Related Projects

hackerEnv - Automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them

  •    Shell

hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali linux and Parrot OS.

mpc - MSFvenom Payload Creator (MSFPC)

  •    Shell

A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

SpookFlare - Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures

  •    Python

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads. Special thanks to the following projects and contributors.

One-Lin3r - Gives you one-liners that aids in penetration testing operations

  •    Python

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. The payloads database is not big now because this the first edition but it will get bigger with updates and contributions.


HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.

  •    Go

HERCULES is a customizable payload generator that can bypass antivirus software. WARNING: Don't change the location of the HERCULES folder.

Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!

  •    Python

Veil-Evasion is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. NOTE: ./setup/setup.sh should be re-run on every major version update. If you receive any major errors on running Veil-Evasion, first try re-running this script to install any additional packages and update the common configuration file.

airbash - A POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing

  •    C

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured). After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.

Sn1per - Automated Pentest Recon Scanner

  •    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

Metasploit Framework - World's most used penetration testing software

  •    Ruby

Metasploit, helps verify vulnerabilities and manage security assessments. It makes it easy to automate all phases of a penetration test, from choosing the right exploits to streamlining evidence collection and reporting.

wifite2 - Rewrite of the popular wireless network auditor, "wifite"

  •    Python

A complete re-write of wifite, a Python script for auditing wireless networks. Wifite2 is designed entirely for the latest version of Kali Rolling release (tested on Kali 2016.2, updated May 2017).

EggShell - iOS/macOS/Linux Remote Administration Tool

  •    Objective-C

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is project is a proof of concept, intended for use on machines you own. Eggshell payloads are executed on the target machine. The payload first sends over instructions for getting and sending back device details to our server and then chooses the appropriate executable to establish a secure remote control session.

Veil - Veil 3.1.X (Check version info in Veil at runtime)

  •    Python

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. This file is responsible for installing all the dependences of Veil. This includes all the WINE environment, for the Windows side of things. It will install all the necessary Linux packages and GoLang, as well as Python, Ruby and AutoIT for Windows. In addition, it will also run ./config/update-config.py for your environment.

unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory

  •    Python

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed if using Metasploit methods and in the right path) and magic unicorn will automatically generate a powershell command that you need to simply cut and paste the powershell code into a command line window or through a payload delivery system. Unicorn supports your own shellcode, cobalt strike, and Metasploit.

SniffAir - A framework for wireless pentesting.

  •    Python

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules. Tested and supported on Kali Linux, Debian and Ubuntu.

Vanquish - Vanquish is Kali Linux based Enumeration Orchestrator

  •    Python

Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell. CTRL + C to exit an enumeration phase and skip to the next phase (helpful if a command is taking too long) Vanquish will skip running a command again if it sees that the output files already exist. If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.

fluxion - Fluxion is a remake of linset by vk496 with less bugs and enhanced functionality.

  •    HTML

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues. If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord.

Eternalblue-Doublepulsar-Metasploit - Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar

  •    Ruby

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.