Koadic C3 COM Command & Control – JScript RAT

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

Serverless, Real-time Malware Detection: BinaryAlert

BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...

PowerShell Obfuscation Detection Framework: Revoke-Obfuscation

Revoke-Obfuscation is an open-source PowerShell v3.0+ framework for detecting obfuscated PowerShell commands and scripts at scale. It relies on PowerShell’s AST Abstract Syntax Tree to rapidly extract thousands of features from any input PowerShell script and compare this feature vector against o...

Automated Privilege Escalation: portia

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...

The Windows Malware Analysis Distribution: flare-vm

FLARE VM is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others, FLARE V...

The Ultimate Hosts Blacklist

The Ultimate hosts file for protecting your computer or device against over a million bad web sites. Protect your children and family from gaining access to bad web sites and protect your devices and pc from being infected with Malware or Ransomware. A hosts file for use on any operating system t...

Raspberry Pi Network Security Monitoring: SweetSecurity

Raspberry Pi Network Security Monitoring Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device. Installation: sudo python setup.py Follow prompts to enter appropriate information for chosen installation type Installation Types 1. Full Install : Th...

iOS macOS Remote Administration Tool: EggShell

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

Runtime Mobile Exploration: objection

objection is a runtime mobile exploration toolkit, powered by Frida . It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project’s name quite literally explains the approach as well, whereby...

Automated DLL Enumerator: rattler

Rattler helps identify which application DLL’s are vulnerable to DLL preloading attacks. In a nutshell, DLL preloading attacks allow you to trick applications into loading and executing malicious DLL’s. DLL preloading attacks can result in escalation of privileges, persistence and RCE in some...

Intrusion Detection Avoidance Payload Generator: NPS_Payload

This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Written by Larry Spohn @Spoonman1091 Payload written by Ben Mauch @Ben0xA aka dirtyben. This tool provides a way to generate a PowerShell payloa...

Automated Information Gathering & Service Enumeration: Reconnoitre

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. Usage This...

Microsoft CNG/CryptoAPI Tor Protocol Implementation PoC

mini-tor is a proof-of-concept utility for accessing internet content and hidden service content .onion via tor routers. this utility is aiming for as smallest size as possible currently 47kb, compressed with kkrunchy 20kb, which is achieved by using Microsoft CryptoAPI/CNG instead of embedding...

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

Linux System Optimizer and Monitoring: Stacer

System optimizer apps are quite the thing on platforms such as Windows and Android. Their usefulness, however, is debatable considering how notorious they are when it comes to using system resources. Stacer was created to better optimize your Linux PC in the sense that it packs quite the list of...

Decentralized Peer to Peer File Sharing: iWant

A command-line tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easy discovery of files : As easy as searching for something in Google. File download from...

Android Remote Administration Tool: AhMyth

Android Remote Administration Tool AhMyth consists of two parts : Server side : desktop application based on electron framework control panel Client side : android application backdoor Getting Started From source code Prerequisite : Electron to start the app Java to generate apk backdoor...

the Crypto Undertaker: Tomb

Tomb aims to be a free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links shared GNU/Linux components. At present, Tomb consists of a simple shell script Zsh using standard filesystem tools GNU and the cryptographic API of the...

Artificial Inteligent Packet Inspection Engine: AIEngine

AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS Network Intrusion Detection System functionality, DNS domain classification, network collector, network forensics and many others...

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

AWS CIS Benchmark Tool: Prowler

Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 . It covers hardening and security best practices for all regions related to: Identity and Access Management 24 checks Logging 8 checks Monitoring 15 checks...

Free Personal Self Hosted Dynamic DNS

Free Personal Self Hosted Dynamic DNS with BIND and DNSSEC Environment: Server: static IP, running BIND Home: dynamic IP, running Debian/buntu Key Generation First step is to generate a key on the server. /etc/bind $ sudo dnssec-keygen -a HMAC-MD5 -b 512 -n HOST home.dynamic.n0where.net This...

Archive Cryptography: unarcrypto

Archive Cryptography unarcrypto.py is an educational tool to depict the use of cryptography for password verification, headers and content encryption by popular archivers: zip, 7zip, rar v3 and v5. Supported archives format, encryption and compression algorithms: zip password protected or not,...

Advanced Hash Manipulation: Dagon

Advanced Hash Manipulation Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, an...

Totally Automatic LFI Exploiter & Scanner: LFISuite

Totally Automatic LFI Exploiter & Scanner LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local Fil...

Professional PE file Explorer: PPEE

Professional PE file Explorer Puppy is a lightweight yet strong tool for static investigation of suspicious files. A companion plugin is also provided to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy,...

Interactive Security Reference Tool: BroSec

Interactive Security Reference Tool An interactive reference tool to help security professionals utilize useful payloads and commands Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often...

Advanced Stealthy Dropper: Dr0p1t Framework

Advanced Stealthy Dropper In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks. Features + Generated executable properties: The executable size is smaller compared to other...

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

IoT Network Security Analysis Tool: ASTo

IoT Network Security Analysis Tool Apparatus is a security framework to facilitate security analysis in IoT systems. To make the usage of the Apparatus framework easier the ASTo app was created ASTo stands for Apparatus Software Tool. ASTo is based on electron and cytoscape.js . The application i...

System Integrity Management Platform: SIMP

System Integrity Management Platform The System Integrity Management Platform SIMP is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding...

Open Source OSINT Assistant: datasploit

Open Source OSINT Assistant Utilizing various Open Source Intelligence OSINT tools DataSploit correlates the raw data captured and gives the user, all the relevant information about the domain / email / phone number / person, etc. It allows you to collect relevant information about a target which...

Windows NSA Information Assurance: Locklevel

Windows NSA Information Assurance LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies . This prototype is being shared to encourage industry adoption of these...

Portable Virtual Private Network: goSecure

Portable Virtual Private Network goSecure is an easy to use and portable Virtual Private Network VPN solution. The system consists of a single server and one or many clients. strongSwan is used to establish a Suite B IPsec tunnel with pre-shared keys between the server and clients. The core crypt...

DoD Secure Host Baseline

NSA Information Assurance configuration guidance and files in support of the DoD Secure Host Baseline The Secure Host Baseline SHB provides an automated and flexible approach for assisting the DoD in deploying the latest releases of Windows 10 using a framework that can be consumed by organizatio...

ICS & SCADA Situational Awareness: Grassmarlin

ICS & SCADA Situational Awareness GRASSMARLIN is an open-source software tool that provides a method for discovering and cataloging Supervisory Control & Data Acquisition SCADA and Industrial Control System ICS hosts on IP-based networks. GRASSMARLIN uses a variety of sources to generate this dat...

Security and Privacy Assurance Research: SPARTA Framework

Security and Privacy Assurance Research Developed as a part of MIT Lincoln Laboratory’s test and evaluation role in the SPAR Security and Privacy Assurance Research program , SPARTA SPAR Testing and Assessment framework is a set of software applications used to evaluate the functionality and...

BASS Automated Signature Synthesizer: BASS

BASS Automated Signature Synthesizer BASS pronounced “bæs” is a framework designed to automatically generate antivirus signatures from samples belonging to previously generated malware clusters. It is meant to reduce resource usage of ClamAV by producing more pattern-based signatures as opposed t...

An Analytical Framework for Network Data: Flare

An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...

Python Backdoor Framework: NXcrypt

Python Backdoor Framework: NXcrypt Features NXcrypt is a polymorphic ‘python backdoors’ crypter written in python by Hadi Mene h4d3s . The output is fully undetectable . NXcrypt can inject malicious python file into a normal file with multi-threading system . Run it with superuser’s permissions...

Hiding SSH Servers Behind HTTP: sshttp

Hiding SSH Servers Behind HTTP In case your FW policy forbids SSH access to the DMZ or internal network from outside, but you still want to use ssh on machines which only have one open port, e.g. HTTP , you can use sshttpd . sshttpd can multiplex the following protocol pairs: SSH/HTTP SSH/HTTPS...

Automatically Exercise BloodHound Attack Plan: GoFetch

GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application. GoFetch first loads a path of local admin users and computers generated by BloodHound and converts it to its own attack plan format. Once the attack plan is ready, GoFetch advances towards the...

Salt Open Linux Vulnerability Scanner: Salt Scanner

Salt Open Linux Vulnerability Scanner A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications. Requirements Salt Open salt-master, salt-minion¹ Python 2.7 Salt pip install salt==2016.11.5 Slackclient pip install slackclient==1.0.5 Usage root@localhost pyth...

ARP Firewall: SCUTUM

SCUTUM is an ARP firewall that prevents your computer from being arp spoofed. Scutum controls “arptables” in your computer so it accepts ARP packets only from the gateway. This way, people with malicious intentions cannot spoof your arp table. Scutum also prevents other people from detecting your...

Process Heap Analysis Framework: Python Haystack

Process Heap Analysis Framework python-haystack is an heap analysis framework, focused on searching and reversing of C structure in allocated memory. The first function/API is the SEARCH function. It gives the ability to search for known record types in a process memory dump or live process’s...

Automated ettercap TCP/IP Hijacking Tool: Morpheus

morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host… workflow: 1. attacker - arp poison local lan mit...

Find Exploits in Local and Online Databases: Findsploit

Find Exploits in Local and Online Databases Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes “copysploit” to copy any exploit-db exploit to the current directory and “compilesploit” to automatically compile and r...

Full-Fledged Phishing Framework: FirePhish

FirePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification...

IPv6 Address Spoofing: sylkie

IPv6 Address Spoofing A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. Getting Started Dependencies libseccomp json-c Build Get the code and compile it! Get the code git clone...

DNS Reconnaissance: AQUATONE

DNS Reconnaissance AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for...