Browsing category
DAws is an advanced web shell with a lot of features. There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 PHP functions just to get a command executed). Drops CGI Shells and communicate with them to bypass Security Systems. Uses […]
SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom encrypter with string obfuscation and run-time code compilation features so you can bypass the countermeasures of your target systems like a boss… until they “learn” the technique and behavior of SpookFlare payloads. ___ ___ ___ ___ _ __ ___ […]
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. Features World’s fastest password cracker World’s first and only in-kernel […]
Cain & Abel is an amazing tool that is specifically designed for network administrators and penetration testers to recover various kinds of passwords. It allows easy recovery of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, […]
Turns any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd, dnsmasq, and mitmproxy to create an open honeypot wireless network named “Public”. For added fun, change the network name to “xfinitywifi” to autoconnect anyone who has ever connected to those networks… they are everywhere. MAC Randomization By […]
MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpreter in this case) by the shellcode over SSH […]
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version scip VulDB. Version 2.0 of Nmap NSE Vulscan is available online. This major release […]
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest.Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on […]
Excalibur is an Eternalblue exploit based “Powershell” for the Bashbunny project. It’s purpose is to reflect on how a “simple” USB drive can execute the 7 cyber kill chain. When Excalibur gets connected to the machine, it will run the following: Trys to bypass UAC, or just get administrative rights Gets interface info (IP addresses) […]
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the vulnerability and exploit it, either by using the union technique or a boolean query based technique. It uses a command based interface, allowing the user to indicate the action […]
v3n0m is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Very useful for executing: Cloudflare Resolver[Cloudbuster] Metasploit Modules Scans[To be released] […]
Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream (IPv4 & IPv6 support) Fast network serialization (NetSerializer) Compressed (QuickLZ) & Encrypted (AES-128) communication Multi-Threaded UPnP Support No-Ip.com Support Visit Website (hidden […]
An all-in-one Email spoofing tool that works on Windows and Linux (via Wine).This tool is standalone and doesn’t require you to have Python.Mail Tool v1.2 uses Gmail SMTP, supports attachments and HTML. Make sure to enable access for less secure apps (Gmail will not allow for tampering with email headers if SSL is in use, […]
Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix. By default, the tool will only answer to File Server Service request, which is for SMB. The concept behind this is to target our answers, and be stealthier on the network. This also […]
A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability. […]
(IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike. This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters […]
WIG (WebApp Information Gatherer) is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Each […]
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable […]
Massive SQL Injection Vulnerability Scanner Features multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo targetted scanning by providing specific domain (with crawling) reverse domain scanning both SQLi scanning and domain info checking are done in multiprocessing so the script is super fast at scanning many urls quick tutorial & screenshots are […]
Each day more and more devices are coming online, adding to the ever-growing Internet of Things (IoT). Analysts agree the IoT will grow to many billions of devices over the next decade. The challenge for the IoT ecosystem is to ensure these emerging IoT devices can connect securely and reliably to the Internet and to […]
Generate massive amounts of fake data in Node.js and the browser. Demo https://cdn.rawgit.com/Marak/faker.js/master/examples/browser/index.html Hosted API Microservice http://faker.hook.io Supports all Faker API Methods Full-Featured Microservice Hosted by hook.io curl http://faker.hook.io?property=name.findName&locale=de Usage Browser <script src = “faker.js” type = “text/javascript”></script> <script> var randomName = faker.name.findName(); // Caitlyn Kerluke var randomEmail = faker.internet.email(); // Rusty@arne.info var randomCard = faker.helpers.createCard(); // random contact card containing […]