Clik here to view.
wig - WebApp Information Gatherer
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.The application fingerprinting is based on checksums...
View ArticleClik here to view.
KRACK Detector - Detect and prevent KRACK attacks in your network
KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network. The script is meant to be run on the Access Point rather than the client devices. It listens...
View ArticleClik here to view.
Linux Soft Exploit Suggester - Search Exploitable Software On Linux
linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities.> python...
View ArticleClik here to view.
CrunchRAT - HTTPS-based Remote Administration Tool (RAT)
CrunchRAT currently supports the following features:File uploadFile downloadCommand executionIt is currently single-threaded (only one task at a time), but multi-threading (or multi-tasking) is...
View ArticleClik here to view.
Evil-Droid - Framework to Create, Generate & Embed APK Payloads
Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms.Screenshot:Dependencies :1 - metasploit-framework2 - xterm3 - Zenity4 - Aapt5 - Apktool6 -...
View ArticleClik here to view.
pcc - PHP Secure Configuration Checker
Check current PHP configuration for potential security flaws.Simply access this file from your webserver or run on CLI.AuthorThis software was written by Ben Fuhrmannek, SektionEins GmbH, in an effort...
View ArticleClik here to view.
Cromos - Download and Inject code into Google Chrome extensions
Cromos is a tool for downloading legitimate extensions of the Chrome Web Store and inject codes in the background of the application and more cromos create executable files to force installation via...
View ArticleClik here to view.
Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud...
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind.It includes a full portable laboratory for security and digital forensics experts, but it also includes all you...
View ArticleClik here to view.
enum4linux - Tool for Enumerating Information from Windows and Samba Systems
A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.Enum4linux is a tool for enumerating information from Windows and Samba systems.It is written in Perl and is basically...
View ArticleClik here to view.
EvilURL - An Unicode Domain Phishing Generator for IDN Homograph Attack
An unicode domain phishing generator for IDN Homograph Attack.VIDEO DEMOCLONEgit clone https://github.com/UndeadSec/EvilURL.gitRUNNINGcd EvilURLpython evilurl.pyPREREQUISITESpython 2.7TESTED ONKali...
View ArticleClik here to view.
Paskto - Passive Web Scanner
Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then processed through Nikto and...
View ArticleClik here to view.
docker-onion-nmap - Scan .onion hidden services with nmap using Tor,...
Use nmap to scanhidden "onion" services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use...
View ArticleClik here to view.
TrevorC2 - Command and Control via Legitimate Behavior over HTTP
TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for...
View ArticleClik here to view.
Dex-Oracle - A pattern based Dalvik deobfuscator which uses limited execution...
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify.BeforeAftersha1:...
View ArticleClik here to view.
CredSniper - Phishing Framework which supports SSL and capture credentials...
Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can...
View ArticleClik here to view.
fatcat - FAT Filesystems Explore, Extract, Repair, And Forensic Tool
This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32.Tutorials & examplesBuilding and...
View ArticleClik here to view.
Mentalist - Graphical Tool For Custom Wordlist Generation
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and...
View ArticleClik here to view.
Faraday v2.7 - Collaborative Penetration Test and Vulnerability Management...
Faraday is the Integrated Multiuser Risk Environment you have alwasy been looking for! It maps and leverages all the data you generate in real time, letting you track and understand your audits. Our...
View ArticleClik here to view.
Cr3dOv3r - Know The Dangers Of Credential Reuse Attacks
Your best friend in credential reuse attacks.Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :Search for public leaks for the email and if it any, it returns with all...
View ArticleClik here to view.
MHA - Mail Header Analyzer
Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can:Identify hop delays.Identify the source of the email.Identify...
View Article