Clik here to view.
VPNPivot - Explore the network
Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory,...
View ArticleClik here to view.
BSQLinjector - Blind SQL injection exploitation tool written in ruby.
BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application.Options:...
View ArticleClik here to view.
CryptTools - Encryption, decryption and cracking
Tools for encryption, decryption and cracking from several cryptographic systems.How to InstallInstall Python 3.6 if you do not have it yet.Ensure that you have installed python3.6 in /usr/bin...
View ArticleClik here to view.
TCPCopy - A TCP Stream Replay Tool
Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of Internet...
View ArticleClik here to view.
WinDivert - Windows Packet Divert
Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divertpackage for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10.WinDivert allows user-mode programs to...
View ArticleClik here to view.
RedSails - Bypassing host based security monitoring and logging
A post-exploitation tool capable of:maintaining persistence on a compromised machinesubverting many common host event logs (both network and account logon)generating false logs / network trafficBased...
View ArticleClik here to view.
LFiFreak - LFi Exploiter with Bind/Reverse Shells
FeaturesWorks with Windows, Linux and OS XIncludes bind and reverse shell for both Windows and LinuxWritten in Python 2.7What is this all about?A unique tool for exploiting local file inclusions using...
View ArticleClik here to view.
Kubebot - Security testing Slackbot
Data Flow1 - API request (tool, target, options) initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes (K8s) cluster and can be scaled.2 - API server...
View ArticleClik here to view.
Exe2Image - A simple utility to convert EXE files to JPEG images and vice versa
A simple utility to convert EXE files to PNG images and vice versa.Putty.exe converted to an image.Download Exe2Image
View ArticleClik here to view.
SCUTUM - Linux Automatic ARP (TCP / UDP / ICMP) Firewall
SCUTUM - Linux Automatic ARP (TCP / UDP / ICMP) FirewallCurrent Version Change log:Added Self-Upgrading Function, now users can execute self-upgrading with $ sudo scutum --upgradeAdded AVALON Framework...
View ArticleClik here to view.
radare2 - Unix-like reverse engineering framework and commandline tools
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool, a scriptable commandline hexadecimal editor...
View ArticleClik here to view.
BloodHound - Six Degrees of Domain Admin
BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor.BloodHound uses graph theory to reveal the...
View ArticleClik here to view.
CrackMapExec - A swiss army knife for pentesting networks
CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off...
View ArticleClik here to view.
VHostScan - Virtual host scanner that can be used with pivot tools
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck).Key...
View ArticleClik here to view.
NoSQLMap - Automated NoSQL database enumeration and web application...
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in...
View ArticleClik here to view.
BaRMIe - Java RMI enumeration and attack tool
BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.RMI services often expose dangerous functionality without adequate security controls, however RMI services...
View ArticleClik here to view.
ThunderShell - PowerShell based RAT
ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network...
View ArticleClik here to view.
Cipherscan - Find out which SSL ciphersuites
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more....
View ArticleClik here to view.
RedSails - Python based post-exploitation
A post-exploitation tool capable of:maintaining persistence on a compromised machinesubverting many common host event logs (both network and account logon)generating false logs / network trafficBased...
View ArticleClik here to view.
Dradis Framework - Colllaboration and reporting for IT Security teams
Dradis is an open-source collaboration framework, tailored to InfoSec teams.GoalsShare the information effectively.Easy to use, easy to be adopted. Otherwise it would present little benefit over other...
View Article