Displaying 1 to 20 from 21 results

IPAPatch - Patch iOS Apps, The Easy Way, Without Jailbreak.


IPAPatch provide a simple way to patch iOS Apps, without needing to jailbreak. You can run your own code inside ipa file as a dynamic library. So you can change behavior of that app by utilizing Objective-C runtime.

NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.


NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".

Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing


A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).

linux-exploit-suggester - Linux privilege escalation auditing tool


Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.




trape - People tracker on the Internet: Learn to track the world, to avoid being traced.


People tracker on the Internet: Learn to track the world, to avoid being traced. Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

CHAOS - :fire: CHAOS allow generate payloads and control remote Windows systems.


CHAOS allow generate payloads and control remote Windows systems. 📚 This project was created only for learning purpose.

VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages


A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.


pig - A Linux packet crafting tool.


Pig (which can be understood as Packet intruder generator) is a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuff.Pig brings a bunch of well-known attack signatures ready to be used and you can expand this collection with more specific things according to your requirements.

ragatron - Ragatron is an HTML5 desktop game hacking tool


Ragatron is (or was) an open source hacking tool for HTML5 games. It targets A Wizard's Lizard, Indie Game Sim, and Soul Thief developed by Lost Decade Games. It is available for Windows and (Intel-based) Mac. The only targeted versions are the currently shipping versions purchased from Steam. Since this is early access, breaking changes are frequent.

Minesweeper - A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking)


A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking). As this is the first build of Minesweeper lists are currently built based on CoinBlockerLists. As the project matures more sources will be added, as well as direct code checks. Since CoinBlockerLists updates quite frequently code is included to allow you to manually update your source list from the CoinBlockerLists github project.

hacker-roadmap - :pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security


This repository is a guide for amateurs pen testers and a summary of hacking tools, resources and references to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed. Note that Linux is the best operating system to practice ethical hacking. Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.

wpscan-v3 - WPScan v3 BETA is a Black Box WordPress Vulnerability Scanner - https://wpscan.org


The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team. Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.

Taipan - Web application security scanner


If you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken. You can download it from the Artifacts Directory.