46 p.m.38 views

Linux System Optimizer and Monitoring: Stacer

System optimizer apps are quite the thing on platforms such as Windows and Android. Their usefulness, however, is debatable considering how notorious they are when it comes to using system resources. Stacer was created to better optimize your Linux PC in the sense that it packs quite the list of...

1AI score
Exploits0References2
n0where
n0where
added 2017/06/05 6:30 p.m.38 views

Open Sources Research Framework: OSRFramework

Open Sources Research Framework OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regul...

Exploits0References2
n0where
n0where
added 2016/11/01 6:18 a.m.38 views

Malicious Host Intelligence: hostintel

Malicious Host Intelligence This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. Th...

7AI score
Exploits0References11
n0where
n0where
added 2016/06/16 2:4 a.m.38 views

General Purpose Blocker: uBlock

General Purpose Blocker An efficient blocker for Chromium and Firefox. Fast and lean. uBlock Origin or uBlock₀ is not an ad blocker ; it’s a general-purpose blocker. uBlock₀ blocks ads through its support of the Adblock Plus filter syntax . uBlock₀ extends the syntax and is designed to work with...

7AI score
Exploits0References9
Total number of security vulnerabilities1052