Jackhammer: One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev...
Chiron is an IPv6 Security Assessment Framework, written in Python and employing Scapy. It is comprised of the following modules: • IPv6 Scanner • IPv6 Local Link • IPv4-to-IPv6 Proxy • IPv6 Attack Module...
SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes...
Bashfuscator Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by...
Quick Android Review Kit(QARK) Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating “Proof-of-Concept” deployable APKs and/or...
hate_crack A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries OSX Install mkdir -p hashcat/deps git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL cd hashcat/ make make install Changelog...
What’s the MemITM tool? The MemITM (Mem In The Middle) tool has been developed in order to easily intercept “messages” in Windows processes memory. We developed a lot of custom memory interception tools in...
Windows / Linux Local Privilege Escalation Workshop My give back to the community initiative that was presented for free at several private and public events across Australia: Sydney – PlatypusCon (2017) Perth – BsidesPerth...
evilscan Massive ip/port scanner Features individual IP or IP range scan individual port, ports list, or ports range banner grabbing (not fully implemented, works with native verbose ports only) IAC negotiation for telnet reverse...
PrivExchange In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across...
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used...
EvilTwinFramework A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities It uses hostapd-wpe to create the access point, so it is highly configurable. It uses dnsmasq to run the dhcp and...
freevulnsearch This NMAP NSE script is part of the Free OCSAF project – https://freecybersecurity.org. In conjunction with the version scan “-sV” in NMAP, the corresponding vulnerabilities are automatically assigned using CVE (Common Vulnerabilities and Exposures)...
kamerka The script creates a map with cameras based on your geolocation or exact address. It uses Shodan API to find cameras, Geopy to find the address and measure distance, and Folium to draw...
TransportC2 TransportC2 is a command and control server that is able to run in the background as a service. This allows penetration testers and red teamers the ability to spend time gathering target machines,...