BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4jdatabase fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to […]
Using 0xsp mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks,starting from collecting information stage unitl reporting information through 0xsp Web Application API . Users will be able to scan different linux os system at same time with high perfromance , with out spending time looking […]
PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. PivotSuite as a Server : If the compromised host is directly […]
Beemka shows how vulnerabilities in the Electron Framework could allow an attacker to inject malicious code inside a legitimate application without raising any warnings. Notice: Please note that this article is not about vulnerabilities in Electron applications, but the Electron Framework itself. THIS IS NOT A VULNERABILITY IN THE INDIVIDUAL APPS. Proof of Concept In the […]
A simple one click to install and download, Utools2 toolkit contains some of the best hacking tools used and compiled into one program. Utools2 Features Wireless Hacking Tools Information Gathering Tools WebApp Pentesting Tools BruteForcing Tools Dos/DDOS Attack Tools Wordlist Generators 13 Type Automated Metasploit Payload Generator 12 Best Webshell Collection Install Utools2 git clone […]
Born from an idea of Stefano Fratepietro, DEFT (acronym for Digital Evidence & Forensics Toolkit) is a distribution made for Digital Forensics and Incident Response, with the purpose of running live on systems without tampering or corrupting devices (hard disks, pendrives, etc…) connected to the PC/Mac where the boot process takes place. The DEFT system […]
This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to […]
On March 27 and 28, 2019, Paula presented Briefings and Arsenal sessions at Black Hat Asia 2019 in Singapore. CQURE Team has written over 200 hacking tools during penetration testing. They decided to choose the top 39 tools and pack them in a toolkit called CQTools. This toolkit allows you to deliver complete attacks within […]
YAWAST is a web application penetration testing toolkit that can perform information gathering and basic vulnerabilities (misconfiguration) assessment tasks related to TLS/SSL, Files, directories, and application headers. Regarding SSL/TLS, the toolkit gathers information like certificate details, supported ciphers, and DNS CAA record. The SSL issues detected by YAWAST include expired certificates, self-signed certificates, MD5 signature […]
This software project is a result of a Bachelor’s thesis created at SCHUTZWERK in collaboration with Aalen University by Philipp Schmied.Please refer to the corresponding blog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles features of many other tools in one place Modular and extensible: […]
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe […]
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including: WiFi (WiFi network summary, Detecting beacon, deauth floods etc.) HTTP (Listing […]
Xerosploit is a python-based toolkit for creating efficient Man In The Middle attacks which combines the power of bettercap and nmap. The interface is pretty easy to use. It allows you to scan your network and then generate the right attack for your victim. You can perform a JavaScript injection, sniffing, traffic-redirection, port-scanning, defacement of […]
Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Video Setup git clone https://github.com/halitalptekin/isip.git cd isip pip install -r requirements.txt Usage Packet manipulation tools are in packet cmd loop. First start, you are in the main cmd loop. isip:main> packet isip:packet> Create a new sip packet with […]
Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to […]
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including: WiFi (WiFi network summary, Detecting beacon, deauth floods etc.) HTTP (Listing […]
A Windows 10 OS installation that’s free of all the telemetry data collection, a nagging Cortana, and practically all bloatware — sounds tempting, doesn’t it? Well, strap right in then. A tool called the MSMG toolkit allows you to do just that. And we will show you how to this in simple steps. First of […]
Habu is an open source penetration testing toolkit that can perform various penetration testing tasks related to networks. These include ARP poisoning, ARP sniffing, SNMP cracking, fake FTP server creation, DHCP starvation, DHCP discover, Certificates (SSL/TLS) cloning, Denial of service attacks, TCP port scanning, TCP Flag analysis, social engineering, virtual hosts identification, and web technologies […]
badKarma is a python3 GTK+ toolkit that aim to assist penetration testers during all the network infrastructure penetration testing activity phases. It allow testers to save time by having point-and-click access to their toolkits, launch them against single or multiple targets and interacte with them through semplified GUIs or Terminals. Every task’s output is logged […]
Leviathan is an open source toolkit that can be used for auditing networks and web applications. The types of audits that can be performed with Leviathan include discovery of services running on machines, identifying SQL injections in web applications, analyzing the possibility of bruteforce attacks on discovered machines, and testing the security of pre-discovered machines […]
Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment. The idea behind Scrounger is to make a metasploit-like tool that will not do a pentesters work but help […]