Internet Of Things Exploitation Framework Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins. Changelog...
SMBetray SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext. Version 1.0.0. This tool is a...
known_hosts hash cracking with hashcat Background The OpenSSH client uses a file called known_hosts to track the fingerprint for previously used ssh servers. This can help the SSH client detect when a man in the middle...
StaCoAn is a cross-platform tool which aids developers, bug-bounty hunters and ethical hackers performing static code analysis on mobile applications*. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s...
Relayer – SMB Relay Attack Script. Relayer is an SMB relay Attack Script that automates all the necessary steps to scan for systems with SMB signing disabled and relaying authentication request to these systems...
nano Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Note: You may need to tweak some parts of the code if it doesn’t work out for...
WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Changelog v2.0.1 Changes Add bypass for admin shell uploads when write...
MQTT-PWN MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe messaging transport and widely used by millions of IoT devices worldwide. MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing...
detectem is a specialized software detector. detectem is an open-source project written in Python and powered by Splash, an open-source project developed by Scrapinghub to render web pages with a lot of great features, including Javascript support and a convenient API. detectem uses Splash to render...
CloudJack AWS Route53/CloudFront Vulnerability Assessment Utility CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted...
Raccoon Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and...
backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have the working knowledge of Linux, Bash, Metasploit, Apktool, the...
ACLight A script for an advanced discovery of Privileged Accounts – includes Shadow Admins. The tool was published as part of the “Shadow Admins” research – more details on “Shadow Admins” are in the...