Displaying 1 to 20 from 24 results

Sn1per - Automated Pentest Recon Scanner

  •    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

  •    Python

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.

SocialFish - Ultimate phishing tool. Socialize with the credentials.

  •    HTML

ONLY DOWNLOAD IT HERE, DO NOT TRUST IN OTHER PLACES. This is the official and only repository of the SocialFish project.




DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events

  •    Python

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts. The toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Just write your own Fire module and drop it into the FireModules directory. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.

Goohak - Automatically Launch Google Hacking Queries Against A Target Domain

  •    Shell

Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

ReverseAPK - Quickly analyze and reverse engineer Android packages

  •    Shell

Quickly analyze and reverse engineer Android applications. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.


habu - Python Network Hacking Toolkit

  •    Python

I'm developing Habu to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.

reverse-shell - Reverse Shell as a Service

  •    Javascript

Easy to remember reverse shell that should work on most Unix-like systems.On your machine, open up a port and listen on it. You can do this easily with netcat.

DorkNet - Selenium powered Python script to automate searching for vulnerable web apps.

  •    Python

Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save them to a textfile for further processing with SQLmap or similar utilities.

IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer.

  •    Shell

Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

MIDA-Multitool - Bash script purposed for system enumeration, vulnerability identification and privilege escalation

  •    Shell

Bash script purposed for system enumeration, vulnerability identification and privilege escalation. MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor.

Shellshocker - A Bash script to test a list of URLs for the shellshock vulnerability.

  •    Shell

Via curl to each URL in the list respectively, per line, in sequence. After doing so you can select the 'Output' option to specify a location to which a copy of the script's output will be saved. This option is not mandatory however and output will be printed to the STDOUT regardless of whether it is set or not.

awesome-oscp - A curated list of awesome OSCP resources

  •    

To the extent possible under law, Adel "0x4D31" Karimi has waived all copyright and related or neighboring rights to this work.

PRISM-AP - An automated Wireless RogueAP MITM attack framework.

  •    Shell

PRISM-AP is an automated Wireless RogueAP MITM attack framework. This script is distributed "as is" and no support will be provided in it's current state (not intended for beginners).

juice-shop-ctf - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

  •    Javascript

The NPM package juice-shop-ctf-cli lets you create a archive files for conveniently import OWASP Juice Shop challenges into different Capture the Flag frameworks. This allows you to populate a CTF game server in a matter of minutes. Then follow the instructions of the interactive command line tool.