mXtract An open source Linux based tool that analyzes and dumps memory. It is developed as an offensive penetration testing tool, which is used to scan memory for private keys, ips, and passwords using...
Exploitation / Reverse Engineering
by do son · Published March 25, 2019 · Last modified July 30, 2022
Zeratool Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are then weaponized for remote...
Mr.SIP SIP-Based Audit and Attack Tool Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks...
Industrial Exploitation Framework ISF(Industrial Exploitation Framework) is an exploitation framework based on Python, it’s similar to the Metasploit framework. ISF is based on open source project routersploit. ICS Protocol Clients Name Path Description modbus_tcp_client icssploit/clients/modbus_tcp_client.py...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published March 22, 2019 · Last modified March 27, 2023
getsploit Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm, and others. The most powerful feature is immediate exploit source...
Network PenTest / Post Exploitation
by do son · Published March 22, 2019 · Last modified August 24, 2021
Tokenvator A tool to elevate privilege with Windows Tokens This tool has two methods of operation – interactive and argument modes Interactive Mode: C:> tokenvator.exe (Tokens) > steal_token 908 cmd.exe (Tokens) > Arguments Mode:...
Virtual Reality This is a backdoor project for windows operating systems. Intended audience This is a proof-of-concept stealthy backdoor aimed to aid red teams in maintaining control of their targets during the security evaluation...
AVET AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. What & Why: when running an exe file made with msfpayload...
Information Gathering / Vulnerability Analysis / Web Information Gathering / Web Vulnerability Analysis
by do son · Published March 18, 2019 · Last modified October 25, 2022
Offensive ELK: Elasticsearch for Offensive Security Traditional “defensive” tools can be effectively used for Offensive security data analysis, helping your team collaborate and triage scan results. In particular, Elasticsearch offers the chance to aggregate...
Cuishark A protocol analyzer like a Wireshark on CUI. It is very-powerful protocol analyzer which has really rich UI. And you can use such a rich UI for protocol analysis on just CUI without...
SessionGopher Quietly digging up saved session information for PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality...
gorsh A Golang Implant and Tmux-driven C2 Interface Originally forked from – sysdream/hershell Fork Changes Changes after fork: Uses tmux as a pseudo-C2-like interface, creating a new window with each agent callback Download files with...
JNDIAT – JNDI Attacking Tool JNDIAT (JNDI Attacking Tool) is an open source penetration testing tool that tests the security of Weblogic servers through the T3 protocol. Usage examples of JNDIAT: You want to search if there are Weblogic ports which...
Mail Header Analyzer (MHA) What is MHA: Mail header analyzer is a tool written in [flask] (http://flask.pocoo.org/) for parsing email headers and converting them to a human-readable format and it also can: Identify hop...
Information Gathering / Vulnerability Analysis
by do son · Published March 14, 2019 · Last modified March 13, 2019
GoScan GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap. It can be used to perform host discovery, port scanning, and service enumeration in situations where being stealthy...
Secure Your Connection
