Browsing category
rm -rf pic* Are you sure? Are you one hundred percent sure? … allows you to run a command and see what it does to your files without actually doing it! After reviewing the operations listed, you can then decide whether you really want these things to happen or not. What is this […]
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers. This attack vector is made by Mohamed Abdelbasset Elnouby (@SymbianSyMoh) security researcher from Seekurity Labs. […]
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art […]
SSMA is a simple malware analyzer written in Python 3. Features: Searches for websites, e-mail addresses, IP addresses in the strings of the file. Looks for Windows functions commonly used by malware. Get results from VirusTotal and/or upload files. Malware detection based on Yara-rules – https://virustotal.github.io/yara/ Detect well-known software packers. Detect the existence of cryptographic […]
A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their site files, because it is quite common for […]
Information security awareness training may include several demo that describe how attacker may exploit vulnerabilities on system to gain full control on remote devices. If you are looking to demonstrate android application you can use InsecureBankv2. This tool was updated during the BlackHat arsenal and is available for users online, the purpose of this project […]
Creating a malicious application is becoming easier by using some tools. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only. If you are looking to create a […]
Serpico is a penetration testing report generation and collaboration tool. It was developed to cut down on the amount of time it takes to write a penetration testing report. Video Demo of Functionality: Serpico – Demo 1 Additional Video Demos Installation The installation options are: Install Official Release: The prefered method of installation which includes […]
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit . Metasploitable3 is released under a BSD-style license. See COPYING for more details. Building Metasploitable 3 System Requirements: OS capable of running all […]
One of the tools NCC Group released at this year’s Black Hat Arsenal is BinProxy, a tool for understanding and manipulating binary network traffic. In this post, we’ll take a quick tour of BinProxy’s main features and show how you might use the tool for assessing the security of an application that uses a custom protocol. […]
This presentation demonstrates how an attacker can utilise XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be demonstrated live, including post-exploitation scenarios and interesting data that can be obtained from […]
LOG-MD was designed for Windows based systems to audit log and advanced audit policy settings and guide users to enable and configure the audit settings to help push and encourage moving security and detection forward. LOG-MD was also designed to gather the artifacts from malicious activity, referred to as “Malicious Discovery”, faster than the standard methods […]
This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost and are part of APT2’s Knowledge Base […]
Brutal is extremely useful for executing scripts on a target machine without the need for human-to-keyboard interaction ( HID -ATTACK ) .When you insert the device, it will be detected as a keyboard, and using the microprocessor and onboard flash memory storage, you can send a very fast set of keystrokes to the target’s […]
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way. Designed for simplicity, […]
Deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language. Installation $ git clone https://github.com/codepr/creak.git $ cd creak $ python setup.py install or simply clone the […]
PirateBox creates offline wireless networks designed for anonymous file sharing, chatting, message boarding, and media streaming. You can think of it as your very own portable offline Internet in a box! When users join the PirateBox wireless network and open a web browser, they are automatically redirected to the PirateBox welcome page. Users can anonymously […]
CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more! The biggest improvements over the above tools are: Pure Python script, no external tools required Fully concurrent threading Uses ONLY native […]
Lynis is a security auditing for UNIX derivatives like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration […]
Are you sure that you can detect an APT malware? YES or NO, whichever, try ShinoBOT; this is a BOT or RAT simulator for security assessment, pentesting. FEATURES RAT features Execute any command Upload any files Download any files Take a screenshot HOW IT WORKS After the execution of ShinoBOT, it starts the polling to […]
Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Description Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like ” drozer […]