Search results

Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on the list and store the oneliner into a...

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find...

Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more... Instead of injecting shell and checking it works like all the...

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that...

sshd-poison is a tool to get creds of pam based sshd authentication, this is not the easiest way to do that (you can create a pam module, or just add auth optional pam_exec.so quiet expose_authtok /bin/bash -c {read,-r,x};{echo,-e,"`env`\n$x"}>>somefile in a service configuration), not even the...

Functions Of CMSeek: Basic CMS Detection of over 170 CMS Drupal version detection Advanced Wordpress Scans Detects Version User Enumeration Plugins Enumeration Theme Enumeration Detects Users (3 Detection Methods) Looks for Version Vulnerabilities and much more! Advanced Joomla Scans Version...

A threaded, recursive, web directory brute-force scanner over HTTP/2 using hyper, inspired by Gobuster. Features Fast and portable - install hyper and run. Multiconnection scanning. Multithreaded connections. Scalable: scans can be as docile or aggressive as you configure them to be. h2 and...

Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containersusing getrun function from kubelet: How? Okay...

A fuzzer for any GET entries. Features Multi-threading on demand Fuzzing, bruteforcing GET params Find admin panels Colored output Hide results by return code, word numbers Proxy support Big wordlist Colored Usages Install Download Brutality

New Way To Relive Some Zinio File In order to be able to read the mags, you have to be connected to the internet when you open them for the first time. It creates an .xml file in a folder called "ContentGuard", located in "C:\Documents and Settings\User\Application Data\ContentGuard". (User is...

A static code analysis for WordPress Plugins/Themes (and PHP) Installation Simply clone the repository, install requirements and run the script Usage Available options: Creating modules Creating a module is flexible and allows for override of the BaseClass methods for each module as well as...

Using open Adb ports we can exploit a device you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge” I will soon make a tutorial on how to use PhoneSploit Install

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the...

Find usernames in social networks. Installation Install dependencies (Debian/Ubuntu): Install with pip3: Building from Source Clone this repository, and: Update To update this tool to the latest version, run: Usage Start by printing the available actions by running userrecon-py --help...

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the...

Facebook Brute Forcer in shellscript using TOR WARNING: Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass/h. Features Save/Resume sessions Anonymous attack through TOR Default Password List (+39k) Usage: Install requirements (Curl, Tor):

Advanced Indicator of Compromise (IOC) extractor. Overview This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and "defanged" IOCs in the output, and optionally decodes/refangs them. The Problem It is common...

ANDRAX The first and unique Penetration Testing platform for Android smartphones. Thanks to Jessica Helena she made ANDRAX v3 possible. What is ANDRAX ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it...