Advanced Dork Searching Utility: Zeus-Scanner

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...

Windows Packet Divert: WinDivert

Windows Packet Divert WinDivert is a user-mode packet capture-and-divert package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10. WinDivert allows usermode programs to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can captur...

Easy Intelligence Gathering: theHarvester

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...

Bruteforcing Web Applications: Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections SQL, XSS, LDAP,etc, bruteforce Forms parameters User/Password, Fuzzing,etc...

Open Source Wireless Security Framework: SniffAir

SniffAir is an open-source wireless security framework. Sniffair allows for the collection, management, and analyzation of wireless traffic. In additional, SniffAir can also be used to preform sophisticated wireless attacks. SniffAir was born out of the hassle of managing large or multiple pcap...

Python Network Hacking Toolkit: Habu

These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Much of the functions are really basic like get our public IP address, but are really useful in some cases. Installation To install Habu, simply: $ pip install habu Dependencies Habu requires: Click...

Office for Mac Macro Payload Generator: MacPhish

Attack vectors There are 4 attack vectors available: beacon creds meterpreter meterpreter-grant For the ‘creds’ method, macphish can generate the Applescript script directly, in case you need to run it from a shell. beacon On execution, this payload will signal our listening host and provide basi...

Ghost In The Net

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan Properties: Network Invisibility Network Anonymity Protects from MITM/DOS Transparent Cross-platform Minimalistic Dependencies: Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and...

Credentials Recovery: The LaZagne Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

Encrypted Exploit Delivery For The Masses: Ironsquirrel

This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...

Search Engine For Hackers: OSINT SPY

Performs OSINT scan on email/domain/ipaddress/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. It includes gathering data from various public sources and their...

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Web Application Security Scanner: Spaghetti

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

Fast and More Efficient Stateless SYN Scanner And Banner Grabber: PolarBearScan

polarbearscan is an attempt to do faster and more efficient banner grabbing and port scanning. It combines two different ideas which hopefully will make it somewhat worthy of your attention and time. The first of these ideas is to use stateless SYN scanning using cryptographically protected cooki...

SIP Based Audit and Attack Tool: Mr. SIP

Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has bee...

Advanced Man In The Middle Framework: Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for penetration testing purposes. It brings various modules together that will help you perform very efficient attacks. You can also use it to perform denial of service attacks and port scanning. Powere...

MSFvenom Payload Creator: MSFPC

MSFvenom Payload Creator MSFPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MSFPC itse...

Remotely Dump Linux RAM: LiMEaide

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

Pharos Static Binary Analysis Framework

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National...

Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...

Linkedin Information Gathering Tool: raven

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Usage of this is application is pretty simple. It requires at least three parameters. The first one is the company name , the second one is the count...

Powershell-based Windows Security Auditing Toolbox: WINspect

WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that need further hardening. The main targets for the current version are...

Packet Trace Parser: Sniffer

Sniffer is a C program that parses and interprets captured Ethernet traffic containing IP datagrams UDP/TCP, and stores the captured payloads, email messages and HTTP cookies sent into files. General Supply any pcap file, produced by tcpdump, that contains a packet trace for the program to use as...

Web-based OSINT and Active Reconnaissance Suite: D0xk1t

Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source , self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers. Based off of the prior command-line script, D0xk1t is now fully capable of...

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

Abusing BITS: BITSInject

Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? We have uncovered the way BITS maintains its jobs queue using a state file on disk, and found...

Onion Decoy Server

A platform to run private unannounced Honeypots as Tor Hidden Services aka Onion Decoys inside the Tor Network. The Onion Decoys are implemented with Docker containers as honeypots. The reason to choose Docker is that it is good at process and filesystem isolation, which ultimately gives the...

Tracking & Visualizing Sysmon Logs: Sysmon View

Sysmon Shell can aid in writing and applying Sysmon XML configuration through a simple GUI interface, it can also be used to learn more about Sysmon configuration options available with each release, in a nutshell: Sysmon Shell can load Sysmon XML files configurations: with version 1.0, I am only...

Encrypted, Anti-Replay, Multiplexed Udp Tunnel: Udp2raw-tunnel

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrpyted, Anti-Replay and Multiplexed. It also acts as a Connection Stabilizer. Features Send / Receive UDP Packet with fake-tcp/icmp headers...

Automate Getting Domain Admin Using Empire: DeathStar

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. Installation Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request...

Capturing, Analyzing and Responding to Cyber Attacks: cyberprobe

The Cyberprobe project is an open-source distributed architecture for real-time monitoring of networks against attack. The software consists of two components: a probe, which collects data packets and forwards it over a network in standard streaming protocols. a monitor, which receives the stream...

Open Distributed Threat Intelligence: Yeti

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...

Create a Fake AP and Sniff Data: mitmAP

A python program to create a fake AP and sniff data new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Features: SSLstrip2 Driftnet Tshark Full featured access point, with configurable speed limit mitmproxy Wireshark DNS Spoofing Saving results...

Kick Devices Off Your Network: KickThemOut

A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them off your local area network. KickThemOut ARP Spoofs devices in your Local Area Network killing their internet connectivity and therefore allowin...

Automate Linux Swap Analysis: swap_digger

swapdigger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. Download Use the following...

Highly Customizable Raspberry Pi USB Attack Platform: P4wnP1

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W required for HID backdoor. Introduction the Windows LockPicker unlock Windows boxes with weak passwords, fully automated by attaching P4wnP1 the HID covert channel backdoor Get remote...

Python Pentesting Framework: PytheM

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

Transparent Proxy Server: sshuttle

Transparent proxy server that works as a poor man’s VPN. Forwards over ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling. Sshuttle solves the following common case: Your client machine or router is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh...

Simple multi-threaded web crawler: dcrawl

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site’s body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...

Automated Android Malware Analysis: CuckooDroid

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files. CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application. CuckooDroid is an automated, cross-platform, emulation and analysis framework based on...

Visualize network Topologies From pcap Files: PcapViz

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

Brute-force Attack Dictionary Builder: pydictor

A powerful and useful hacker dictionary builder for a brute-force attack You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on; You can use the pydictor built-in tool to safe delete, merge, unique, merge and...

Wireless Auditing & Security Testing Toolkit: BoopSuite

BoopSuite is an up and coming suite of wireless tools designed to be easy to use and powerful in scope, that support both the 2 and 5 GHz spectrums. Written purely in python. A handshake sniffer CLI and GUI, a monitor mode enabling script and a deauth script are all parts of this suite with more ...

Packet Manipulation Framework: PcapPlusPlus

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use. What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap? Designed to be lightweight and efficient Support...

Linux Ad & Malware Blocking Script: Hostsblock

Hostsblock is a bash script designed to take advantage of /etc/hosts file to provide system-wide blocking of internet advertisements, malicious domains, trackers, and other undesirable content. To do so, it downloads a configurable set of blocklists and processes their entries into a single...

Advanced Discovery of Privileged Accounts: ACLight

ACLight is a tool for discovering privileged accounts through advanced ACLs Access Lists analysis. It includes the discovery of Shadow Admins in the scanned network. The tool queries the Active Directory AD for its objects’ ACLs and then filters and analyzes the sensitive permissions of each one...

A WebSocket Manipulation Proxy: WSSiP

Short for “WebSocket/Socket.io Proxy”, this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...

Simplify the management of ip(6)tables based firewalls: fwgen

fwgen is a small framework to simplify the management of ip6tables based firewalls, that also integrates ipset support and zones in a non-restrictive way. It is not an abstraction layer of the iptables syntax, so you still need to understand how to write iptables rules and how packets are process...

Man-in-the-middle Router

Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd , dnsmasq , and mitmproxy to create a open honeypot wireless network named “Public”. For added fun, change the network name to “xfinitywifi” to autoconnect anyone...