FDsploit FDsploit is a File inclusion & Directory Traversal fuzzer, enumeration & exploitation tool. Features The LFI-shell interface provides only the output of the file read or the command issued and not all the html code. 3 different types of LFI-shells can be specified. Both GET/POST requests are supported. Automatic detection of GET parameters. Certain parameters can be […]
BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when certain tools or […]
BoomER is a Command-line interface python open-source framework fully developed in Python 3.X for post-exploitation of targets with the objective to exploit local vulnerabilities on the big three OS’s (Windows/Linux/Mac). The tool allows for interaction with third-party software like Metasploit to chain attacks together. Installation 1 – Go to the Github Repository 2 – git clone https://github.com/Josue87/BoomER […]
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell allows for easier post-exploitation by […]
BOtB (Break out the Box) is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when […]
CMSeek is an open-source tool that analyzes the regex of websites in order to detect flaws and content management system used like Joomla, WordPress, Magento, etc … Installation git clone https://github.com/Tuhinshubhra/CMSeeK cd CMSeek/ pip3 install -r requirements.txt Usage CMSeek can be used as CLI or with arguments Let’s try it out We launch the script […]
Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning transactions. Waiting for a list of transactions and sending out others. Estimating gas for […]
TheFatRat is an easy to use tool which helps in generating backdoors, system exploitation, post exploitation attacks, browser attacks, DLL files, FUD payloads against Linux, Mac OS X, Windows, and Android. It can be combined with msfvenom (Metasploit framework) which can be then utilized to utilise a reverse shell. It offers a lot of features, […]
BeRoot is a post-exploitation tool to check for common misconfigurations which can allow an attacker to escalate their privileges. The main goal of BeRoot is to print only the information that has been found as a possible way for privilege escalation rather than a configuration assessment of the host by listing all services, all processes, […]
A bunch of resources related to Linux kernel exploitation. Exploitation techniques 2019: “Leak kernel pointer by exploiting uninitialized uses in Linux kernel” by Jinbum Park [slides] 2018: “Linux Kernel universal heap spray” by Vitaly Nikolenko [article] 2018: “Linux-Kernel-Exploit Stack Smashing” [article] 2018: “Entering God Mode – The Kernel Space Mirroring Attack” [article] 2018, HitB: “Mirror […]
Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace. RedGhost Features Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl lsWrapper Function to wrap the “ls” command with payload to run payload everytime “ls” is run for persistence Crontab Function to […]
Pacu is an open source AWS exploitation framework created and maintained by Rhino Security Labs to assist in offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. Current modules enable a range of attacks, including user […]
Beemka shows how vulnerabilities in the Electron Framework could allow an attacker to inject malicious code inside a legitimate application without raising any warnings. Notice: Please note that this article is not about vulnerabilities in Electron applications, but the Electron Framework itself. THIS IS NOT A VULNERABILITY IN THE INDIVIDUAL APPS. Proof of Concept In the […]
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers. What is QRLJacking? QRLJacking or Quick Response Code Login Jacking is a simple social engineering […]
ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it’s similar to metasploit framework. ICS Protocol Clients Name Path Description modbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP Client wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version 2 Client(Vxworks 6.x) s7_client icssploit/clients/s7_client.py s7comm Client(S7 300/400 PLC) Exploit Module Name Path Description s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC start/stop s7_1200_plc_control exploits/plcs/siemens/s7_1200_plc_control.py S7-1200 PLC start/stop/reset vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py […]
zeebsploit is a tool for hacking, searching web information and scanning vulnerabilities on the web. Installation $ apt-get install git python $ git clone https://github.com/jaxBCD/Zeebsploit.git $ cd Zeebsploit $ python -m pip install -r requirements.txt $ python zsf.py $ * and follow instruction exploits 14 scanners 10 footprinting 8 requirements: required: requests asyncio aiohttp python-whois […]
Sophisticated threats are Evolving with much more advanced capabilities and giving more pain for analysis even evade the advanced security software such as Antivirus. This comparison is made by the payload ability to bypass the default security frameworks accessible on Windows machines and antivirus systems available, searching for an approach to get a payload that […]
SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on their behalf. […]
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe […]
SCAVENGER is a multi-threaded post-exploitation scanning tool for mapping systems and finding “interesting” and most frequently used files, folders and services. Once credentials are gained, it can scan remote systems (Linux, Windows and OSX) via services like SMB and SSH to scrape that system looking for “interesting” things and then cache the result. SCAVENGER has […]
Disclaimer The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks. DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links […]