Browsing category
A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self contained div String and hex search […]
This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc… Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy 🙂 Documentation Documentation is available at http://myjwt.readthedocs.io Features copy new jwt to clipboard user Interface (thanks […]
The all-in-one Red Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads […]
This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends of ACL rules which makes it difficult to read and validate the files manually. mud-visualizer will […]
drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables (post-build). It takes unmodified ELF executables as input and exports a modified ELF contianing an embedded user-supplied payload that executes at runtime. Slightly more detail … Drow takes the following steps to create the new patched […]
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com). Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any […]
byp4xx.sh __ __ __ / /_ __ ______ / // / _ ___ __ / __ / / / / __ / // /_| |/_/ |/_/ / /_/ / /_/ / /_/ /__ __/> <_> < /_.___/__, / .___/ /_/ /_/|_/_/|_| /____/_/ A bash script to bypass “403 Forbidden” responses with well-known methods discussed […]
A simple reverse shell written in python 3.7 just for fun. Actually it supports Windows and Linux OS and integrates some basic features like keylogging and AES encrypted communications. Supported operating systems: Windows Linux OSX Functions and characteristics: Reverse connection. AES encrypted communications. Multithreaded. Support multiple bots connected at the same time. Keylogger. Possibility […]
snare – Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot About SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. Documentation The documentation can be found here. Basic Concepts Surface first. Focus on the attack surface generation. Sensors and masters. Lightweight collectors (SNARE) and […]
UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. The strong point of uac-a-mola is that it was created so that other researchers can carry out the work and process […]
An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt Bugs If you get an xml.etree.ElementTree.ParseError: Did you forget to add ‘xmlrpc’ […]
RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection: Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs of DNS based covert channels Blacklist Checking: Query blacklists […]
by Gabriel Ryan (s0lst1c3)(gryan[at]specterops.io) EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual […]
ispy : Eternalblue(ms17-010)/Bluekeep(CVE-2019-0708) Scanner and exploiter ( Metasploit automation ) How to install : git clone https://github.com/Cyb0r9/ispy.git cd ispy chmod +x setup.sh ./setup.sh Screenshots : Tested On : Parrot OS Kali linux Tutorial ( How to use ispy ) info GitHub profile : https://github.com/Cyb0r9 YouTbue channel: https://youtube.com/c/Cyborg_TN Ask Fm (ask me): […]
Penta is is Pentest automation tool using Python3. (Future!) It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers. Installation Install requirements penta requires the following packages. Python3.7 pipenv Resolve python package dependency. $ pipenv install If you dislike pipenv… $ pip install -r requirements.txt Usage $ […]
Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure and […]
Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread.Usage int main() { System sys; Interceptor incp; Exception exp; sys.returnVersionState(); if (sys.returnPrivilegeEscalationState()) { std::cout << “Token Privileges […]
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from […]
Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources. 09/2019 : 1.0Beta Information Gathring Tools (21) Web Hacking Tools(15) Reverse Engineering Tools (15) Exploitation Tools (6) Pentesting & Security Assessment Findings Report Templates (6) Password Attack Tools (4) Shell Tools + Blackarch’s Webshells Collection (4) Walk Throughs & Pentest Processing Helpers (3) […]
Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? (Example: https://github.com/mubix/vt-notify) Feel somewhat safer with Recomposer! Recomposer will take your binary and randomly do the following: Change the file name Change the section names Change the section flags […]
CryptonDie is a ransomware developed for study purposes. Options –key key used to encrypt and decrypt files, default is random string(recommended) –dir Home directory for the attack, default is / –encrypt Encrypt all files –decrypt Decrypt all files –verbose Active verbose mode, default is False Example: python3 cryptondie.py –web-service http://127.0.0.1:5000 –dir /var/www/ –encrypt –verbose […]