Clik here to view.
Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System
Tinfoil Chat (TFC) is a FOSS+FHDpeer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key...
View ArticleClik here to view.
ProjectOpal - Stealth Post-Exploitation Framework For Wordpress
Stealth post-exploitation framework for Wordpress CMSOfficial ProjectOpal Repository.What is it and why was it made?We intentionally made it for our penetration testing jobs however its getting grey...
View ArticleClik here to view.
Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted...
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on...
View ArticleClik here to view.
InQL Scanner - A Burp Extension For GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts.InQL can be used as a stand-alone script, or as a Burp Suite extension.InQL Stand-AloneRunning inql from Python will...
View ArticleClik here to view.
Webkiller v2.0 - Tool Information Gathering
Tool Information Gathering Write With Python.PreView██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗██║ █╗ ██║█████╗...
View ArticleClik here to view.
SauronEye - Search Tool To Find Specific Files Containing Specific Words,...
SauronEye is a search tool built to aid red teams in finding files containing specific keywords.Features:Search multiple (network) drivesSearch contents of filesSearch contents of Microsoft Office...
View ArticleClik here to view.
Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows...
Project iKy is a tool that collects information from an email and shows results in a nice visual interface.Visit the Gitlab Page of the ProjectInstallationClone repositorygit clone...
View ArticleClik here to view.
One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing...
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a...
View ArticleClik here to view.
R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability
DisclaimerThis is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.This project is intended for educational purposes only and cannot be used for law violation or personal gain.The author of...
View ArticleClik here to view.
CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC
(c) 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes POC to check for CVE-2020-0796 / "SMBGhost" Expected outcome: Blue Screen Intended only for educational and testing in...
View ArticleClik here to view.
CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost
Windows SMBv3 LPE ExploitAuthorsDaniel García Gutiérrez (@danigargu)Manuel Blanco Parajón...
View ArticleClik here to view.
Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your...
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its...
View ArticleClik here to view.
Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource...
auspex [ˈau̯s.pɛks] noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.awspx is a graph-based tool for visualizing effective access and resource...
View ArticleClik here to view.
MSSQLi-DUET - SQL Injection Script For MSSQL That Extracts Domain Users From...
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of...
View ArticleClik here to view.
FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS...
FProbe - Fast HTTP ProbeInstallationGO111MODULE=on go get -u github.com/theblackturtle/fprobeFeaturesTake a list of domains/subdomains and probe for working http/https server.Optimize RAM and CPU in...
View ArticleClik here to view.
DigiTrack - Attacks For $5 Or Less Using Arduino
In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every 60 seconds.Now includes:...
View ArticleClik here to view.
Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API...
This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM the mutator is quite simple, just the AFL's havoc and splice stages.I...
View ArticleClik here to view.
Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice...
Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may...
View ArticleClik here to view.
Tweetshell - Multi-thread Twitter BruteForcer In Shell Script
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400...
View ArticleClik here to view.
Sandcastle - A Python Script For AWS S3 Bucket Enumeration
Inspired by a conversation with Instacart's @nickelser on HackerOne, I've optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.The script...
View Article