Browsing category
urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. How? A group named URLTeam (kudos to them) are brute forcing the URL shortener services and publishing matched results on a daily basis. urlhunter downloads their collections […]
MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features: Verification Service { Check if email exist } Check social accounts with Socialscan Check data breaches [need API] Find related emails Find related phone numbers Find related domains Scan Pastebin Dumps Google Search DNS Lookup You can […]
HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging mechanisms, but instead, it uses […]
byp4xx.sh __ __ __ / /_ __ ______ / // / _ ___ __ / __ / / / / __ / // /_| |/_/ |/_/ / /_/ / /_/ / /_/ /__ __/> <_> < /_.___/__, / .___/ /_/ /_/|_/_/|_| /____/_/ A bash script to bypass “403 Forbidden” responses with well-known methods discussed […]
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10 but NOT on Windows Server 2019). Briefly, it will listen for incoming connection on port 5985 faking a real WinRM service. It’s just a […]
Oblivion is a tool focused in real time monitoring of new data leaks, notifying if the credentials of the user has been leak out. It’s possible too verify if any credential of user has been leak out before. The Oblivion have two modes: Oblivion Client: graphical mode. Oblivion Server: mode with API functionalities. NOTE: […]
Although 2020 has been the worst year since 1945, as last year, this year we made a ranking with the most popular tools between January and December 2020. Topics of the tools focus on Phishing, Information Gathering, Android Hacking Tools, Automation Tools,, among others. Without going into further details, we have prepared a useful list of […]
Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic (request/responses with correct domain name) into burp or any other proxy by simply setting the upstream proxy to proxify. Features Simple […]
Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDIT_CONF_%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus software -APPDATA%COMPUTERNAME% : List all […]
An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from […]
Scanning APK file for URIs, endpoints & secrets. Installation To install apkLeaks, simply: $ git clone https://github.com/dwisiswant0/apkleaks $ cd apkleaks/ $ pip install -r requirements.txt Or download at release tab. Dependencies This package works in Python2 (not Python3). Install global packages: Linux $ sudo apt-get install libssl-dev swig -y OSX $ brew install openssl […]
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to […]
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the […]
An easy-to-use and lightweight API wrapper for the Censys Search Engine (censys.io). Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYS_API_ID and CENSYS_API_SECRET environment variables. $ censys config Censys API ID: XXX Censys API […]
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port (default “8080”) -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365 -gzip Enables gzip/zlib compression (default true) -help Print usage […]
A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements. Besides scanning for access it can be used to identify vulnerable configurations and exfiltrate data. […]
PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you can look at them later Run console […]
This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. The types of devices that are indexed can vary enormously: from small desktops, refrigerators to nuclear power plants and everything in between. You can find […]
A simple reverse shell written in python 3.7 just for fun. Actually it supports Windows and Linux OS and integrates some basic features like keylogging and AES encrypted communications. Supported operating systems: Windows Linux OSX Functions and characteristics: Reverse connection. AES encrypted communications. Multithreaded. Support multiple bots connected at the same time. Keylogger. Possibility […]
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used from a […]
Semi-Automated Cyber Threat Intelligence (ACT) is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT. The main objective of the ACT project is to develop a platform for cyber threat intelligence to uncover cyber attacks, cyber espionage and sabotage. […]