Clik here to view.
PEI stage backdoor for UEFI compatible firmware.
This project implements early stage firmware backdoor for UEFI based firmware. It allows to execute arbitrary code written in C during Pre EFI Init (PEI) phase of Platform Initialization (PI). This...
View ArticleClik here to view.
T50 v5.6.6 – The fatest network packet injector.
Changelog t50 v5.6.6: * Fixed a problem where an incomplete option (without argument) is provided on command line. * Nasty bug on command line (where an incomplete final option is provided without an...
View ArticleClik here to view.
rage_fuzzer – a dumb protocol-unaware packet fuzzer/replayer.
rage against the network is a dumb protocol-unaware packet fuzzer/replayer. Basic ideas: * ridiculously easy to use (near-zero setup cost) * protocol-unaware; blind brute-force fuzzing * fairly quick...
View ArticleClik here to view.
tplmap v0.2 – Automatic Server-Side Template Injection Detection and...
Changelog tplmap v0.2: * Exploitation of Dust.js template engine. * Fix command execution payloads for Velocity template engine as suggested by @henshin. * Exploitation of generic code injections for...
View ArticleClik here to view.
skzproxy – A proxy, packet sender and fuzzer.
skzproxy is an Proxy built out from the Black Hat Python proxy with a flexible packet editor and byte fuzzer. Program: * SKZPROXY.py So this is a program based on the proxy from the excellent Black Hat...
View ArticleClik here to view.
exploitpack ra v6.0 Ghost Hunter – list your new exploit on Exploit Pack you...
Changelog exploitpack v6.0 GhostHunter: + 380 Exploit Modules + Porting; Reverse Shell listener on port 1234 + Mainframed exploit modules added. exploitpack v6.0 Exploitpack ra v5.4 ExploitPack has...
View ArticleClik here to view.
TheFatRat v1.5 codename: Unity – Backdoor Creator For Remote Access.
Changelog the Fatrat v1.5: – Add PE file for example – Add featrues embed backdoor with backdoor-factory – Recoded function cmsfvenom – Add some Variables ( pwd , Version ,Codename ) – Added script...
View ArticleClik here to view.
A simplified SMB Email Client Attack script used for External/Internal pentests.
A simplified SMB Email Client Attack script used for External/Internal pentests. TO DO: + SMTP Anonymous Auth option + Add smtplib error handling + Option to automagically launch MSF Console...
View ArticleClik here to view.
smod v1.0.3 – MODBUS Penetration Testing Framework.
Changelog v1.0.3: + writeSingleCoils.py update Modules + Update How To use at README.md smod v1.0.3 smod is a modular framework with every kind of diagnostic and offensive feature you could need in...
View ArticleClik here to view.
Fireaway is a tool for auditing, bypassing, and exfiltrating data against...
Fireaway is a tool for auditing, bypassing, and exfiltrating data against layer 7/AppID inspection rules on next generation firewalls. These tactics are based on the principle of having to allow...
View ArticleClik here to view.
WAFNinja is a tool which contains two functions to attack Web Application...
WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be...
View ArticleClik here to view.
umap2 v2.0.1 ~ USB Host Security Assessment Tool – Revision 2.
umap2 v2.0.1 ~ USB Host Security Assessment Tool – Revision 2. This revision will have all the features that were supported in the first revision: * umap2emulate – USB device emulation * umap2scan –...
View ArticleClik here to view.
OSPTF – Open Source Penetration Test Framework.
OSPTF – Open Source Penetration Test Framework. is a Based on Open Source Penetration Test Tools. Requirements: * All Linux * Python ( Python 2 ) * Ruby ## Feature Version: + (CUI VERSION) + (GUI BETA...
View ArticleClik here to view.
Whitewidow v1.0.6 is an open source automated SQL vulnerability scanner.
Changelog whitewidow v1.0.6.3: * User agents are working * New search queries * Minor fixes * Bumped version number whitewidow ouput v1.0.6.3 Whitewidow is an open source automated SQL vulnerability...
View ArticleClik here to view.
WiFi-Pumpkin v0.8.1 – Framework for Rogue Wi-Fi Access Point Attack.
Changelog Wifi-Pumpkin v0.8.1: ——————————————– – re-design all GUI Menu->view – added new report logger GUI – added new sessions for Rogue AP loggers – added new plugin BDFProxy-ng – added new theme...
View ArticleClik here to view.
web_timing_attack – An experiment side channel attacks on cryptographic...
This project is an ongoing experiment testing the theoretical aspects of side channel attacks on cryptographic operations such as signature verification. Currently this tool can execute a timing attack...
View ArticleClik here to view.
tomcatWarDeployer v0.3.3 – Apache Tomcat auto WAR deployment & pwning...
Changelog 12.09.16 TomcatWarDeployer Version 0.3.3: + Added support for Tomcat 5 interface. tomcatwardeployer v0.3.3 tomcatWarDeployer v0.3 tomcatWarDeployer is an Apache Tomcat auto WAR deployment...
View ArticleClik here to view.
EaST v1.0.0 rc – Exploits and Security Tools Framework.
Changelog EaST v1.0.0 rc: + New GUI(Graffic User Interface). + Module bug fixes. + command.py, Modules.py and sploit.py with new gui. EaST v1.0.0 rc This software is necessary for learning and...
View ArticleClik here to view.
Veil-Evasion v2.28.2 – is a tool designed to generate metasploit payloads...
Changelog Veil-Evasion v2.28.2 [09.12.2016]: * Modified.: Setup script heavily updated by @g0tmi1k, thanks for the continued updates! * Modified.: update.py script now changes the pyinstaller update...
View ArticleClik here to view.
PowerMemory v1.3 – Exploit the credentials present in files and memory.
Changelog PowerMemory v1.3: * Power-Escalate added * Menu modified * Bugs correction PowerMemory v1.3 Main Menu v1.3: What do you want assess? 1) Reveal memory passwords 2) Local escalation attempt 3)...
View Article