RTS (Realtime scrapper) is a tool developed to scrap all pasties,github,reddit..etc in real time to identify occurrence of search terms configured. Upon match an email
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use
If you don’t want to give your phone number to a website while creating an account, DON’T GIVE IT TO THEM, because today I’m going
This tool will search an updated database for a specific organization’s ASN then use the latter to look up all IP addresses (IPv4 and IPv6)
Game hacker apps for android allow you to change the code of the games and use it to for your player advantage.
PRET is a new tool for printer security testing developed in the scope of a Master’s Thesis at Ruhr University Bochum. It connects to a
DroidSheep is an android tool developed by Andreas Koch for security analysis in wireless networks. It is basically a session hijacking tool that allows hackers to
PackETH is GUI and CLI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on
Six people in Georgia have been indicted and charged in federal court for charges related to manufacturing and distributing drugs through the dark web.
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels
Paypal credit card phishing script to download and use on remote server.
Carding is term described as a trick whereby products are being shopped/ordered from any online shops e.g Amazon, Jumia, FlipKart using Fake Cards(Credit/Debit).
Threat Intelligence Tools are more often used by security industries to test the vulnerabilities in network and applications. It helps for the collection and analysis
In a bid to bolster its capabilities to tackle threats emanating from hackers, mostly from China and Pakistan, India is all set to have Defence
After a seizure notice showed up on Wall Street Market’s homepage Thursday, authorities are now officially confirming that they’ve seized the market. They have also
Those of you who frequent the darkweb should be familiar with VPN (Virtual Private Network) services and have done some research to find a trustworthy
Malicious is a malware downloading tool written in python 2 that contains 70 scripts to exploit android, windows, macosx and linux machines.
Kidux Pastebin Grabber allows one to easily obtain and create combo lists for cracking any account.
A Third Party developer called “Anonymous” has developed a Linux-self contained App called “Termux” which is used to install Linux based apps in Android and
The single most common causes of a broken Kali Linux installation are following unofficial advice, and particularly arbitrarily populating the system’s sources.list file with unofficial repositories.
Xtreme Download Manager is a powerful tool to increase download speed up-to 500%, save streaming videos from YouTube, Metacafe, Daily-Motion, Google Video or any other
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as
The Tor browser is a powerful free tool for browsing the internet anonymously that also unlocks a portion of the deep web in the form
You’ve heard of malware, ransomware, botnets, and the like. What you don’t hear about is the technology behind these threats. These threats all have to
Developed by Ravi Kumar, Hackode is a popular Android app meant to be used by professionals working in the cyber security domain as well as
With so many different VPNs on the market – all promising to keep you secure and anonymous – how can you find the best VPN
It is extremely easy to access the dark web and even easier to be detected on it if you don’t take precautions. If you are
VPNs are well known and trusted tools for protecting users’ privacy when browsing the Internet. But if you think this is the only thing they
One little secret of the VPN industry is that most VPNs leak .In one in-depth study of Android free VPN apps, researchers found that 84% of the
Android is the biggest organized base of any mobile platform and is developing fast—every day. Besides, Android is rising as the most extended operating system
Cloud Computing Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code.
Web server pen testing performing under 3 major category which is identity, Analyse and Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities.
Certain types of software have long had a reputation for being very expensive. As cloud computing has become more popular, many popular software packages have
Like an intrusion detection system (IDS), an intrusion prevention system (IPS) screens network traffic. An Intrusion Prevention System (IPS) is a framework that screens a
IoAs is some events that could reveal an active attack before indicators of compromise become visible. Use of IoAs provides a way to shift from
The Dark Web, Deep Web or Darknet is a term that refers specifically to a collection of websites that are publicly visible, but hide the
Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are “living off the land”. To bypass
Here we listed and documented the best forums for both networks — the “ClearNet” and “DarkWeb”. Before we get into this, it is important to
Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
When Manhattan’s district attorney received a tip-off about suspicious ATM withdrawals in 2017, authorities never expected to unravel a sophisticated dark net drug operation on
Production values aside, IT podcasts are frequently guilty of treating the audience like they are either an 83-year-old grandmother with only the vaguest notion of
In New Jersey’s largest-ever drug bust, agents seized large quantities of fake Xanax and fentanyl-laced heroin, along with pill presses, mixers and other equipment. The
Here we listed the best operating systems used today by hackers, pentesters, blue and red teamers. (basically anyone in the security sector) These include penetration
Born from an idea of Stefano Fratepietro, DEFT (acronym for Digital Evidence & Forensics Toolkit) is a distribution made for Digital Forensics and Incident Response,
BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most
T-Pot is based on debian. The honeypot daemons as well as other support components being used have been paravirtualized using docker. This allowed developers to run
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort,
This project was a DARPA CFT funded project that is now being released through OWASP. It is focused on providing a live environment for mobile
RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker’s arsenal as well as defender’s
Dracos Linux is an open source operating system provides to penetration testing. Packed with a ton of pentest tools including information gathering, forensics, malware analysis,
Qubes OS is a security-oriented operating system (OS). The OS is the software that runs all the other programs on a computer. Qubes is free
BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up
Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers. This is a long list of Free Software network
SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network
We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends on siem as a part of
Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. Here we’ll
A hacker known as Gnosticplayers has dumped his fifth collection of stolen data on the dark web since February. The latest batch includes data from
pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on
NordVPN is a very popular VPN service with a large customer base. While it is highly recommended on many sites, it can be difficult to
VPN.ac is a Romania-based VPN service that provides users with advanced encryption, very secure apps, and excellent performance. Their network consists entirely of dedicated bare-metal servers
In short, these are just international surveillance alliances representing various countries around the world. These surveillance alliances work together to collect and share mass surveillance
Cyber security affects businesses of all sizes, and in every industry. Today it is a board-level agenda item, which has been placed at number three
Rancher Labs introduced k3OS, the industry’s first extremely lightweight operating system for Kubernetes. It has extremely low resource consumption, minimal operation, and second-level boot, which
Parrot 4.6 Released by Parrot security with so many updates that bring all the hacking tools on the table with new futures and important bug
Docker Hub Hacked, sensitive data more than 190,000 accounts may have exposed. Docker Hub discovered the unauthorized access to a single Hub database On Thursday,
An sms bombing tool for Andriod, Linux and Windows.
Due to popular demand we have listed free IP booters and a tutorial to kick users offline on your PS4 / Xbox.
By attacking the designated IP address assigned to your opponent, you can kick/drop the player and he will be disconnected back to the main menu.
A 33-year-old Danish man was handed a four year and three month prison sentence for his role in an extortion case on April 8. The
This tool is made for Pentesters to use during a penetration test to enumerate and to use in CTF for combine, manipulation, permutation and transform
WiFi-Pumpkin is security auditing tool that provide the Rogue Access Point to MiTM (Man-In-The-Middle) and network attacks. This tool is capable of creating fake access
A brand new Netflix series is inspired by the true story of a German teenager who ran a multi-million dollar dark web based drug empire
Ranger is a command-line driven attack and penetration testing tool, which has the ability to use an instantiated catapult server to deliver capabilities against Windows
Intercepter NG is very similar to wireshark in displaying network packets and able to capture traffic remotely so It enables you to run a packet
Linux Kodachi operating system is based on Debian 9.5 Xbuntu 18.04 LTS, that it will provide you with a secure, anti-forensic, an anonymous operating system
Osmedeus allows you to run a collection of awesome tools for reconnaissance and vulnerability scanning against a target.
This tool will automatically make your basic pentesting tasks like information gathering, security auditing, and reporting.
EasySploit – Metasploit automation (EASIER and FASTER than EVER)
Air India servers shut down for several hours due to the internal glitch that affects the flight operations all around the world and Thousands of
Genesis Store, an invite-only marketplace on the dark web, is offering more than 60,000 stolen profiles. The credentials on sale include credit card details, browser
A detailed list of the top 5 network adapters for wifi hacking with kali linux.
Z-Shadow automates the phishing process by generating links you forward to the victim.
iDope is one of those torrent search engines that are worth being mentioned. It works similar to other well-known torrent search engines like Torrentz or Toorgle
A list of KickassTorrents proxies, mirrors, and some of the popular and best alternatives.
When we have to search something on the Internet, our mind by default goes to Google or Bing. Obviously, our mind is tuned that way,
You can use ropper to look at information about files in different file formats and you can find ROP and JOP gadgets to build chains
Marvel’s latest and perhaps the most anticipated flick ever to be released Avengers: End Game has become an object of controversy lately as hackers and
Demonsaw is a new type of information sharing application that allows you to share your files securely. It’s the next leap in the evolution of
Bully is a new implementation of the WPS (Wifi Protected Setup) brute force attack. It’s almost identical as other already existing WPS brute force attack
According to a recent report, some unprotected databases have leaked around 60 million records. The leaked data allegedly belongs to LinkedIn users. However, the data
A man who processed orders for the darknet vendor account “JetSetLife” has been sentenced to 10 years in prison.
Scapy is a very powerful packet manipulation program and library, written in Python. It allows you to: forge / decode packets of a wide number
If you want to make sure that your true identity remains a secret even if you want to talk over the Internet, you can rely
Net Ghost is the ultimate free solution for all your proxy needs. If you’re looking for a free, simple and, easy to use program which
After being down for over three years, one of the largest and most notorious hacking forums is back online under new ownership.
The LAN Turtle is a covert Systems Administration and Pentesting tool providing stealth remote access, network intelligence gathering, and MiTM (man-in-the-middle) surveillance capabilities through a
Bash Bunny is a simple and powerful multi-function USB attack device and automation platform for all pentesters and sysadmins, designed by Hak5, which allows you
This question has immense value when it comes to Gmail password recovery. Why? When initiating a password reset using the Gmail Contact Form, you have
Secret hack codes are usually hidden from users to prevent misuse and exploit. These codes can reveal additional information, run manufacture tests, factory reset, check
Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and
As reported by Catalin Climpanu, some of the tools used by OilRig attack group have been leaked by a persona using the “Lab Dookhtegan pseudonym”.
The 3DS emulator enables to play your lovable classic games such as Super Mario, Top Gun, Base Wars. Ice climber with your iOS, Android and
Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters,
WiFite2 is a complete rewrite of Wifite – a Python script for auditing wireless networks. It runs existing wireless-auditing tools for you, so you won’t need
Signaling System No. 7 (SS7) is a series of telephony signaling protocols. Also known as CCS7 (Common Channel Signaling System 7) or CCIS7 (Common Channel Interoffice Signaling 7),
SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile
ZMap is an open source single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap
Massive SQL Injection Vulnerability Scanner
South Africa has witnessed an explosion in cybercrime namely due to the advancement of ICT infrastructure and broadband connectivity in both the public and private
iCloudBrutter is a simple python (3.x) script to perform basic bruteforce attack againts AppleID.
DroidJack is an android RAT which gives you the power to establish control over your victim’s Android devices with an easy to use GUI and
Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based
Skype Log Viewer allows you to view all of your Skype chat logs and then easily export them as text files.
Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data
Xplico is an open source network forensic analysis tool that supports HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, Facebook, MSN, RTP, IRC, and Paltalk
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ].
One of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather basic information such as country,
fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with ‘memfd_create’
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as
A notorious hacking group known as FIN7 is still targeting individuals and businesses, despite the recent arrest of three of its members.
A secure browser that protects your privacy is absolutely essential for staying safe online and keeping your data secure from third parties.
Mozilla Firefox is arguably the best browser available that combines strong privacy protection features, good security, active development, and regular updates. The newest version of
Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions
Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications.
A five-man group suspected of stealing thousands of liters of fuel from Paris service stations have been arrested by French Police.
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like
DevKnox is a first of its kind security tool that enables developers to detect and resolve security issues as they write code in Android Studio.
Almost one year after its launch, some very serious vulnerabilities that could lead to online password cracking have been detected in the next-generation Wi-Fi security
Active reconnaissance, information gathering and OSINT built in a portable web application. D0xk1t is an open-source, self-hosted and easy to use OSINT and active reconnaissance web application for penetration testers.
WiFi Bruteforcer is an android application that bruteforces WiFi passwords using an android device. It does not require a rooted device and is very fast
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
Vayne-RaT is Free and Open Source Remote Administration Tool Coded In C#.
The objective of MISP is to foster the sharing of structured information within the security community and abroad.
ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements.
Asia is increasingly becoming a lucrative high-tech crime target for cybercriminals, Singapore receiving much of the attention.
Evilginx 2 is a MiTM Attack Framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
Red Team’s SIEM – easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability for
The Australian Federal Police recently announced the arrest of Evan Leslie McMahon, a 21-year-old IT professional, for selling login details obtained from various streaming services.
J-CODE, a team working against online drug trafficking, recently arrested 61 individuals in connection with opioid trade on the dark web.
Recently, a developer exposed a very serious “security incident” on his blog. A developer’s client sent him a call for help because after the customer
Shadowave is a website that provides a “verified” phishing page to gain login details of the victim.
Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic.
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations, as it combines enumeration, supportive functions and exploitation modules while packing
On March 27 and 28, 2019, Paula presented Briefings and Arsenal sessions at Black Hat Asia 2019 in Singapore. CQURE Team has written over 200
In a recent report, security firm Kaspersky Lab says, based on data obtained from its Kaspersky Security Network, that Game of Thrones is the most
WarBerryPi was built to be used as a hardware implant during red teaming scenarios where we want to obtain as much information as possible in
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux.
CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows
Abdulaziz Abdulazizov, a 19-year-old student in St. Petersburg, is one suspect accused of carrying out a darknet-ordered hit to murder Yevgenia Shishkina, a senior investigator
The Natural Health Services Canada exposed personal information of medical marijuana patients in a breach. This NHS data breach reportedly affected as much as 34,000
A Bitcoin fraudster claims to have made 200 BTC, the equivalent of around $760,000, through dark web domain squatting.
Weevely is a stealth PHP web shell that is designed for remote server administration and penetration testing.
Today Cloudfare announced the 1.1.1.1 App with Warp performance and security technology. “We built Warp from the ground up to thrive in the harsh conditions
The Tor Project, the organization behind the anonymity-focused Tor browser, has announced yet another release. The Tor browser 8.0.8 is now available for use.
Penetration testing & Hacking Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find a
Wireshark, whose old name is Ethereal; It is a program that can run in many operating systems such as Windows, Linux, MacOS or Solaris and
Compared with its competitors, the more open Android has always had a lot of problems in terms of security. Since then, Google has been more
When you can’t find your type of porn on the clearnet, XPlay is where you go to. It’s a full-fledged porn site on the Dark
Bithumb Hacked 3rd time, Yes, One of the worlds largest cryptocurrency exchange Bithumb Hacked by unknown cybercriminals and they have stolen nearly $20 million worth
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their
A platform to run private unannounced Honeypots as Tor Hidden Services (aka Onion Decoys) inside the Tor Network.
With the help of Termux and Inshackle we can easily track unfollowers, Increase your followers, Download Stories, extract profile info and much more.
Toyota hacked, yes, Toyota major subsidiaries network compromised by unknown hackers and they gained unauthorized access to the network where Toyota stored nearly 3.1 million
The Ubuntu 19.04 (Disco Dingo) official version is scheduled to be released on April 18 this year, and today Canonical released the Ubuntu 19.04 Beta
WebTech is a Python software that can identify web technologies by visiting a given website, parsing a single response file or replaying a request described
Social media and darknet sites have replaced traditional systems as the most preferred vehicles of drug sales.
Commando VM launched by FireEye, aiming to provide a Windows distribution that focused on supporting penetration testers and red teamers.
A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened users of Windows systems.
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Verifying a file’s cryptographic signature can deduce its origin or trustability. Unfortunately on macs there’s no simple way to view a file’s signature via the
We have compiled a massive list of onion links. See our contents at a glance to jump to the specific category or press control +
Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap
Once again, there is another data leak exposing personal data and business intelligence information from an unsecured source.
Beagle is a tool which aims to accelerate an analyst’s ability to respond to incidents by allowing them to quickly and reliably generate incident response
Tencent IoT Hunter is a framework tool which is developed to gather IoT threat intelligence. It focus on the whole IoT malware analysis life cycle
Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow
Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor).
Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced hacking tools to penetrate WPA/WPA2/WPS/WEP wireless
SniffAir is an open-source wireless security framework which allows you to collect, manage and analyze wireless traffic. It also provides the ability to perform sophisticated
BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a tested environment on the wire. It is designed to study the
Security analytics and machine learning processes are fueling the next generation of cyber defenses, helping to address persistent problems in the industry like a skills
Jokeroo, a new Ransomware-as-a-Service (RaaS), is now on offer to affiliates in several membership packages.
Yesterday, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.
A darknet vendor named Gnosticplayers is selling 26 million records from six companies. This is the fourth in a series of data sales he’s made
Instantbox spins up a temporary linux systems with Instant webshell access from any browser
Russians will experience stricter internet regulations now that President Putin has signed proposed bills by parliament into law.
With the release of version 67 of Firefox, which is scheduled for May 2019, Mozilla is set to add a new anti-fingerprinting method for users
Toppo is a beginner level CTF and getting the first shell and then root, are only needed to succeed.
SickOS 1.2 is the second Boot2Root Challenge in SickOS Series and is available at Vulnhub. This is an interesting CTF and requires think-out-of-the-box mentality. This
Cyber Threat Intelligence tool launched by Guardicore Labs, it offers information based on malicious Internet IP addresses and domains detected by Guardicore.
SilkETW is a flexible tool aimed to reduce the complexities of ETW(Event Tracing for Windows) and to put actionable data in the hands of researches
This project was developed for the Computer Security course at the developers academic degree. Basically, it will encrypt your files in background using AES-256-CTR, a
A Free MultiOS PHP Interface Botnet with VB.NET and Python based Stub and VB.NET Builder
OSIF is an accurate facebook account information gathering, all sensitive information can be easily gathered even though the target converts all of its privacy to
Rap verses are frequently brought in as “proof” in U.S. courts, with artists confronting discipline for their public portrayal and choice of lyrics.
Xerxes is the most powerful DOS tool of 2019 and comes with enhanced features for stress testing. It provides the capacity to launch multiple independent
Master the art of identifying vulnerabilities within the Windows OS and develop the desired solutions for it using Kali Linux.
Over 100 recipes for penetration testing using Metasploit and virtual machines
Gain practical experience of creating security solutions and designing secure, highly available, and dynamic infrastructure for your organization
Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks,
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise
The Red Team Field Manual (RTFM) is a no fluff, but thorough reference guide for serious Red Team members who routinely find themselves on a
Earlier this month, NSA open-sourced Ghidra – its reverse engineering tool. Right after its release, researchers began discovering bugs in the tool. One such critical
SigintOS; as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. This distribution is based on Ubuntu Linux. It has its own
Google Photos offers numerous beneficial features to users for managing photos. One such feature includes auto-tagging of photos using image metadata. The app utilizes geo-coordinates,
This is a proof-of-concept stealthy backdoor aimed to aid red teams in maintaining control of their targets during security evaluation process. Project also intends to
ACsploit is an interactive command-line utility to generate worst-case inputs to commonly used algorithms. These worst-case inputs are designed to result in the target program
CEH v10 – Certified Ethical Hacker v10 full PDF is Available for Download now.
CEH V10 : Certified Ethical Hacker v10 Lab Tools Download.
The Metasploit Project is a computer security project that provides information on vulnerabilities, helping in the development of penetration tests and IDS signatures. Metasploit is
Player Unknown’s Battle Ground (Yes! PUBG is an acronym in case some of you did not know) is the latest addiction of gamers. It is
Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able
You think your passwords are strong and secure? You are mistaken! There are numerous options to secure your password, but when it comes to the
Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.
Cat Nip will perform an automatic penetration test on a desired website including information gathering, reconnaissance and reporting.
A fileless malware, recently spotted by TrendMicro, steals online banking credentials by accessing remote control of users’ devices. It also steals devices and email accounts
Whether it’s reconnaissance or some useful email address validation pre-processing, it might be handy to know a few things about telnet email address validation. This
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a standard that helps protect email senders and recipients from spoofing, spam and phishing. With this, mail
DKIM email security standard was designed to make sure messages were not altered or compromised in transit between sender and receiver. It uses public-key cryptography
Quick overview of SPF email validation protocol (Examples, Vulnerabilities).
dnSpy is a tool to reverse engineer .NET assemblies, including .NET debugger, a decompiler and an assembly editor. This tool can be easily extended by
Dante Socks Proxy Server is developed by Inferno Nettverk A/S, and it consists of a SOCKS server and a SOCKS client, implementing RFC 1928 and
CMSeeK is a CMS detection and exploitation tool, written in Python3, capable of scanning numerous content management systems including WordPress, Joomla, Drupal, etc. It allows
A very short overview of Wireless Security Protocols including WEP, WPA, WPA2 and WPA3. For each of them we’ll try to point out both their
There might be a time where you picked up an old laptop and had a bios password lock enabled but no clue to reset it.
NSA released Ghidra a free reverse Engineering tool for Malware analyst with an interactive GUI capability that runs on various platforms including Windows, Mac OS,
Google security researchers publicly disclosed the macOS kernel vulnerability.
Since the first release in 2013 with 1.0.0, Kali Linux has updated 24 different versions with many upgrades and bug fixes. Here we will take
Financial software company Intuit recently learned that TurboTax account users’ tax return information was compromised in a credential stuffing attack. In a security notice, Intuit
A full year after the Russian social media platform VKontakte failed to reward a security researcher for a vulnerability tip, or to even fix the
Where’s the breach? In 2015 and 2016, it was at Wendy’s, when attackers infected 1,025 of its restaurants’ point-of-sale systems with malware, leading to the
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur
A little VBScript E013 that steal Wifi passwords from Windows. Into the file WifiName.txt you can see the password of every saved wifi available on
Hcxdumptool is small tool to capture packets from wlan devices. After capturing, upload the “uncleaned” cap here to see if your application or the client
chntpw is a Kali Linux tool that can be used to edit the windows registry, reset a users password, and promote a user to administrator,
SQL injection is a standout amongst the most widely recognized attacks against web applications. Here is the list of Best SQL Injection Tools 2019.
fsociety is a penetration testing framework consists of all penetration testing tools that a hacker needs. It includes all the tools that involved in the
Masscan has been around for some time now and already it’s in use by pentesters all around. It’s a reconnaissance tool which can transmit up to 10 million
Instagram-Py is a straightforward python script to perform brute force attack against Instagram , this script can sidestep login restricting on wrong passwords , so
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Splice Admin is a remote Windows administration tool. It allows you to retrieve information and interact with remote machines on your network.
SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet,
With the development of the Internet, personal information is becoming more and more transparent. For preventing the leak information, many security teams are interested in developing
Import VM to the Virtualbox and turn on. Use netdiscover to determine the IP Address of the machine, then add this IP to your local
Start the Virtual machine and use Netdiscover to find its IP Address. Register this IP to your local DNS file “/etc/hosts”. sudo netdiscover -r [IP/subnet]
Once the image loaded up,we need to figure out the IP address of the host. nmap -sn -PE 192.168.1.200-254 Ok, so the host pulled .207
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks
Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan,
Anomor automates the phishing process by generating links you forward to the victim.
Tweetlord is an open source Twitter profile dumper (downloader) with the on-the-fly account swapping support for bypassing the rate limit restrictions.
Instainsane is an Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number
Here we will discuss how to hack Facebook with kali linux, as well as, to develop understanding of how fake web pages are created, so
If you are currently struggling with getting traffic to your website, or converting that traffic when it shows up, you may think you’ve got a
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. Key Features Intelligence processes and procedures for response mechanisms Master
This 25th anniversary edition of Steven Levy’s classic book traces the exploits of the computer revolution’s original hackers — those brilliant and eccentric nerds from
A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration testers and hackers. About This Book Employ advanced pentesting
Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes.
Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of
Linux Kernel Development details the design and implementation of the Linux kernel, presenting the content in a manner that is beneficial to those writing and
The world’s most infamous hacker offers an insider’s view of the low-tech threats to high-tech security. Kevin Mitnick’s exploits as a cyber-desperado and fugitive form
The vulnerability allows an attacker to obtain victim audio before the victim answers a FaceTime call, causing user privacy to be compromised.
Love you malware changes tactics as it targets Japan and spreads the ransomware Gandcrab 5.1. Malspam campaign, “Love you,” named after its attachment’s subject title, has a
The BBC in the UK has recently highlighted a problem affecting fans of some high-profile YouTubers. It seems they are being targeted by a YouTube
In a press release published on 30th January, European aerospace corporation Airbus announced they were the victim of a security breach. In the statement, the
Revolution OS is a documentary film that tells the inside story of the hackers who rebelled against Microsoft and created GNU/Linux and the Open Source
AIMSICD is an app to detect IMSI-Catchers. IMSI-Catchers are false mobile towers (base stations) acting between the target mobile phone(s) and the real towers of
cSploit is a free/libre and open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit
Routersploit is an open source framework used for exploiting vulnerabilities in embedded devices like routers.
Hping3 is basically a TCP IP packet generator and analyzer! It is common for generating packets but mostly used for denial of service attacks or
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
Avet is a tool for building exe files with shellcode payloads for antivirus evasion.
Can Hackers Be Heroes is a short documentary film from PBS Digital Studio. Many people think of hackers as cyber criminals, breaking into computer systems
Cyber War is a documentary film from Al Jazeera media network. The film is all about US cyber security and state-sponsored hacking attacks.
Inside the Dark Web turns to the topic of internet surveillance concerning the pros and cons of the ability for everything that passes over the
Zero Days is a documentary film produced by VPRO. The film talks about cyber security and online black markets. Zero Days paints a frightening portrait of
The 16×9 takes viewers into a “Hackers World” through interviews and news reports. It features the infamous hacker collective “Anonymous” — Anonymous is a decentralized
Free the Network is a documentary film from MotherBoard. The film talks about the Occupy Wall Street, hacktivism, and the hackers trying to build a
Defeating the Hackers is documentary film directed by Kate Dart for BBC Horizon series. The film explores the hacker community and computer security through various
Cyber attacks are common and show how vulnerable our digitally interconnected lives have become.
GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights. It is an
Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which
Threat intelligence chat bots are useful friends. They perform research for you and can even be note takers or central aggregators of information.
Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to
Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices.
Nipe is a Script to make Tor Network your Default Gateway.
OnionShare is an open source tool that allows you to share files securely and anonymously. It supports file(s) of any size.
Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan
Xnspy is a mobile spying app that offers the craziest spying features on both iPhone and Android smartphones.
Keylogging is the malicious action of spying on the keyboard input of a target user. This is done in secret by malware applications that steal
Beelogger allows you to generate a keylogger in a document format which can be executed via emails
Ghostpress is a free anti-keylogging software that prevent malicious software from capturing your keyboard presses.
Spykeyboard is a script which allows us to generate an undetectable keylogger which sends the captured keys to our gmail mail.
Each day more and more devices are coming online, adding to the ever-growing Internet of Things (IoT). Analysts agree the IoT will grow to many
Instead of spending time installing, configuring and setting up various tools required for IoT pentesting, here is a pre-made distro for you containing the tools
Heathen Internet of Things Penetration Testing Framework developed as a research project, which automatically help developers and manufacturers build more secure products in the Internet
Apparatus is a security framework to facilitate security analysis in IoT systems. To make the usage of the Apparatus framework easier the ASTo app was
Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to
Naked Citizens is a documentary film that shows how online and CCTV surveillance data is being used to arrest “terror suspects”.
Are You Tired of All The Spying and Lack of Privacy on The Internet? Keep Reading to Learn The Secrets to Staying Anonymous
A practical guide to deploying digital forensic techniques in response to cyber security incidents
WE ARE ANONYMOUS is the first full account of how a loosely assembled group of hackers scattered across the globe formed a new kind of
he Basics of Hacking and Penetration Testing, 2nd Ed. serves as an introduction to the steps required to complete a penetration test or perform an
Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either.
Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities.
Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities.
jSQL Injection is a Java application for automatic SQL database injection.
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. Its flexible architecture allows you the full control
PhEmail is a python based email phishing tool that automates the process of sending phishing emails as part of a social engineering test.
Modlishka is a very powerful Reverse Proxy tool that allows you to run phishing campaigns. It can be very useful to all pentesters since Modlishka
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element.
Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a
WireShark is the world’s foremost network protocol analyzer, and an essential tool for any system administrator or cybersecurity professional. This tool is also free and
Binwalk is a fast, easy to use tool for analyzing and extracting firmware images
ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps.
ID Pro combines an interactive, programmable, multi-processor disassembler coupled to a local and remote debugger and augmented by a complete plugin programming environment.
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is
FLARE VM is the first of its kind freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators,
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi-function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features an all-in-memory
JSRAT is a python Script that can be used to get a remote shell of victim pc.
A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.
Ahmyth is an open source remote access tool and has many features you would expect to see in a RAT such as Geo location monitoring,
Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote
ANDRAX is the first and unique penetration testing platform developed specifically for Android smartphones, now available internationally. It has the ability to run natively on
Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners.
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processed results will be used
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable
Parrot is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost
BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up
Kali Linux is an advanced penetration testing Linux distribution used for penetration testing, ethical hacking and network security assessments.
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion,
Maltego is a visual link analysis tool that, out the box, comes with open source intelligence (OSINT) plugins, called transforms.
An OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.
SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a
OSINT Framework, as its name implies, is a cybersecurity framework, a collection of OSINT tools to make your intel and data collection tasks easier.
DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.
Google Dorks To Find Vulnerable WordPress Sites
Google Dorks List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the
Google Dorks for 2019 – Finding Insecure Websites
The softScheck Cloud Fuzzing Framework (sCFF) is a set of tools, aiming to make Cloud fuzzing easy. It aims to become a framework where fuzzers
The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed
Peach is a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them.
Boofuzz is a fork of and the successor to the Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility, with the eventual goal of being
tgcd is a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. This can also be used by network analysts
Nmap is a free and open source utility for network discovery and security auditing. Network mapper was designed to rapidly scan large networks, but works
Dsniff, as the name implies, is a network sniffer – but designed for testing of a different sort.
Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix. By default, the
A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets
CAINE (Computer Aided INvestigative Environment) is an Ubuntu-based GNU/Linux live distribution created as a project of digital forensics.
Ghiro is an open source software for digital photo and digital image forensics. The forensic analysis is fully automated, report data can be searched or
The Volatility Framework is a totally open accumulation of tools, executed in Python under the GNU General Public License, for the extraction of computerized antiquities
The Autopsy is a forensic tool which is used by the military, law enforcement, and corporate examiners to investigate what had happened on a smartphone
The SIFT Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of
Layer 7 attacks harness the web application logic and aim at exhausting the resources of a web server as it processes “tough” queries, as well as
PyDDoZ is a powerful, human-friendly DDoS tool using application layer (L7) attack techniques. It has nice logging, proxifying, automated bots requests, randomizing data, multiple HTTP
LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP
ZIB is fully undetectable and bypasses all antivirus by running on top of Python27’s pyinstaller, which is used for many legitimate programs. The only possibility
Davoset is command line tool for conducting DDoS attacks on the sites via Abuse of Functionality and XML External Entities vulnerabilities at other sites.
This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden
XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process,
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with
The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed
Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud.
With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key
Crypton is an educational library to learn and practice Offensive and Defensive Cryptography.
BeeCrypt is a cryptography library toolkit that includes the highly optimized C as well as the implementations of the assembler of many well-known algorithms in
Brutescrape is a tool designed to parse out text from specific web pages and generate password lists for bruteforcing with this text.
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security:
Mimikatz is a post-exploitation tool written by Benjamin Delpy (gentilkiwi). It’s now well known for extracting plaintexts passwords, hash, PIN code and kerberos tickets from
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports
1. Tamper Data Tamper data is a great tool to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from
Whenever we send a packet to any hostnames or targets, that packet contains our IP address in the IP header. If we make a TCP
Cybarrior was founded in 2019 and aims to provide the best online security platform for future and expert cyber professionals around the globe.
Forward any inquiries or requests to admin@cybarrior.com
