Clik here to view.
PentestDB – Penetration test database.
Penetration test database for penetration testing provides common dictionary attack payload, webshell, etc., and include commonly used scripts. With Feature: 1. Common script Project python scripts...
View ArticleClik here to view.
Veil-Evasion v2.24 – is a tool designed to generate metasploit payloads that...
Changelog v2.24: + Added….: I’ve added obfuscation to the python payloads. Some AVs are triggering on ctypes being referenced everywhere, at the moment, it’s only in the file once. + Updated..:...
View ArticleClik here to view.
kisskissie – Simple proof of concept eXternal Xml Entity (XXE) scan and...
Kisskissie is a tool to automate XXE exfiltration easier.You should use this tool after you have confirmed that your target is vulnerable to XXE and you wish to exfil as much data as quickly as you...
View ArticleClik here to view.
Appie v3 released – Android Pentesting Portable Integrated Environment.
Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the...
View ArticleClik here to view.
PSMSF – create powershell shell code used in cmd console with Metasploit...
Notice: Just For educational purpose only! PSMSF can help us generate payload or files used in cmd console/browser/.. with Metasploit-Framework. If you are similar to windows cmd console, you can use...
View ArticleClik here to view.
v0lt – Security CTF Toy Tools.
v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that’s why. Nothing to do...
View ArticleClik here to view.
p0wnedShell v1.3 – PowerShell Runspace Post Exploitation Toolkit.
Changelog v1.3: * PowerSploit tools updated. * Updated Mimikatz to latest version. * Updated MS14-068 Exploit (Kekeo) to latest version. * New version of Didier Stevens modification of ReactOS Command...
View ArticleClik here to view.
FruityWifi v-2.4 – is an open source tool to audit wireless networks.
changelog v2.4: + Utils have been added (replaces “ifconfig -a”) + Kali Linux Rolling compatibility issue has been fixed FruityWifi is a wireless network auditing tool. The application can be installed...
View ArticleClik here to view.
Automate a timebase blind sql injection with curl.
This type of SQL injection relies on the database pausing for a specified amount of time, then returning the results, indicating successful SQL query executing. Using this method, an attacker...
View ArticleClik here to view.
Pocsuite v1.1.0 released ~ A remote vulnerability test framework.
changelog v1.1.0: + settings.py :conf.requiresFreeze + parser.py: Check install_requires after register + Merge pull request #41 from knownsec/dev Pocsuite History Year-Pocsuite know security research...
View ArticleClik here to view.
wepcrack – A program to identify a WEP key on 5 or 13 bytes using FMS and...
Wepcrack allows finding a WEP key over 5 or 13 bytes using the sniffed packets using Korek’s FMI and A_s13 attacks. A tool to generate some packets is also provided. wepcrack usage: git clone...
View ArticleClik here to view.
The Social-Engineer Toolkit (SET) v7.0.3 Codename: ‘RemembRance’.
Changelog v7.0.3: + fix for python2 to 3 on mass mailer ( latest change v7.0.3.5) + fix issue where set.config was not properly created before launch + fix return byte instead of string on generate...
View ArticleClik here to view.
ysoserial v0.0.4 – A proof-of-concept tool for generating payloads that...
Changelog v0.0.4 borderline-beta: + Added Apache Commons Beanutils gadget chain. ysoserial is a collection of utilities and property-oriented programming “gadget chains” discovered in common java...
View ArticleClik here to view.
iis Short name scanner v2.3.7 – latest version of scanners for IIS short...
Changelog v2.3.7 (25/2/2016):: + Bug fixes + All Structure has been changes Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the...
View ArticleClik here to view.
ranger v0.43b – A tool to support security professionals to access and...
Latest Change v0.43b (25/2/2016): + ranger.py: — WMIEXEC Metasploit web_delivery Memory Injector. — ATEXEC Metasploit web_delivery Memory Injector. — Create Pasteable web_delivery Attack. A tool to...
View ArticleClik here to view.
xsser v1.7b – is an automatic -framework- to detect, exploit and report XSS...
Cross Site “Scripter” is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. xsser v1.7b Features: + Automated vectors + Different injections: XSS,...
View ArticleClik here to view.
Updates rooty – libpcap based ICMP encrypted backdoor for linux.
Latest Changes 26/2/2016: – Removing FreeBSD and CCDC files for now. – msf & src; Moving everything to ICMP echo request ID. Rooty based idea from SilentDoor ; PCAP-based backdoor for linux that...
View ArticleClik here to view.
Certerator – Code Signing Certificate Generator.
Certerator is A tool to generate a custom code signing certificate chain and generate instructions to sign a binary. Useful for establishing persistence on a penetration test. This will generate a CA...
View ArticleClik here to view.
affine-cipher ~ An implementation of the historycal affine cipher and a Brute...
affine-chiper is An implementation of the historycal affine chiper written in C and a Brute Force Attack written in Python. “The affine cipher is a type of monoalphabetic substitution cipher, wherein...
View ArticleClik here to view.
Faraday v1.0.17 – Collaborative Penetration Test and Vulnerability Management...
New features in the latest update v1.0.17: Feb 26, 2016: + Fixed bug in pip debian + BugFix pip install. + Checks additionals about dependencies in installation. + Warning about a upgrade to...
View Article