JSShell An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting)...
Mail Security Testing Framework A testing framework for mail security and filtering solutions. IMPORTANT: Don’t do anything evil with this! Tests of cloud or otherwise hosted solutions should always be approved by the tested provider....
Squatm3 Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques: Substitution attacks Flipping attack Homoglyph attack Squatm3 will help penetration testers to identify domains...
Amber is a proof of concept packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables...
aclpwn.py Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient...
Information Gathering / Web Information Gathering
by do son · Published December 13, 2018 · Last modified October 10, 2021
GoogleScraper – Scraping search engines professionally GoogleScraper parses Google search engine results (and many other search engines _) easily and in a fast way. It allows you to extract all found links and their titles...
Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organized in plugins so the idea is to have one plugin per platform or task....
HiddenPowerShell This project was created to explore the various evasion techniques involving PowerShell Amsi ScriptBlockLogging Constrained Language Mode AppLocker Metasploit module and payload The module manages the delivery of an hta file and a...
XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the...
Exploitation / Information Gathering / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 10, 2018 · Last modified October 10, 2021
Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers....
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program. It can recover...
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests,...
Crypto / Network PenTest / WebApp PenTest
by do son · Published December 8, 2018 · Last modified December 13, 2019
BabySploit is a penetration testing toolkit aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit. With a very easy to use UI and toolkit, anybody from any...
firstorder A traffic analyzer to evade Empire‘s communication from Anomaly-Based IDS. Abstract firstorder is designed to evade Empire’s C2-Agent communication from anomaly-based intrusion detection systems. It takes a traffic capture file (pcap) of the...
ThunderDNS This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support. Download git clone https://github.com/fbkcs/ThunderDNS.git Run Setting up NS records on our domain: Please wait for clearing DNS-cache. Simple server...
Secure Your Connection
