Browsing tag
dedsploit is an open source software use for attacking network protocols and network exploitation. This framework aims to exploit and attack some common every-day vulnerabilities, whether it is a misconfiguration of a SSH server, or even the utilization of apache2 as a web server, which could be subjected to malicious Slowloris DoS attacks. The framework comprises […]
The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy (https://github.com/pentestgeek/phishing-frenzy) BeEF (https://github.com/beefproject/beef) Requirements: Amazon AWS account (see main config.yaml) Non-Winzozz OS (path separators are hardcoded on purpose to don’t make it compatible with Winzozz) ssh, scp, openssl in PATH Sane Ruby environment (RVM suggested). Install […]
hashcat is a open source tool and the world’s fastest & most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU’s, GPU’s other hardware-accelerators on Windows, Linux and OSX, and has facilities to help enable distributed password cracking. Download the latest release and unpack it […]
idb a tool to simplify some common tasks for iOS app security assessments and research. Requirements: Ubuntu or OS X Ruby 1.9.3 or 2.1 For OS X: brew install qt cmake usbmuxd libimobiledevice For Ubuntu: apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd libxml2-dev libsqlite3-dev -y Installing idb: Install idb: gem install idb […]
httpstat visualizes curl statistics in a way of beauty and clarity. It is a single file Python script that has no dependency and is compatible with Python 3. There are three ways to get httpstat : Step 1: Download the script directly: wget https://raw.githubusercontent.com/reorx/httpstat/master/httpstat.pyStep 2: Through pip: pip install httpstatStep 3: Through homebrew (macOS only): […]
Brutal is a simple toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device. It is used on a target machine without the need for human-to-keyboard interaction ( HID -ATTACK ). When you insert the device, it will be detected as a keyboard, and using the microprocessor and […]
FTP MySQL MSSQ MongoDB Redis Telnet Elasticsearch PostgreSQL. Compatible Operating system: OSX Linux Windows Python 2.6+ How to run the command: python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10] -h Supports ip(192.168.1.1), ip range (192.168.1) (192.168.1.1-192.168.1.254), ip list (ip.ini) , maximum 65535 ips per scan. -p Ports you want to scan, use comma […]
Slowloris is an HTTP Denial of Service attack tool that affects threaded servers. It is developed using python language. The bot starts to make lots of HTTP requests and then sends headers periodically ( every 15 seconds ) to keep the connections open. It never closes the connections unless the server does. (This exhausts the […]
WinMACSpoofer is a open source tool which helps to spoof the MAC address and host name. Run the tool in “administrator mode” for the functions to work properly. Press the randomize button to generate a random MAC address Click the random radio button and hit “Set New Mac” to reset your MAC address to this […]
Geoip Attack Map, is a open source tool that helps cyber security to display network attacks on your organization in real time. The data server follows a syslog file, and parses out source IP, destination IP, source port, and destination port. Protocols are determined via common ports, and the visualizations vary in color based on protocol […]
Rocket fast download accelerator written in golang. Current program working in unix system only. NOTE: hget is currently on highly development, its usage, architecture and code may change anytime at the future. go get -d github.com/huydx/hget cd $GOPATH/src/github.com/huydx/hget make clean install hget [Url] [-n parallel] [-skip-tls false] //to download url, with n connections, and […]
needle, is an open source, modular framework to streamline the process of conducting security assessments of iOS applications and acts as a central point from which to do so. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS […]
Python keylogger with multiple features. Requirements: Install PyHook Install PyWin32 Install Microsoft Visual C++ Compiler for Python Install PyInstaller Install and Use: Step 1: Download the libraries if you are missing any.Step 2: Set the Gmail username and password and remember to check allow connection from less secure apps in gmail settings.Step 3: Set the […]
WAFNinja is a CLI tool written in Python. It is the best tool for penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendable, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are […]
OpenDoor is an open-source software that scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. System Requirements: Python 2.7.x sudo pip install -r requirements.txt multithreading filesystem log detect redirects random user agent random proxy from […]
RecuperaBit, is a open source software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS format. It attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries partially-overwritten metadata quick format The tool automatically determines the sectors from which partitions start. It does not modify the disk […]
Google Mass Explorer is a free automated robot for google search engine. It helps to make a google search, and parse the vulnerable targets result for a specific exploit you define. Simple Explanation of the tool: Makes a google search Parse from each page results Test if each target is vulnerable for a specific […]
BinProxy is a proxy tool for arbitrary TCP connections. It gives you a TCP proxy and an interface to write protocol-specific parsers in Ruby using the BinData library This tool understands and manipulates binary network traffic. BinProxy can operate as a simple transparent proxy with a static upstream or a socks/https proxy. The tool has the desire to leverage the […]
BORG is a tool built of hacking to leave the terminal to search and click around for bash snippets. BORG helps the client to connect to a server at ok-b.org, but you can host your own if you want to (see daemon folder). Hosting on your own will become less appealing once people start contributing their […]
AutoBrowser is a simple tool designed in python for IT professionals to perform penetration testing. The purpose of this tool is to create report and screenshots of http/https based ports on the network, you can choose either analyze Nmap report or scan with Nmap and then the tool automatically check the results with http/https request […]
DataSploit is a simple tool used to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data. It is useful for Pen-testers, product companies, defensive security professionals, cyber investigators and etc. The tool tries to find out credentials, api-keys, tokens, sub-domains, domain history, legacy portals […]