MS-Word Payload Delivery: Macro Creator

Invoke-MacroCreator is a powershell Cmdlet that allows for the creation of an MS-Word document embedding a VBA macro with various payload delivery and execution capabilities. Description Basically the script supports three types of payload that you MUST specify using the -t argument: 1. shellcode...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

Automated WPA Phishing Attacks: WiFiPhisher

Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an ea...

Qt C++ radare2 GUI: Cutter

A Qt and C++ GUI for radare2 reverse engineering framework originally named Iaito. Cutter is not aimed at existing radare2 users. It instead focuses on those whose are not yet radare2 users because of the learning curve, because they don’t like CLI applications or because of the...

Automated Adversary Emulation System: CALDERA

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge ATT&CK...

WebSocket C2 Communication Channel: WSC2

WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server. WSC2 is composed of: a controller, written in Python, which acts as the C2 server an agent running on...

Linux Memory Cryptographic Keys Extractor: CryKeX

Some work has been already published regarding the subject of cryptograhic keys security within DRAM. Basically, we need to find something that looks like a key entropic and specific length and then confirm its nature by analyzing the memory structure around it C data types. The idea is to dump...

Machine Learning Image Steganalysis: Aletheia

Aletheia is a steganalysis tool for the detection of hidden messages in images. The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. Unlike cryptanalysis, steganalysis generally starts...

Transparent Man-in-the-Middle TLS Proxy: ratched

ratched is a Man-in-the-Middle MitM proxy that specifically intercepts TLS connections. It is intended to be used in conjunction with the Linux iptables REDIRECT target; all connections that should be intercepted can be redirected to the local ratched port. Through the SOORIGINALDST sockopt,...

Applicative Protocol Multiplexer: SSLH

sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client. Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be...

Web Privacy Measurement Framework: OpenWPM

Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although...

Password Recovery Platform: Wavecrack

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat . The interface tries to be as user-friendly as possible and facilitates the password...

Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...

Free, Open-Source Remote Administration Tool for Windows: QuasarRAT

Quasar is a fast and light-weight remote administration tool coded in C. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream IPv4 & IPv6 support Fast network serialization NetSerializer Compressed...

Open Source Threat Intelligence Gathering & Processing Framework: GOSINT

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...

Linux Process Hunter: Prochunter

Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...

Node.js VoIP penetration testing framework : Bluebox-ng

Bluebox-ng : Node.js VoIP penetration testing framework Features Auto VoIP/UC penetration test Report generation Performance RFC compliant SIP TLS and IPv6 support SIP over websockets and WSS support RFC 7118 SHODAN, exploitsearch.net and Google Dorks SIP common security tools scan,...

Network Interference Detection Tool: ooniprobe

OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software FL/OSS to share observations and data about the various types, methods, and amounts of network tampering in...

PowerShell Penetration Testing Framework: Nishang

Nishang is an open source framework and collection of powerful PowerShell scripts and payloads that you can use during penetration testing audit, post exploitation phase or other stages of offensive security auditing. Nishang is useful during various phases of a security auditing process and has...

Interface Aware Fuzzing for Kernel Drivers: DIFUZE

Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system...

Popular Pentesting Scanner: v3n0m

v3n0m is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and...

Phishing Framework with 2FA Token Support: CredSniper

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token. Benefits Fully supporte...

PowerShell Post-Exploitation Agent: Empire

Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architectur...

Social Engineering Framework: Cartero

A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and...

A Managed Password Cracking Tool: GoCrack

FireEye’s Innovation and Custom Engineering ICE team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks. Simply deploy a GoCrack server...

Perform Local Searches For Known Vulnerabilities: cve-search

cve-search is a tool to import CVE Common Vulnerabilities and Exposures and CPE Common Platform Enumeration into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually fast...

Onion Service nMap Scanner: Onion Map

Use nmap to scan hidden “onion” services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS...

Onion Routed Cloud: ORC

Onion Routed Cloud is a decentralized, anonymous, object storage platform owned and operated by allies in defense of human rights and opposition to censorship. ORC is a volunteer run cloud storage network that protects users from surveillance and puts them in control of their data. Use cases: For...

Low Resource Defeat of reCaptcha’s Audio Challenge: unCaptcha

Across the Internet, hundreds of thousands of sites rely on Google’s reCaptcha system for defense against bots in fact, Devpost uses reCaptcha when creating a new account. After a Google research team demonstrated a near complete defeat of the text reCaptcha in 2012, the reCaptcha system evolved ...

Distributed File Analysis Framework: Assemblyline

Assemblyline is a scalable distributed file analysis framework . It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, ...

Security Focused Desktop Operating System: Qubes OS

Qubes OS is a security-oriented operating system OS. The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software FOSS. This means that everyone is free to use, copy,...

Fastest and Most Advanced Password Recovery Utility: Hashcat

hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enab...

DumpsterFire Toolset: Security Incidents In A Box

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support a...

Cloud Client Side File Encryption: Cryptomator

Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors...

DNS Diagnostics & Performance Measurement Tools: DNSDiag

Ever been wondering if your ISP is hijacking your DNS traffic ? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to ma...

Massive SQL Injection Scanner: SQLiv

This tool will give you the SQLi Vulnerable Website Just by Adding the Dork. Features 1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo 2. targetted scanning by providing specific domain with crawling 3. reverse domain scanning Note : Both SQLi scanning and domain info...

NET Debugger & Assembly Editor: dnSpy

dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor and more and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies eg. malware without crashing...

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

Wireless Monitoring, Intrusion Detection & Forensics: Nzyme

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog Open Source log management setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode. Think about this like a long-term months or years...

New and Improved Version of airpwn: airpwn-ng

Features Inject to all visible clients a.k.a Broadcast Mode Inject on both open networks and WEP/WPA protected networks Targeted injection with -t MAC:ADDRESS MAC:ADDRESS Gather all visible cookies Broadcast Mode Gather cookies for specific websites –websites websiteslist.txt In this scenario,...

UEFI Firmware Parser

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

BLE Scanner for Smart Devices Hacking: BLEAH

A BLE scanner for “smart” devices hacking based on the bluepy library, dead easy to use because retarded devices should be dead easy to hack. How to Install Install bluepy from source: git clone https://github.com/IanHarvey/bluepy.git cd bluepy python setup.py build sudo python setup.py install...

HTTP Virtual Host Scanner: VHostScan

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios where results...

Twitter OSINT Tool Tinfoleak

tinfoleak is an open-source tool within the OSINT Open Source Intelligence and SOCMINT Social Media Intelligence disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic...

Java RMI Enumeration & Attack Tool: BaRMIe

BaRMIe is a tool for enumerating and attacking Java RMI Remote Method Invocation services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools...

Open Source Invalid Traffic Detection: Nameles

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. Comprehensive Detection Detects display, video and in-app based ad fraud, web scraping and other...

Malware Triage Tool: pftriage

pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware. Dependencies pefile filemagi...

TCP Stream Replay Tool: TCPCopy

Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of Internet server applications, we develop a live flow reproduction tool – TCPCopy, which could generate the...

Advanced Policy Firewall: APF

Advanced Policy Firewall APF is an iptablesnetfilter based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an...

Open Source BitLocker Password Cracking Tool: BitCracker

BitCracker is the first open source BitLocker password cracking tool. BitLocker is a full-disk encryption feature available in recent Windows versions Vista, 7, 8.1 and 10 Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authenticati...