Security Training Share
dnstwits See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and corporate...
Miteru Miteru is an experimental phishing kit detection tool. How it works It collects phishing suspicious URLs from the following feeds: urlscan.io certstream-suspicious feed OpenPhish feed via urlscan.io PhishTank feed via urlscan.io It checks...
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities. The tool re-implements the 15-years old idea of using a custom reverse proxy to dynamically interact with the origin to be targeted,...
DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options...
CredsLeaker Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request. However, That was highly noticeable....
What is QRLJacking? QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as...
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET has quickly become a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K)...
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used...
Squatm3 Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques: Substitution attacks Flipping attack Homoglyph attack Squatm3 will help penetration testers to identify domains...
trape (open source) People tracker on the Internet: Learn to track the world, to avoid being traced. Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real...
evil-ssdp This tool responds to SSDP multicast discovery requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted...
Cartero A robust Phishing Framework with a full-featured CLI interface. The project was born out of necessity through of years of engagements with tools that just didn’t do the job. Even though there are...
Invoke-NoShell Invoke-NoShell outputs a Mircosoft Office Word .doc file with an embedded macro. It allows the automation of multiple similar versions of files, allowing to test how slight differences will affect it. Currently, only...
CatMyPhish Search for a categorized domain that can be used during the red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. It relies on expireddomains.net to obtain a list...
Suggested Reading TRENDING Linux news