CMSScan Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on-demand and...
Apkatshu Apkatshu its a Tool for extracting urls, emails, ip address, and interesting data from APK files Apkatshu: a tool is written in bash/python for extracting interesting data from apk files and save them...
OWASP Security Shepherd The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of...
Freedom Fighting Mode (FFM) FFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. The idea of the tool was derived from a 2007 conference from @thegrugq. It was...
InDigger InDigger is a web scraping tool for LinkedIn. Given a company name, it goes through a predefined list of departments and returns the employees, their job title, their work experience, and their education....
Exploitation / Reverse Engineering
by do son · Published November 12, 2018 · Last modified October 10, 2021
HeapHopper is a bounded model checking framework for Heap-implementations. HEAPHOPPER’s goal is to evaluate the exploitability of an allocator in the presence of memory corruption vulnerabilities in the application using the allocator. Specifically, it...
WAM – Web App Monitor WAM is a platform powered by Python to monitor “Web App“, “The dynamic network information”. To a certain extent, it greatly helps the security researchers save time on tracking the...
Web Exploitation / Web Information Gathering / Web Vulnerability Analysis
by do son · Published November 10, 2018 · Last modified January 26, 2021
TIDoS Framework TIDoS Framework is a comprehensive web application audit framework with some serious perks. Highlights:- The main highlights of this framework are: Basic first release (but huge). Has 4 main phases, subdivided into 13...
Djangohunter A tool designed to help identify incorrectly configured Django applications that are exposing sensitive information. Download git clone https://github.com/6IX7ine/djangohunter.git cd djangohunter pip -r install requirements Usage python3 djangohunter.py –key {shodan} Dorks: ‘DisallowedHost’, ‘KeyError’, ‘OperationalError’, ‘Page...
GreatSCT GreatSCT is a tool designed to generate Metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. Download Usage The first screen you’ll see is this menu. Select...
TumbleRF: RF Fuzzing Framework TumbleRF is a framework that orchestrates the application of fuzzing techniques to RF systems. While fuzzing has always been a powerful mechanism for fingerprinting and enumerating bugs within software systems,...
Infernal-Twin is an automated penetration testing tool developed to evaluate wireless security with an automated Evil Twin attack. Feature GUI Wireless security assessment SUIT Impelemented WPA2 hacking WEP Hacking WPA2 Enterprise hacking Wireless Social...
Gitem is a tool for performing Github organizational reconnaissance. This could include information for: OSINT Spearphishing Recruitment Competitive analysis OPSEC self-assessment Changelog v0.9.2 Fixed Python package version classifiers Installing $ pip install gitem $ gitem...
Armor Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. A Netcat listener is started on port 4444. The “payload.txt” file is read and shown to...
Damn Vulnerable Cloud Application This is a demonstration project to show how to do privilege escalation on AWS. DO NOT deploy this on an AWS account unless you know very well what you are...
Secure Your Connection
