Internet Of Things Exploitation Framework Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins. Changelog...
Github-Hunter This tool is for sensitive information searching on Github. Installation Requirements Python 3.x 1.git clone https://github.com/Hell0W0rld0/Github-Hunter.git 2.cd Github-Hunter 3.pip install virtualenv 4.virtualenv –python=/usr/local/bin/python3 env 5.source venv/bin/activate 6.pip install -r requirements Settings Before using...
SMBetray SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext. Version 1.0.0. This tool is a...
known_hosts hash cracking with hashcat Background The OpenSSH client uses a file called known_hosts to track the fingerprint for previously used ssh servers. This can help the SSH client detect when a man in the middle...
StaCoAn is a cross-platform tool which aids developers, bug-bounty hunters and ethical hackers performing static code analysis on mobile applications*. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s...
Relayer – SMB Relay Attack Script. Relayer is an SMB relay Attack Script that automates all the necessary steps to scan for systems with SMB signing disabled and relaying authentication request to these systems...
nano Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Note: You may need to tweak some parts of the code if it doesn’t work out for...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 7, 2018
WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Changelog v2.0.1 Changes Add bypass for admin shell uploads when write...
MQTT-PWN MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe messaging transport and widely used by millions of IoT devices worldwide. MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing...
Web Information Gathering / WebApp PenTest
by do son · Published October 5, 2018 · Last modified July 2, 2020
detectem is a specialized software detector. detectem is an open-source project written in Python and powered by Splash, an open-source project developed by Scrapinghub to render web pages with a lot of great features, including Javascript support and a convenient API. detectem uses Splash to render...
CloudJack AWS Route53/CloudFront Vulnerability Assessment Utility CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted...
BLUTO DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Enumeration | Metadata Harvesting...
Raccoon Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and...
backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have the working knowledge of Linux, Bash, Metasploit, Apktool, the...
Network PenTest / Post Exploitation
by do son · Published October 2, 2018 · Last modified October 10, 2021
ACLight A script for an advanced discovery of Privileged Accounts – includes Shadow Admins. The tool was published as part of the “Shadow Admins” research – more details on “Shadow Admins” are in the...
Secure Your Connection
