[ad_1] nmapAutomatorA script that you can run in the background! SummaryThe main goal for this script is to automate all of the process of recon/enumeration

[ad_1] An Obfuscation-Neglect Android Malware Scoring System ConceptsAndroid malware analysis engine is not a new story. Every antivirus company has their own secrets to build

[ad_1] A normal flask web app to learn win32api with code snippets and references. PrerequisiteYou need to download the following package before starting it pip

[ad_1] What’s PAKURIIn Japanese, imitating is called “Pakuru”. ぱくる (godan conjugation, hiragana and katakana パクる, rōmaji pakuru) eat with a wide open mouth steal when

[ad_1] Pylane is a python vm injector with debug tools, based on gdb and ptrace. Pylane uses gdb to trace python process, inject and run

[ad_1] Attack Surface Mapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of

[ad_1] huskyCI is an open-source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further

[ad_1] Shelly adalah sebuah tool sederhana yang ditulis menggunakan Python, yang berfungsi untuk meremote sebuah website Instalation :$ git clone https://github.com/tegal1337/Shelly $ cd Shelly $

[ad_1] A backdoor is a tool used to gain remote access to a machine.Typically, backdoor utilities such as NetCat have 2 main functions: to pipe

[ad_1] Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.It simply tries to procdump machines

[ad_1] OKadminFinder: Easy way to find admin panel of site. Requirements Linux sudo apt install torsudo apt install python3-socks (optional)pip3 install –user -r requirements.txt Windows

[ad_1] The fastest and cross-platform subdomain enumerator. What Findomain can do?It table gives you a idea why you should use findomain and what it can

[ad_1] LazyRecon is a script written in Bash, it is intended to automate some tedious tasks of reconnaissance and information gathering. This tool allows you

[ad_1] The PathAuditor is a tool meant to find file access related vulnerabilities by auditing libc functions.The idea is roughly as follows: Audit every call

[ad_1] Imperva’s customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an

[ad_1] masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these

[ad_1] Extracting api keys and secrets by requesting each url at the your list.Installation python3 -m pip install -r requirements.txt Usage python3 secretx.py –list urlList.txt

[ad_1] ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options

[ad_1] nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files.This project was created for educational purposes, you are the sole responsible for

[ad_1] Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of

[ad_1] TheTHE is an environment intended to help analysts and hunters over the early stages of their work in an easier, unified and quicker way.

[ad_1] Nginx Log Security Analysis Script Features Statistics Top 20 Address SQL injection analysis Scanner alert analysis Exploit detection Sensitive path access File contains attack

[ad_1] EXIST is a web application for aggregating and analyzing CTI (cyber threat intelligence).EXIST is written by the following software. Python 3.5.4 Django 1.11.22 ConceptEXIST

[ad_1] Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components (Docker, Virtualbox and Golang), the communication and

[ad_1] This CyberRange project represents the first open-source Cyber Range blueprint in the world.This project provides a bootstrap framework for a complete offensive, defensive, reverse

[ad_1] Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system.Dsiem provides

[ad_1] This has only been tested on Kali.It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/Install the necessary Kali packages and

[ad_1] Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed

[ad_1] hashcobra Hash Cracking tool. Usage $ ./hashcobra -H–==[ hashcobra by sepehrdad ]==–usage: hashcobra -o <opr> [options] | [misc]options: -a <alg> – hashing algorithm [default:

[ad_1] The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as

[ad_1] A fast web fuzzer written in Go.Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST

[ad_1] This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular fashion so new intelligence

[ad_1] Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills.

[ad_1] ReconPi – A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.Start using that Raspberry Pi — I

[ad_1] CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti (Bari –

[ad_1] Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between

[ad_1] functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO (http://dynamorio.org/).These are some implemented features (based on DynamoRIO):

[ad_1] A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app’s HTTPS traffic using a proxy is probably the

[ad_1] Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to

[ad_1] Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled

[ad_1] RetDec is a retargetable machine-code decompiler based on LLVM.The decompiler is not limited to any particular target architecture, operating system, or executable file format:

[ad_1] Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location

[ad_1] A simple CORS misconfiguration scannerBased on the research of James KettleCORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing

[ad_1] Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key. This works by

[ad_1] Nessus XML Praser Requirements Python3 Django Tested on Ubuntu 18.04 What it does Vulnerability based parsing Service based parsing Host bases parsing Unsupported OS

[ad_1] CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules…How too install, step by

[ad_1] A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos.Features CPU TOP10, memory TOP10

[ad_1] aSYNcrone is a C language based, mulltifunction SYN Flood DDoS Weapon. Disable the destination system by sending a SYN packet intensively to the destination.aSYNcrone’s POWER!!! USAGEgit

[ad_1] Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.pyorgit clone https://github.com/m4ll0k/BurpSuite-Secret_Finder.git now open Burp > Extender > Extensions

[ad_1] Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty

[ad_1] CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of

[ad_1] ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution,

[ad_1] Documentationhttps://docs.rs/goblin/changelog UsageGoblin requires rustc 1.31.1.Add to your Cargo.toml [dependencies]goblin = “0.1” Features awesome crate name zero-copy, cross-platform, endian-aware, ELF64/32 implementation – wow! zero-copy, cross-platform,

[ad_1] Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. Quick reference Where to get help: the Pacu/CloudGoat/CCAT Community Slack,

[ad_1] Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information

[ad_1] The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption.

[ad_1] Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 (and all later versions) workstations/servers and to automate dynamic analysis

[ad_1] Your private data is being traded and sold all over the internet as we speak. Tons of leaks come out on a daily basis

[ad_1] Graphs help to spot anomalies and patterns in large datasets.This script takes netstat information from multiple hosts and formats them in a way to

[ad_1] “Opening Pandora’s Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones” is accepted to the 35th Annual Computer Security Applications Conference (ACSAC)

[ad_1] In this section, we’ll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of

[ad_1] We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new

[ad_1] Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. UsageUsing Corsy is pretty simplepython corsy.py -u https://example.comA delay between

[ad_1] Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their

[ad_1] AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore

[ad_1] RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order

[ad_1] Inspired by https://github.com/jmagnusson/bgtunnel, which doesn’t work on Windows.See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installationsshtunnel is on PyPI, so simply run: pip install sshtunnel or easy_install

[ad_1] Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The

[ad_1] The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from

[ad_1] RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save

[ad_1] DNCI allows the injection of .Net code (.exe or .dll) remotely in unmanaged processes in windows. 1. Project StructureThe project is structured in: DNCI.Injector.Library

[ad_1] Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools

[ad_1] Tooling that automates your social media interactions to collect posts, photos, videos, friends, followers and much more on Facebook. FeaturesA bot which scrapes almost

[ad_1] Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn’t perform authentication against SMB

[ad_1] This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History) and

[ad_1] Cross-platform backdoor using dns txt records. What is ddor?ddor is a cross platform light weight backdoor that uses txt records to execute commands on

[ad_1] In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I

[ad_1] SQL InjectionIn this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL

[ad_1] Blind SQL Injection Tool with Golang.UsageDownload andor.go and go to the folder where the file andor.go located. And type this to command promt:go run

[ad_1] DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. PurposeThis lab has been designed with defenders

[ad_1] [*] RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution is based

[ad_1] Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location

[ad_1] Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of

[ad_1] Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.Installation go get -u github.com/jaeles-project/jaeles Please

[ad_1] As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a

[ad_1] This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based

[ad_1] This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current release only

[ad_1] The Brave Privacy Browser is your fast, safe private web browser with ad blocker, private tabs and pop-up blocker. Browse without being tracked by

[ad_1] Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.The extension

[ad_1] Easier network scanning with NetAss2 (Network Assessment Assistance Framework). Make it easy for Pentester to do penetration testing on network. Dependencies nmap (tool) zmap

[ad_1] Subdomain Scan With Ping Method. Flags Value Description –hostname example.com Domain for scan. –output Records the output with the domain name. –list /tmp/lists/example.txt Lister

[ad_1] IMPORTANTWhen using source or by downloading the code directly from the repository, it is important to run the database upgrade script if you experience

[ad_1] HAL [/hel/] is a comprehensive reverse engineering and manipulation framework for gate-level netlists focusing on efficiency, extendability and portability. HAL comes with a fully-fledged

[ad_1] A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script

[ad_1] threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their

[ad_1] PowerShell Script to perform a quick AD audit _____ ____ _____ _ _ _| _ | | _ |_ _ _| |_| |_| |

[ad_1] SGX-Step is an open-source framework to facilitate side-channel attack research on Intel SGX platforms. SGX-Step consists of an adversarial Linux kernel driver and user

[ad_1] DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the

[ad_1] vulnerability scanner tool is using nmap and nse scripts to find vulnerabilitiesThis tool puts an additional value into vulnerability scanning with nmap. It uses

[ad_1] Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in

[ad_1] Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows

[ad_1] Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that

[ad_1] EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.EyeWitness is designed to run on

[ad_1] Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its

[ad_1] XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping

[ad_1] A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. AbstractTrivy (tri pronounced like trigger, vy pronounced like envy) is a simple and

[ad_1] HTTP/HTTPS proxy over SSH. Installation Local machine: go get github.com/justmao945/mallory/cmd/mallory Remote server: need our old friend sshd Configueration Config fileDefault path is $HOME/.config/mallory.json, can

[ad_1] ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. Current featuresSome features ezXSS has Easy

[ad_1] Specialized privilege escalation checks for Linux systems.Implemented so far: Writable systemd paths, services, timers, and socket units Disassembles systemd unit files looking for: References

[ad_1] Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules

[ad_1] Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including

[ad_1] Inspects source code for security problems by scanning the Go AST. Install CI Installation # binary will be $GOPATH/bin/goseccurl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s

[ad_1] snare – Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot AboutSNARE is a web application honeypot sensor attracting all sort

[ad_1] Virtuailor is an IDAPython tool that reconstructs vtables for C++ code written for intel architecture, both 32bit and 64bit code and AArch64 (New!). The

[ad_1] AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli <action> <context> –target <path> –name <project_name>

[ad_1] Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.sh This

[ad_1] PESTO is a Python script that extracts and saves in a database some PE file security characteristics or flags searching for every PE binary

[ad_1] A POC HTTP Botnet designed to replicate a full weaponised commercial botnet DisclaimerThis project should be used for authorized testing or educational purposes only.The

[ad_1] What is this?Certain characters in passwords (‘O’ and ‘0’, ‘I’ and ‘l’, etc.) can be hard to identify when you need to type them

[ad_1] An extendable tool to extract and aggregate IOCs from threat feeds.Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow

[ad_1] POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be

[ad_1] This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable

[ad_1] LinPwn is a interactive tool created to assist you in post exploitation enumeration and privilege escalation. ConnectionSet your IP and port you want it

[ad_1] XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpasscd XORpass$ php encode.php STRING$ php decode.php “XORed

[ad_1] Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details,

[ad_1] Reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first. Input your email and password

[ad_1] [*] CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom?CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all

[ad_1] An automated blind-xss search plugin for Burp Suite. InstallationGit clone https://github.com/wish-i-was/femida.git Burp -> Extender -> Add -> find and select blind-xss.py How to use

[ad_1] Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well

[ad_1] As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye.

[ad_1] HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the

[ad_1] Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship

[ad_1] IntroductionWeb applications use parameters (or queries) to accept user input, take the following example into considerationhttp://api.example.com/v1/userinfo?id=751634589This URL seems to load user information for a

[ad_1] A ready to use JSONP endpoints to help bypass content security policy of different websites.The tool was presented during HackIT 2018 in Kiev. The

[ad_1] A datasource assessment on an event level to show potential coverage of the “MITRE ATT&CK” framework.This tool is developed by me and has no