Category: Penetration Testing
BruteX is a shell script and automates the process of analyzing one or many targets. BruteX include Nmap,Hydra & DNS enum. Nmap scan opens ports and defines running on the target server service. Thereafter,...
RapidScan – The Multi-Tool Web Vulnerability Scanner It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it...
Syntribos, An Automated API Security Testing Tool Syntribos is an open source automated API security testing tool that is maintained by members of the OpenStack Security Project. Given a simple configuration file and an example...
HTCAP Htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s...
NetRipper – this is a fairly recent tool that is positioned for the post-operating system based on Windows and uses a number of non-standard approaches to extract sensitive data. It uses API hooking in...
SQLiScanner Automatic SQL injection with Charles and sqlmapapi Installation Preferably, you can download SQLiScanner by cloning the Git repository: git clone https://github.com/0xbug/SQLiScanner.git –depth 1 You can download sqlmap by cloning the Git repository: git...
ShadowSocks ConnecTion A wrapper tool for shadowsocks to consistently bypass firewalls. Download git clone https://github.com/wanjunzh/ssct.git Quickstart Automatically connect The easiest way to run this tool is just type ssct in a terminal, and ssct will acquire available shadowsocks servers...
Reptile LKM Linux rootkit Tested on Debian 9: 4.9.0-8-amd64 Debian 10: 4.19.0-8-amd64 Ubuntu 18.04.1 LTS: 4.15.0-38-generic Kali Linux: 4.18.0-kali2-amd64 Centos 6.10: 2.6.32-754.6.3.el6.x86_64 Centos 7: 3.10.0-862.3.2.el7.x86_64 Centos 8: 4.18.0-147.5.1.el8_1.x86_64 Features Give root to unprivileged users...
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux,...
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known. EyeWitness is designed to run on Kali Linux. It will auto-detect the file you give...
Swaks’ primary design goal is to be a flexible, scriptable, transaction-oriented SMTP test tool. It handles SMTP features and extensions such as TLS, authentication, and pipelining; multiple version of the SMTP protocol including SMTP,...
Nishang Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Changelog...
airpwn-ng The home of the new and improved version of airpwn. We force the target’s browser to do what we want Most tools of this type simply listen to what a browser does, and...
Prowler: AWS Security Tool Prowler is a command-line tool for AWS Security Best Practices Assessment, Auditing, Hardening, and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks)...
Filebuster An extremely fast and flexible web fuzzer What is it? Filebuster is an HTTP fuzzer / content discovery script with loads of features and built to be easy to use and fast! It...