Clik here to view.
htcap is a web app scanner single page application (SPA) in a recursive...
htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since...
View ArticleClik here to view.
Weeman v1.7 (Scratch) – HTTP Server for phishing.
changelog Version 1.7 (Scratch): + Added profiles + Added module whois_ip.py + Added module extract_links.py + Added new tool tools/switch_ip_forward.sh + Tool Removed tools/weeman_ettercap.sh + Core...
View ArticleClik here to view.
pwncloud is a proof of concept to backdoor files from owncloud encryption...
pwncloud is a proof of concept to backdoor files from owncloud encryption module. File: – pwn.sm: part of pwncloud PoC, must stay below 16 bytes to work. – exepart.bin – pwncloud: place “backdoor” in...
View ArticleClik here to view.
PenBox v1.3 – A Penetration Testing Framework.
THIS TOOL IS ONLY FOR EDUCATIONAL PURPOSES ONLY! Changelog Version v1.3 : + removed windows and linux bugs + fixes non working tools on private submenu + added new tools : Shell and Directory Finder +...
View ArticleClik here to view.
osueta – A simple Python script to exploit the OpenSSH User Enumeration...
Osueta it’s a simple Python2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions 5.* and 6.*. The script has the ability to make variations of the username...
View ArticleClik here to view.
CrackMapExec v3.0 – A swiss army knife for pentesting Windows/Active...
Changelog v3.0: + Added default mimikatz command to module description + Initial v3.0 commit to master, Quick re-cap on the new features: * Credentials and hosts are now stored in a database, the...
View ArticleClik here to view.
RSPET v0.0.4 – Reverse Shell and Post Exploitation Tool.
NEW IN V0.0.4 **Features: – RSPET_client.py and RSPET_client_min.py code cleanup – RSPET_server.py and RSPET_server_min.py partially rewritten; Partial modularity achieved. – RSPET_server.py and...
View ArticleClik here to view.
Commix v0.6b – Automatic All-in-One OS Command Injection and Exploitation Tool.
Changelog Version 0.6b [2016]: * Added: New option “–ignore-401” that ignores HTTP Error 401 (Unauthorized) and continues tests without providing valid credentials. * Added: Dictionary-based cracker...
View ArticleClik here to view.
Litesploit is a library and intepreter for penetration testing tools.
Litesploit is a library and intepreter for penetration testing tools. Exploit Module: + litepreter + Modem/Router: Belkin, D-Link, Huawei, Netgear, TP-Link, Wimax & ZTE + TCP/IP Scanner + Web...
View ArticleClik here to view.
Empire v1.5 – PowerShell post-exploitation agent.
Changelog v1.5: + New modules, stager retries, bug fixes, increased debugging, epoch issue fix, and implementation of the Empire RESTful API. WARNING: this release modifies part of the backend database...
View ArticleClik here to view.
rooty updates – libpcap based ICMP encrypted backdoor for linux.
Latest change 31/3/2016: + Bin: New Build. + msf: Better error handling. + src: More intelligent interface handling. + client.py: Removing duplicate replies. rooty run on Centos Rooty based idea from...
View ArticleClik here to view.
SNMPPLUX is An SNMPv1, v2c and v3 dictionary attack tool.
Pentura continually develop new tools and scripts to improve the effectiveness of the team. One such tool called SNMPPLUX is an offshoot of a larger development project (ORR). SNMPPLUX is a USM...
View ArticleClik here to view.
Veil-Evasion v2.26.1 – is a tool designed to generate metasploit payloads...
Roadmap Changelog: * v2.26.1 + This release includes an update for better Kali compatibility * v2.26 + The RPC server Command injection vulnerability should now be fixed. It is now parsing...
View ArticleClik here to view.
WhatsPwn – Linux tool used to extract sensitive data, inject backdoor, or...
Linux tool used to extract sensitive data, inject backdoor, or drop remote shells on android devices. With Argument Feature: [1 | FULL] >>> Start full attack. {BACKDOOR > WHATSAPP >...
View ArticleClik here to view.
Lynis v2.2.1 : is a system and security auditing tool for Unix/Linux.
Changelog Lynis 2.2.1 (development version): * Documentation ————— Template files have been updated to provide better examples on how to create custom tests and plugins. lynis v2.2.1 lynis v2.2.0...
View ArticleClik here to view.
ATSCAN v7.4 stable – perl script for vulnerable Server, Site and dork scanner.
Latest Change v7.4 3/4/2016: + Colors to bash+fix bugs + facebook login brute force atscan v7.4 Description: ATSCAN SEARCH engine XSS scanner. Sqlmap. LFI scanner. Filter wordpress and Joomla sites in...
View ArticleClik here to view.
sqlmap v1.0.4 – Automatic SQL injection and database takeover tool.
changelog v1.0.4: + Implements #1763 + Minor tuning of auto tagging sqlmap v1.0.4 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection...
View ArticleClik here to view.
Magic Unicorn Attack Vector v2.2.
Changelog v2.2: * pep8 formatting * python3 conversion * added randomized variables (not fully completed yet but its better than before) – AV picking up on variables and base64 encoded strings unicorn...
View ArticleClik here to view.
Commix v0.7b – Automatic All-in-One OS Command Injection and Exploitation Tool.
Changelog Version 0.7b: * Added: The ability to store valid (Digest) credentials into session files for current target. * Added: Dictionary-based cracker for “Digest” HTTP authentication credentials. *...
View ArticleClik here to view.
Faraday v1.0.18 – Collaborative Penetration Test and Vulnerability Management...
latest change v1.0.18: + Added cli mode (see wiki for usage instructions) + Support for multiple Faraday instances in the same host + Fixed bug for editing web vulns in bulk + Fixed bug for select all...
View Article