Displaying 1 to 20 from 41 results

Snort - Network Intrusion Prevention and Detection System

  •    C

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

fluxion - Fluxion is a remake of linset by vk496 with less bugs and enhanced functionality.

  •    HTML

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues. If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord.

esp8266_deauther - Scan for WiFi devices, block selected connections, create dozens of networks and confuse WiFi scanners!

  •    C

This software allows you to easily perform a variety of actions to test 802.11 wireless networks by using an inexpensive ESP8266 WiFi SoC (System On A Chip). The main feature, the deauthentication attack, is used to disconnect devices from their WiFi network. No one seems to care about this huge vulnerability in the official 802.11 WiFi standard, so I took action and enabled everyone who has less than 10 USD to spare to recreate this project. I hope it raises more attention on the issue. In 2009 the WiFi Alliance actually fixed the problem (see 802.11w), but only a few companies implemented it into their devices and software. To effectively prevent a deauthentication attack, both client and access point must support the 802.11w standard with protected managment frames (PMF). While most client devices seem to support it when the access point forces it, basically no WiFi access point has it enabled.

dhcpwn - All your IPs are belong to us.

  •    Python

DHCPwn is a tool used for testing DHCP IP exhaustion attacks. It can also be used to sniff local DHCP traffic. The DHCP protocol is connectionless and implemented via UDP. These two characteristics allow this attack to be performed. Since there is no actual connection being made between the client and server we can quickly send many spoofed requests.




express-rate-limit - Basic rate-limiting middleware for express

  •    Javascript

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an addon store or trying out one of the excelent competing options.

express-brute - Brute-force protection middleware for express routes by rate limiting incoming requests

  •    Javascript

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. An in-memory store for persisting request counts. Don't use this in production, instead choose one of the more robust store implementations listed below.

Wi-PWN - ESP8266 Deauther ​with a material design WebUI πŸ“Ά

  •    C

Wi-PWN is a firmware that performs deauth attacks on cheap Arduino boards. The ESP8266 is a cheap micro controller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino. A deauthentication attack is often confused with Wi-Fi jamming, as they both block users from accessing Wi-Fi networks.

adversarial-robustness-toolbox - This is a library dedicated to adversarial machine learning

  •    Jupyter

This is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attacks and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers.


fusker - Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io

  •    CoffeeScript

You think you're one raw dog? fusker.nodester.com Come at me bro. Please see this for a working express example. It's as easy as app.use(fusker.express.check); Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.

bcc - An IPP tool to Man-in-the-Middle all traffic to a local printer

  •    Javascript

This is an example of a Bonjour/Zeroconf Man-in-the-Middle attack. This software showcases the attack of an IPP enabled printer. It will intercept all print jobs sent to the target printer.This attack only works for Bonjour/Zeroconf and IPP enabled printers. Only jobs sent from clients that have the printer configured using Bonjour/Zeroconf will have their jobs intercepted.

hardhttps - Slightly hardened https for node

  •    Javascript

Make an https server that is more resistant to client-initiated renegotiations, and other common security mistakes.Not quite an A+ yet, but getting there.

Mitm - Man in the middle tool

  •    C

This tool can be use to perform a man in the middle using ARP poisoning on two given hosts.Using osdep, a tunnel creation library which is part of the aircrack project, it can set up an interface (mitm0) in which the replayed packets will be written (to sniff easily).

envelope-generator - Simple ADSR envelope generator for web audio

  •    Javascript

Basic ADSR envelope generator for web audio. A demo is running here. The constructor accepts two arguments: an AudioContext and a settings object. All settings are optional, but you will probably want to set at least attackTime, decayTime, sustainLevel, and releaseTime.

adsr - UNMAINTAINED: Attack, decay, sustain, release envelope for automating Web Audio API AudioParams

  •    Javascript

Attack, decay, sustain, release envelope for automating Web Audio API AudioParams. Returns an ADSR ModulatorNode instance.

ddos-stress - nodejs ddos stress app

  •    Javascript

Do not use this module ta attack servers and services you don't own! It is only for testing purposes and not for unauthorized actions.