The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat...
RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials...
DNCI allows the injection of .Net code (.exe or .dll) remotely in unmanaged processes in windows. 1. Project StructureThe project is structured...
Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number...
Tooling that automates your social media interactions to collect posts, photos, videos, friends, followers and much more on Facebook. FeaturesA bot which...
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn’t perform authentication...
This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy...
Cross-platform backdoor using dns txt records. What is ddor?ddor is a cross platform light weight backdoor that uses txt records to execute...
In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy...
SQL InjectionIn this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds...
Blind SQL Injection Tool with Golang.UsageDownload andor.go and go to the folder where the file andor.go located. And type this to command...
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. PurposeThis lab has been designed...
[*] RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution...
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests...
Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie...
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.Installation go get -u...
As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it...
This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard...
This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current...
The Brave Privacy Browser is your fast, safe private web browser with ad blocker, private tabs and pop-up blocker. Browse without being...
Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more...