High-Speed Packet Generator: MoonGen

MoonGen is a high-speed scriptable packet generator. The whole load generator is controlled by a Lua script: all packets that are sent are crafted by a user-provided script. Thanks to the incredibly fast LuaJIT VM and the packet processing library DPDK, it can saturate a 10 GBit Ethernet link wit...

Web Application Bruteforcer: 0d1n

0d1n is a Open Source web application bruteforcer and Fuzzer. If your objective is automate exhaustive tests and search for anomalies read vulnerabilities 0d1n can increase your productivity following web parameters, files, directories, forms and other things. With 0d1n you can brute force...

Fast Incident Response: FIR

FIR Fast Incident Response is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents. FIR is for anyone needing to track cybersecurity incidents CSIRTs, CERTs, SOCs, etc.. It’s was...

Wireless Toolsuite: WRAITH

Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...

VPN daemon written in Go: GoVPN

GoVPN is simple secure virtual private network daemon. It uses Diffie-Hellman Encrypted Key Exchange DH-EKE for mutual zero-knowledge peers authentication and authenticated encrypted data transport. It is written entirely in Go programming language . All packets captured on a network interface ar...

Free Network Test Utility: Packet Sender

Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. The mainline branch officially supports Windows, Mac, and Ubuntu Desktop Linux. Other places may recompile and redistribute Packet Sender. Packet Sender is free and licensed as GPL v2 or later. It can be...

Open Source Log Analysis: GoAccess

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems . It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...

Reverse Shells With Terminal Support: revsh

revsh is a tool for establishing reverse shells with terminal support, reverse VPNs for advanced pivoting Pivoting , as well as arbitrary data tunneling. A reverse shell is a network connection that grants shell access to a remote host. As opposed to other remote login tools such as telnet and ss...

Rekall Memory Forensic Framework

Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and op...

Multi Purpose Bruteforcer: Patator

Multi Purpose Bruteforcer Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors...

Backdoor Framework

A little server framework for writing back doors Backdoor Framework Definitions: Backdoor: A backdoor is deliberate functionality that bypasses official publicly-documented authorization methods for that software and is intended by the author to be known to a limited audience. Protected Resource:...

Kali Linux

Kali Linux Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers. Kali Linux is preinstalled with over 300...

Collect DNS Records Passively: PassiveDNS

Collect DNS Records Passively A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring NSM and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can...

DNS Enumeration Script: DNSRecon

DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...

Subdomain Enumeration Tool: SubBrute

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting /TA13-088A . This design also provides a layer of...

stunnel – an SSL encryption wrapper

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local inetd-startable or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. Stunnel uses t...

UFONet Open Redirect DDoS Attack

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet. See this links for more info: CWE-601:Open Redirect OWASP:URL Redirector Abuse Installing UFONet UFONet runs on many platforms. It requires Python 2.x.y...

RAWR – Rapid Assessment of Web Resources

RAWR is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats. It uses NMaplive or from file, Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an...

proxychains-ng

ProxyChains is a UNIX program, that hooks network-related libc functions in DYNAMICALLY LINKED programs via a preloaded DLL dlsym, LDPRELOAD and redirects the connections through SOCKS4a/5 or HTTP proxies. It supports TCP only no UDP/ICMP etc. The way it works is basically a HACK; so it is possib...

An Open Source SIP Sniffer: pcapsipdump

An open-source libpcap-based SIP sniffer with per-call sorting capabilities. Listens on a network interface and saves SIP/RTP sessions to files. Each session goes in a separate, fancy-named .pcap file. Those could be opened with tcpdump, wireshark and friends. SIP/RTP sessions are written to disk...

Extract data from pcap files: PCredz

Extract data from pcap files with PCredz This tool extracts Credit card numbers, NTLMDCE-RPC, HTTP, SQL, LDAP, etc, Kerberos AS-REQ Pre-Auth etype 23, HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. PCredz Features: Extract from a pcap file or from a live...

WiFiJammer – Continuously jam all wifi clients/routers

Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective...

packETH – Ethernet Packet Generator

packETH Ethernet Packet Generator packETH is GUI and CLI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet link. It is very simple to use, powerful and supports many adjustments of parameters while sending sequence of...

OWASP SSL audit: O-Saft

O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important...

GRR Rapid Response

GRR Rapid Response is an incident response framework focused on remote live forensics. GRR consists of an agent client that can be deployed to a target system, and server infrastructure that can manage and talk to the agent. Client Features: Cross-platform support for Linux, OS X and Windows...

Nscan: Fast internet-wide scanner

Nscan: Fast internet-wide scanner Nscan is a fast Network scanner optimized for internet-wide scanning purposes and inspired by Masscan and Zmap. It has it’s own tiny TCP/IP stack and uses Raw sockets to send TCP SYN probes. It doesn’t need to set SYN Cookies so it doesn’t wastes time checking if...

Dshell – Network Forensic Analysis Framework

Dshell An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04...

WordPress Vulnerability Scanner: vane

Vane is a GPL fork of the now non-free popular wordpress vulnerability scanner WPScan. Install Vane Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

socat – Multipurpose Relay (SOcket CAT)

socat socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device serial line etc. or a pseudo terminal, a socket UNIX, IP4, IP6 – raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin...

Dex to Java Decompiler: jadx

Command line and GUI tools for produce Java source code from Android Dex and Apk files Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in build/jadx/bin and also packed to...

theZoo aka Malware DB

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis we have decided to gather all of them for you in an available and safe...

Parse Various Log Files: Plaso

Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...

Honeypot Deployment Made Easy: Beeswarm

Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak...

MAT: Metadata Anonymisation Toolkit

MAT: Metadata Anonymisation Toolkit What is metadata? Metadata consists of information that characterizes data e.g. Word documents, pictures, music files, etc. In essence, metadata answers who, what, when, where, why, and how about every facet of the data that is being characterized. Why metadata...

Streisand

The Internet can be a little unfair. It’s way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough . Or is it? Introducing Streisand A single command sets up a brand new server...

Security auditing tool for AWS: AWS Scout2

Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...

OpenGraphiti: Data Visualization Engine

OpenGraphiti is a free and open source 3D data visualization engine for data scientists to visualize semantic networks and to work with them. It offers an easy-to-use API with several associated libraries to create custom-made datasets. It leverages the power of GPUs to process and explore the da...

Sabotage The System: Encryption as Surveillance State Monkey Wrench

Sabotage The System Since Snowden’s 2013 disclosures confirmed long-standing assumptions that the NSA and other Western spy agencies have secretly constructed a massive global surveillance infrastructure – at a cost of well in excess of $50 billion – much focus has been brought to bear on...

Social Engineering Email Sender – SEES

SEES – Social Engineering Email Sender Most of the companies nowadays have their firewalls, threat monitoring and prevention security appliances setup. With these mechanisms in place, security precautions are taken and incidents are monitored. Inbound traffic being restricted, SEES on the other...

HTTP/HTTPs MITM Proxy and Traffic Recorder: Hyperfox

HTTP/HTTPs MITM Proxy and Traffic Recorder Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN Network Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key both provided by the user. If the targe...

Data Stream Encryption: ciphr

Data Stream Encryption Ciphr is a CLI tool for performing and composing encoding, decoding, encryption, decryption, hashing, and other various operations on streams of data. It takes provided data, file data, or data from stdin, and executes a pipeline of functions on the data stream, writing the...

Web Application Brute Force Attack: Crowbar

Web Application Brute Force Attack Crowbar was developed to brute force some protocols in a different manner then other ‘popular’ brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute forcing, Crowbar uses SSH keys. Currently Crowbar supports...

Wireless Network Auditing Tool: FruityWifi

FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system...

Fast Password Cracker: John the Ripper

Fast Password Cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix 11 are officially supported, not counting different architectures, Windows, DOS, BeOS, and OpenVMS the latter requires a contributed patch. Its primary purpose is to detect weak Unix...

CONPOT ICS SCADA Honeypot

CONPOT ICS SCADA Honeypot Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex...

Single Packet Authorization: fwknop

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

Mozilla Defense Platform: MozDef

Mozilla Defense Platform The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders...

Next Generation Snort IPS: Snort3

The Snort++ project has been hard at work for a while now and we have released the third alpha of the next generation Snort IPS Intrusion Prevention System. This file will show you what Snort++ has to offer and guide you through the steps from download to demo. If you are unfamiliar with Snort yo...

Next Generation Penetration Testing Distro: Cyborg Hawk

Next Generation Penetration Testing Distro The world’s most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. It...

Minimalistic CLI Tool to Manage Encrypted Volumes: Tomb

Tomb is an 100% free and open source system for file encryption on GNU/Linux, facilitating the backup of secret files. Tomb is written in code that is easy to review and links commonly shared components. Tomb generates encrypted storage folders to be opened and closed using their associated...