Browsing tag
The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ) injects the shellcode generated into one template (example: python) “the python funtion will execute the shellcode into ram” and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller […]
Meterpreter_Paranoid_Mode.sh allows users to secure your staged/stageless connection for Meterpreter by having it check the certificate of the handler it is connecting to. We start by generating a certificate in PEM format, once the certs have been created we can create a HTTP or HTTPS or EXE payload for it and give it the path […]
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents […]
gOSINT is a small OSINT framework in golang, it’s actually in development and still not ready for production if you want, feel free to contribute! What gOSINT can do Find mails from git repository Find Dumps for mail address Search for mail address linked to domain/mail address in PGP keyring Retrive Info from domain whois (waiting to […]
One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser: Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper: Give it an uploaded-backdoor URL and it returns a download-&-execute liner ready […]
A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby >= 2.4.2 installed on your system and then install all required dependencies by opening a command prompt / terminal in the WPXF folder and running bundle install. If […]
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third […]
A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander. Added Features: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web application Enumeration. Scan Support for Mongo,CouchDB and Redis Dictionary Attack Support for Mongo,Cocuh and Redis Enumeration Module added for the DB’s,retrieves data in […]
Tiredful API is intentionally designed broken app. The aim of this web app is to teach developers, QA or security professionals about flaws present in webservices (REST API) due to insecure coding practice. Who can use Tiredful API? Web developers Web Pentesters Security Professionals Student What is included in Tiredful API? I tried to cover […]
Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream (IPv4 & IPv6 support) Fast network serialization (NetSerializer) Compressed (QuickLZ) & Encrypted (AES-128) communication Multi-Threaded UPnP Support No-Ip.com Support Visit Website (hidden […]
DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim’s machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication. This project was initially inspired by the fantastic Empire framework, but also as an objective to learn Python. Features DBC2 main features: Various […]
IP-Biter is an open source, easy to deploy, tracking framework that generate high configurables and uniques tracking images and links to embed in e-mails, sites or chat systems and visualize, in an hacker-friendly dashboard, high detailed reports of the tracked users who visualize the image or open the links. Features Very high configurable tracking image […]
Features Auto VoIP/UC penetration test Report generation Performance RFC compliant SIP TLS and IPv6 support SIP over websockets (and WSS) support (RFC 7118) SHODAN, exploitsearch.net and Google Dorks SIP common security tools (scan, extension/password bruteforce, etc.) Authentication and extension brute-forcing through different types of SIP requests SIP Torture (RFC 4475) partial support SIP SQLi check […]
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third […]
Nishang is an open source framework and collection of powerful PowerShell scripts and payloads that you can use during penetration testing audit, post exploitation phase or other stages of offensive security auditing. Nishang is useful during various phases of a security auditing process and has many scripts categorized into logical categories such as information gathering, scanning, privilege […]
kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts. Requirementspython3 Currently supported CVE’s: *CVE-2017-1000367 *CVE-2017-1000112 *CVE-2017-7308 *CVE-2017-6074 *CVE-2017-5123 *CVE-2016-5195 *CVE-2016-2384 *CVE-2016-0728 *CVE-2015-7547 *CVE-2015-1328 *CVE-2014-4699 *CVE-2014-4014 *CVE-2014-3153 *CVE-2014-0196 *CVE-2009-1185 Run modes default mode The default mode runs with the command python3 kernelpop.py. This processes information about the host kernel […]
Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so penetration testers can focus on what’s really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining technical know-how with true insight into the problem set, resulting in […]
Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb […]
Metasploit is used by both amateurs and professionals in the world of cybersecurity and pen-testing. With its godtier framework, it is ideal for flexibility and specific riggings/responsibilities. Users are also able to create their own explicit tools. This provides ideal circumstances for exposing vulnerabilities in operation systems/networks/applications. The Metasploit Framework is freeware; however there is […]
Hakku Framework is been made for penetration testing. It offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is written in python 3.5, and developed mainly on Arch Linux. Python 3.5 and the dependencies Linux operating system Hakku framework Ethtool Aircrack-ng Ettercap-text-only Dsniff Xterm Driftnet Tcpdump Basic CLI Penetration testing […]