hack app

This has only been tested on Kali.It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev git-core gem install pgInstall current version of the msfrpc Python module from git: git clone git://github.com/SpiderLabs/msfrpc.git msfrpc cd msfrpc/python-msfrpc python setup.py installUsageBefore […]

Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM (Real Time Threat Monitoring Tool) is a tool developed to scrap all pasties,github,reddit..etc […]

hashcobra Hash Cracking tool. Usage $ ./hashcobra -H–==[ hashcobra by sepehrdad ]==–usage: hashcobra -o <opr> [options] | [misc]options: -a <alg> – hashing algorithm [default: md5] – ? to list available algorithms -c <alg> – compression algorithm [default: zstd] – ? to list available algorithms -h <hash> – hash to crack -r <path> – rainbow table […]

The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server, which comes pre-configured with multiple security tools and logging configuration. The […]

A fast web fuzzer written in Go.Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode (-s) for clean output that’s easy to use in pipes to other processes. Modularized architecture that allows […]

This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular fashion so new intelligence sources can be easily added.Files are identified by file hash (MD5, SHA1, SHA256). The output is in CSV format and sent to STDOUT so the data can be saved or piped […]

Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of genact and watch the show. genact has multiple scenes that pretend to be doing something exciting or useful when in reality nothing is happening at […]

ReconPi – A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.Start using that Raspberry Pi — I know you all have one laying around somewhere ? InstallationCheck the updated blogpost here for a complete guide on how to set up your own ReconPi: ReconPi GuideIf you prepared your […]

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti (Bari – Italy). CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE […]

Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don’t have to run your application in order to use it.How to use? macOS Go […]

functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO (http://dynamorio.org/).These are some implemented features (based on DynamoRIO): disassemble all the executed code disassemble a specific function (dump if these are addresses) get arguments of a specific function (dump if these are addresses) get return value of a specific […]

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app’s HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an […]

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.Because the server name in […]

Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled for all originating domains, so you can call the API directly from your client-side code.GET https://antibot.pw/api/disposable?email=radenvodka@0815.su HTTP/1.1The response will be JSON with one boolean property, e.g. {“disposable”:false}Using jQuery? <script> $( “#email” […]

RetDec is a retargetable machine-code decompiler based on LLVM.The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code Supported architectures: 32-bit: Intel x86, ARM, MIPS, PIC32, and PowerPC 64-bit: x86-64, ARM64 (AArch64) Features: Static […]

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t’s Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will […]

A simple CORS misconfiguration scannerBased on the research of James KettleCORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential vulnerabilities are detected by sending a certain Origin […]

Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key. This works by adding a null byte in front of the UNICODE_STRING key valuename.More info about this technique can be found in the following whitepaper: https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdfThe tool uses the following registry path in which […]

CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules…How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ cd Front$ sudo python3 -m pip install -r requirements.txt$ cd ..$ cd Backend$ sudo python3 -m pip install -r requirements.txt […]

A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos.Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System program changes (debsums -e and rpm -va) Network traffic statistics Network connection, listening […]

Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.pyorgit clone https://github.com/m4ll0k/BurpSuite-Secret_Finder.git now open Burp > Extender > Extensions > Add > set python and select file (SecretFinder.py) Requirements jython burpsuite Download BurpSuite-Secret_Finder