Clik here to view.
Updates Veil-Evasion v-2.19.0 : is a tool designed to generate metasploit...
Changelog v-2.19.0[4.17.2015]: + Modified.: Forgot to add to changelog and update version number last month, fixed here! + Modified.: Added the latest Backdoor Factory Updates into Veil-Evasion...
View ArticleWordPress Brute Force Multithreading with standard and xml-rpc login.
wordbrutepress : WordPress Brute Force Multithreading with standard and xml-rpc login method written in python. Features: 1) Multithreading 2) xml-rpc brute force mode 3) http and https protocols...
View ArticleClik here to view.
Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response...
Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks,...
View ArticleBraille A fully automated tool that conducts a Blind Return Oriented...
Braille is A fully automated tool that conducts a BROP attack (from crash to remote shell) when supplied with an input string that crashes a server due to a stack overflow. The BROP attack makes it...
View ArticleClik here to view.
pfsense_xmlrpc_backdoor – a PHP backdoor on a pfSense firewall over xmlrpc.php.
pfsense_xmlrpc_backdoor is a sample payload and example use of abusing pfSense’s xmlrpc.php functions to establish a backdoor and get root level access to pfSense firewalls. The backdoor in use at...
View ArticleClik here to view.
Updates Unicorn v-1.1 – a simple tool for using a PowerShell downgrade attack...
+changelog version 1.1 – 22/04/2015: +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * fixed autoopen from not working on some office implementations – now works on all office documents including powerpoint/word/excel...
View ArticleClik here to view.
Updates Commix v-0.1b : Automatic All-in-One OS Command Injection and...
Changelog Version 0.1b [2015]: * Added some enumeration options. * Added an alternative option for os-shell (Python). * Added the “ICMP Exfiltration” technique on classic results-based command...
View ArticleClik here to view.
ShellShockAttacker – ShellShock payload for executed in an infected server.
ShellShockAttacker is a program allows you to send ShellShock payload to be executed in an infected server. Example ScreenCapture ShellShockAttacker dot exe with method : get and post to infected...
View ArticleClik here to view.
Updates Exploits v-25.04.15 – Miscellaneous proof of concept exploit code.
Changelog and tool added 25/04/2015: + Exploit for Seowintech Routers diagnostic.cgi Unauthenticated Remote Root Code Execution. Exploit for Seowintech Routers diagnostic.cgi Unauthenticated Remote...
View ArticlePaddingOracle – Yet another Python library for helping you exploit padding...
Padding Oracle This is (yet another) Python library that tries to ease padding attack exploitation. Padding Oracle : In order to use PaddingAttack you’d have to create an instance of the class using...
View ArticleClik here to view.
Updates PowerSploit v-26/04/2015 : A PowerShell Post-Exploitation Framework.
Change : 26/04/2015: URI fix, Proxy Support, UA Update + This fixes the URI bug submitted by @enigma0x3. Thank you for the PR as well! A legacy switch is added in case anyone is relying on this script...
View ArticleClik here to view.
Updates Exploits v-27/04/2014 : Miscellaneous proof of concept exploit code.
Changelog and tool added 25/04/2015: + WPsh0pwn – WordPress WPShop eCommerce Shell Upload (WPVDB-7830) + nmediapwn – WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload + pwnflow...
View ArticleClik here to view.
Updates The Backdoor Factory (BDF) v-3.0.2 : Patch PE, ELF, Mach-O binaries...
NOTICE: For security professionals and researchers only. Changelog : 4/28/2015 + Adding check for Bound Imports (PE files with bound imports will not be patched)Usage: payloadtest.py binary HOST...
View ArticleClik here to view.
Patrol – A platform for testing an Android device’s applications for...
Patrol is A platform for testing an Android device’s applications for IPC-related vulnerabilities. Network Protocol notes: +in this scenario, a report is associated with login that is verified on the...
View ArticleClik here to view.
Updates King Phisher v-0.2.0 : a phishing-focused social engineering campaign.
Change and tool added v-0.2.0 : + Added additional graphs including maps when basemap is available + Added geolocation support + Made dashboard layout configurable + Support for cloning web pages +...
View ArticleClik here to view.
Updates Arachni v-1.1 : Web Application Security Scanner Framework.
Changelog v-1.1: – gemspec` — Require Ruby >= 2.0.0. – Options : NOTICE: Arachni’s license has changed, please see the LICENSE file before working with the project. v1.0 is not backwards compatible....
View ArticleAndroid-MAC-Spoofer – Spoof the MAC address of your rooted Android device...
Android-MAC-Spoofer is a Spoof the MAC address of your rooted Android device from Windows. Changes are persistent accross reboots. Tool allows backup of the original MAC. Requirements: 1. (Required)...
View ArticleReverse TCP Shell is A simple reverse tcp backdoor.
Reverse TCP Shell is A simple reverse tcp backdoor. Two files are provided : + reverse_tcp.py — malicious python code, run it on victim side. — can be packed into “exe” file using pyinstaller and run...
View ArticleClik here to view.
VectorAttackScanner – a tool to search vulnerable points to attack.
This is a tool to analyze android, linux and windows, to detect points to attack, as intents, receivers, services, processes and libraries. This tool uses a static analysis methods to do this, the...
View Articlegproxy – generic kannel smsbox proxy to intercept and manipulate traffic.
gproxy is a generic kannel smsbox proxy to intercept and manipulate traffic. ~INSTALLATION~ Pip Requirement : Twisted==14.0.2 configobj==5.0.6 six==1.8.0 zope.interface==4.1.1 Steps for first time...
View Article