Clik here to view.
Python Script for Brute Forcing SSHD.
QUICK OVERVIEW: This script runs a brute force attack on an SSH server version 2, and uploads and executes a file after obtaining a valid password. If connection to the SSH server is lost during the...
View ArticleClik here to view.
HostileSubBruteforcer – Pure Subdomain Bruteforce.
This app will bruteforce for exisiting subdomains and provide the following information: + IP address + Host + if the 3rd party host has been properly setup. (for example if site.example.com is poiting...
View ArticleClik here to view.
SpiderFoot v2.6.0 released; is an open source footprinting and intelligence...
SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname or...
View ArticleClik here to view.
Ufonet v0.6 – Galactic Offensive released.
[!]Remember: this tool is NOT for educational purpose. Usage of UFONet for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local,...
View ArticleClik here to view.
Dominos-OWN is a IBM/Lotus Domino exploitation.
Dominos-OWN is a IBM/Lotus Domino exploitation. with function: – Accessing Domino Quick Console – Dumping Domino account hashes – Fingerprinting Domino server Dominos-OWN is a IBM/Lotus Domino...
View ArticleClik here to view.
Scanner Routerhunter 2.0 – Testing vulnerabilities in devices & routers...
The Routerhunter was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers. Tool used to find...
View ArticleClik here to view.
Android-VTS v11 released ~ Android Vulnerability Test Suite
Changelog v-11: + Sort vulnerabilities by date of CVE descending + Enable WeakSauce check + Fix crashes with x509 serialization check on devices < Kitkat + Add check for CVE-2015-1528 + Fix some UI...
View ArticleClik here to view.
Sawef – Send Attack Web Forms.
Has been tested on WIndows Xp/Vista/7/8.1/10, Kali 2.0, Ubuntu 14.04 The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of...
View ArticleClik here to view.
Router brute force tool.
Scans an IP address range for routers/modems implementing HTTP basic authentication that are exposed to the Internet, attempts to login with a set of common default usernames and passwords, and finally...
View ArticleClik here to view.
ATSCAN-v3.1 – perl script for vulnerable Server, Site and dork scanner.
ATSCAN is a perl script with function Dork scanner. XSS scanner. LFI scanner. Filter wordpress and Joomla sites in the server. Find Admin page. Decode / Encode MD5 + Base64. Changelog v3.1: Correct...
View ArticleClik here to view.
Fire – Custom LKM firewall passes packets to userland python script.
fire is custom firewall resides in kernel space and userspace Contains 2 components: + custom.ko — LKM (linux kernel module) + fire.py — Python script (run from user space) Custom.ko passes...
View ArticleClik here to view.
V3n0mScanner v4.0.2c – A tool to automate mass SQLi d0rk scanner.
Changelog V.4.0.2c, 25/1/2016: Pulls far more results per page, sadly more results negates the slight speed improvement from “Keep-Alive”… Still working on improving overall Search-Engine speed. V3n0M...
View ArticleClik here to view.
shellsploit-framework v1-beta : New Generation Exploit Development Kit.
Shellsploit let’s you generate customized shellcodes, backdoors, injectors for various operating system. And let’s you obfuscation every byte via encoders. Requirement: + capstone + readline...
View ArticleClik here to view.
striptls – poc implementation of STARTTLS stripping attacks.
striptls – poc implementation of STARTTLS stripping attacks. SMTP + SMTP.StripFromCapabilities – server response capability patch + SMTP.StripWithInvalidResponseCode – client STARTTLS stripping,...
View ArticleClik here to view.
SQLcutie 1.8a – sqli dork scanner.
SQLcutie is a compact search engine dorker which able to search over 10 different types of error. To able to use sqlcutie you need Perl’s modules: + LWP::UserAgent + HTTP::Request + Term::ANSIColor...
View ArticleClik here to view.
FruityWifi v-2.4 – is an open source tool to audit wireless networks.
changelog v2.4: + Utils have been added (replaces “ifconfig -a”) + Kali Linux Rolling compatibility issue has been fixed FruityWifi is a wireless network auditing tool. The application can be installed...
View ArticleClik here to view.
payday – Payload generator that uses Metasploit and Veil.
Payload generator that uses Metasploit and Veil. Takes IP address input and then builds payloads automatically. Calls Veil framework with supplied IP address and creates binaries and handlers. Uses...
View ArticleClik here to view.
Commix v0.7b – Automatic All-in-One OS Command Injection and Exploitation Tool.
Changelog Version 0.7b: * Added: The ability to store valid (Digest) credentials into session files for current target. * Added: Dictionary-based cracker for “Digest” HTTP authentication credentials. *...
View ArticleClik here to view.
Pyscan – A fast malware scanner using ShellScannerPatterns.
Pyscan – A fast malware scanner using ShellScannerPatterns. requiremnets: + python 2.7.x Supported Platforms + CentOS 5/6/7 + CloudLinux 5/6/7 + Redhat 5/6/7 + Ubuntu and Debian – All versions. +...
View ArticleClik here to view.
TLS-Attacker v1.1 is a Java-based framework for analyzing TLS libraries.
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided...
View Article