Clik here to view.
Hummelflug – a utility for arming (creating) many bumblebees to attack (web...
Hummelflug is a utility for arming (creating) many bumblebees (micro EC2 instances) to attack (load test) targets (web applications). Dependencies: + PHP (>=5.5.9) with SSH2 extension + Composer...
View ArticleClik here to view.
prowler – AWS security assessment, auditing and hardening tools.
prowler is a Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1...
View Articlefuxploider – File upload technique suggester tool for penetration testing web...
[!] legal disclaimer: Usage of fuxploider for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws....
View ArticleClik here to view.
BadIntent – Interception, modify, repeat and attack Android’s Binder...
BadIntent is the missing link between the Burp Suite and the core Android’s IPC/Messaging-system. BadIntent consists of two parts, an Xposed-based module running on Android and a Burp-plugin. Based on...
View ArticleClik here to view.
objection is a runtime mobile exploration toolkit.
objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or...
View ArticleClik here to view.
fuzz monkey – infrastructure fuzzer/fuzzing tools.
Fuzz Monkey is a bit like chaos monkey only with more fur and instead of tearing down infrastructure like some kind of crazed baboon in a shoe shop, it carefully and surgically flings its poop at...
View ArticleClik here to view.
nps_payload – script will generate payload for basic intrusion detection...
nps_payload is a script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Dependencies: + Metasploit Framework...
View ArticleClik here to view.
SecHub is an Open Source Security Kit.
SecHub is an Open Source Security Tool Kit developed for Pen-Testers,Hackers, and Security Researchers. This peice of Software is meant to be used for educational purposes only. SecHub is simply...
View ArticleClik here to view.
glassdoor is a modern, autonomous security framework for Android APKs.
glassdoor is a modern, autonomous security framework for Android APKs written in Scala. Its purpose is to automatically find backdoors, security flaws and other data leakages in applications running on...
View ArticleClik here to view.
kwetza – Python script to inject existing Android applications with a...
What does it do? Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using...
View ArticleClik here to view.
warhorse – attack framework.
Warhorse is an attack framework for setting up and building full featured command-and-control (C2) environments. Dependencies: + NodeJS v6 – Higher + aws account: awsAccesKeyId, awsSecretAccessKey...
View ArticleClik here to view.
Portia – tools to performed internal network penetration tests.
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised + Privilege escalation + Lateral movement +...
View ArticleClik here to view.
vBully is an auto-exploitation for the ForumRunner(vBulletin) vulnerability.
Disclaimer: Although vBully makes it laughably easy to hack & crack vBulletin passwords, the intention of this project is to (hopefully) pursuade vBulletin forum admins affected by the ForumRunner...
View ArticleClik here to view.
poodle-Poc ~ Poodle (Padding Oracle On Downgraded Legacy Encryption) attack.
poodle-PoC is PoC explore the cryptography behind the attack, it can be assimilate to the MiTM. Poodle allow you to retrieve plaintext messages if the Transport Layer Security used is SSLv3 (I also...
View ArticleClik here to view.
cylon-raider – a Wireless Attack Lite.
Cylon-Raider is an Easy and quick automation of Aircrack-ng “Replay-Attacks”, targeting WPA2-PSK encrypted routers (most home NATed networks and many small businesses). Guaranteed to capture the 4-way...
View ArticleClik here to view.
trueseeing is a fast, accurate and resillient vulnerabilities scanner for...
trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML. It doesn’t matter if the...
View ArticleClik here to view.
RPL attacks framework for simulating WSN with a malicious mote.
RPL Attacks Framework is aimed to provide a simple and convenient way to generate simulations and deploy malicious motes for a Wireless Sensor Network (WSN) that uses Routing Protocol for Low-power and...
View ArticleClik here to view.
cangibrina – Fast and powerful admin finder.
Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: + Python 2.7 + mechanize + PySocks +...
View ArticleClik here to view.
Scripts that fingerprint, scanner and/or identify security issues.
a Colection python3 Scripts that fingerprint, scan, and/or identify security issues for web application. Script Lists: – 404.py: Scripts that fingerprint, scan, and/or identify security issues. –...
View ArticleClik here to view.
fuzzy – Network service fuzzer that supports binary protocols.
fuzzy is A network service fuzzer that supports also binary protocols. The fuzzer expects to get a sample of a typical payload in binary format, then it sends fuzzing requests to the specified host and...
View Article