Maligno - Penetration Testing Tool that Serves Metasploit Payloads

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.Changelog: Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload...

Read More

Dradis v2.9 - Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information:Information discoveryExploit useful informationReport the findingsBut penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available in an effective way...

Read More

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.FeaturesSupport for injections using Mysql, SQL Server, Postgres and Oracle databases.Command line interface. Different commands trigger different actions.Auto-completion for commands, command arguments and database,...

Read More

SmartSPLAT - Tool to troubleshoot Checkpoint firewall issues and perform management tasks

Smart SPLAT is a freeware software to troubleshoot Checkpoint firewall issues and perform management tasks. It periodically checks for an update and when a new release is published, updates itself via the SmartSPLAT web site.SmartSPLAT lets you connect to your firewall via secure channel SSH Critical commands like cpstop, kill, reboot and etc. deleting a license or similar commands that can cause your firewall not to function properly are colored...

Read More

Smart Pentester - An SSH based Penetration Testing Framework

Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc.Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence, Advanced packet generation techniques and more...Download Smart Pentes...

Read More

Hexorbase - Multiple Database Management and Audit Tool

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are...

Read More

WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet

WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.While capturing the Web site files, the main window...

Read More

HackPorts - Mac OS X Penetration Testing Framework and Tools

HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.Tool List:0trace3proxyAir – Automated Image InstallerAndroid APK ToolAndroid SDK FrameworkApache UsersAutospyBLINDELEPHANTBRAABedBeefBinwalkBtdsdCHKRootKitCHNTPwdCasefile...

Read More

Wireless Network Watcher - Show who is connected to your wireless network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name.You can also export the connected devices list into html/xml/csv/text...

Read More

Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process

RemoteDLL is the simple tool to Inject DLL or Remove DLL from Remote Process. It is based on popular Dll Injection technique.It supports following DLL Injection methods CreateRemoteThread NtCreateThread [Good for DLL Injection across sessions on Vista/Windows 7] QueueUseAPC [Delayed Injection]Removing DLL or Freeing DLL from Process is the unique feature of RemoteDLL. It can help you to instantly remove DLL from target process...

Read More

ArchAssault - Arch Linux ISO for Penetration Testers

The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source.While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages...

Read More

wpbf - WordPress Brute Force

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames.When a correct username/passwords matchs, it will be logged and show on the standard output.For faster results you can spawn threads but BE CAREFULL not to flood/DoS the site. Default settings can be changed in "config.py" and "logging.conf" files.The wordlist must have one entry per line,...

Read More

Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.*Automater is installed on HoneyDrive and Kali by default...

Read More

Windows Autologin Password Dumper & Manager v2.0

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.Here is the complete list of things that...

Read More

Hooker - Automated Dynamic Analysis of Android Applications

Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls and aggregate all their contextual information (parameters, returned values, ...) in an elasticsearch database. A set of python scripts can be used to...

Read More

Passive Spider - Information Gathering from Search Engine Tool

Passive Spider uses search engines (currently only Bing supported) to find interesting information about a target domain.INSTALLgit clone https://github.com/RandomStorm/passive-spider.gitcd passive-spidergem install bundler && bundle installPlace your search engine API keys in the api_keys.config file. Each search engine API has different usage limits and pricing, refer to them for this information. Do not share your keys.Tested on Mac OS X with Ruby 1.9.3 & Ruby 2.1.2.ARGUMENTS--domain || -d The domain you would like to use...

Read More

YASAT - Yet Another Stupid Audit Tool

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking security configuration issue or others good practice. It checks many software configurations like: ApacheBind DNSCUPSPHPkernel configurationmysqlnetwork...

Read More

HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files

HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.Using HashMyFilesHashMyFiles doesn't require any installation process or additional...

Read More

Shellter - A Dynamic ShellCode Injector

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).The shellcode can be something yours or something generated through a framework, such as Metasploit.Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions...

Read More

PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs, checking remote configuration, etc.PAExec - The Redistributable PsExecMicrosoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system administrators everywhere. It just has two tiny flaws:PsExec can not be redistributedSensitive...

Read More

DarunGrim - A Patch Analysis and Binary Diffing Tool

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection...

Read More

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookieXSSYA Features * Support HTTPS* After Confirmation (execute payload to get cookies)* Can be run in (Windows - Linux)* Identify 3 types of WAF...

Read More

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

A FrameWork For NoSQL Scanning, Enumeration and Exploitation.NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.NoSQL Databases have gained popularity and its security has always been under the scanner.The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.Added Features:First Ever...

Read More

Antak WebShell - A webshell which utilizes PowerShell

Antak is a webshell written in C#.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishangUse this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands (like changing current directory or running session aware scripts). Executing PowerShell scripts on the target - Paste the script in command textbox and click...

Read More

Moo0 File Monitor - Monitor file access easily

Moo0 File Monitor lets you easily monitor the file access activities on your system.Have you ever wondered what's going on with your disk system behind your watch? Why the disk is busy? What's scratching your HDD? You may find them out using this simple program.Download Moo0 File Moni...

Read More

OWASP Mantra Security Toolkit - Browser Based Security Framework

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs,...

Read More

Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

Xenotix xBOT is a proof of concept cross platform (Linux, Windows, Mac) bot written in Python that abuse certain Google Services to implement Command & Control Center for the botnet. The Google Apps Data API, Google Forms and Google Spreadsheet is abused to implement C2 for a bot network. The Google Forms can act as the C2 for a bot network. All the entries to the Google Form are send to an attached Spreadsheet. Here we can implement a...

Read More

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi.There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications (web sites visited, emails, social media) under the guise of anti-terrorism.Several private organisations have developed technologies claiming to facilitate the analysis...

Read More

sb0x-project - A simple and Lightweight framework for Penetration testing

sb0x-project is A Lightweight Framework for PenTesting Written in PythonPlatforms:LinuxBSD"Or Unix System"Download s...

Read More

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

A simple scan in bash to extract sites from a bing search and check if is vulnerable.Download Bing Heartbleed S...

Read More

ByWaf - Web Application Penetration Testing Framework

ByWaf is a Web Application Penetration Testing Framework (WAPTF). It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License.The Bywaf application is built on Python’s built-in cmd.Cmd class. Cmd is a lightweight command interpreter loop that provides several useful facilities for the developer, including overridable...

Read More

WebCookiesSniffer - Capture Web site cookies

WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower p...

Read More

RCEer - Simple Remote Command Execution scanner

Simple Remote Command Execution scanner written in Python 2.7Download RC...

Read More

Bro - Passive Open-Source Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro’s user community includes major...

Read More

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. FunctionsSQL InjectionOperation System FunctionDump DatabaseExtract Database SchemaSearch Columns NameRead File (read only)Create File (read only)Brute Table & ColumnDownload Simple SQLi Dumper v...

Read More

Liffy - Local File Inclusion Exploitation Tool

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.Exploitation Once you have...

Read More