Clik here to view.
kisskissie – Simple proof of concept eXternal Xml Entity (XXE) scan and...
Kisskissie is a tool to automate XXE exfiltration easier.You should use this tool after you have confirmed that your target is vulnerable to XXE and you wish to exfil as much data as quickly as you...
View ArticleClik here to view.
PowerMemory v1.2 – Exploit the credentials present in files and memory.
Latest Change v1.2 12/3/2016; + PowerProcess added + Demine-TheField added (win at minesweeper) + Create-TGSInMemory added + Look for empty password in AD added powermemory v1.2 GWMD: Dump Like...
View ArticleClik here to view.
RSPET v0.0.4 – Reverse Shell and Post Exploitation Tool.
NEW IN V0.0.4 **Features: – RSPET_client.py and RSPET_client_min.py code cleanup – RSPET_server.py and RSPET_server_min.py partially rewritten; Partial modularity achieved. – RSPET_server.py and...
View ArticleClik here to view.
Albatar is a SQLi exploitation framework in Python.
Albatar is a framework in Python. As a result, you need to write some Python code to be able to exploit the SQLI. Then simply invoke your script by passing sqlmap-like command line options (e.g. –dbs,...
View ArticleClik here to view.
The Penetration Testers Framework (PTF) v1.7.1 codename: Shiny Shine.
Roadmap Changelog Version 1.7.1: * added new tools: veil, cmsmap, sparta, prowl, lfi_scanner, nosqlmap version 1.7: * added customized xml handler for zaproxy and added new zaproxy module * fixed...
View ArticleClik here to view.
sshhipot : High-interaction MitM SSH honeypot.
sshhipot : High-interaction MitM SSH honeypot. The general idea is that sshlowpot runs somewhere between the attacker and the real SSH server such that the attacker logs into the honeypot, and the...
View ArticleClik here to view.
MacroShop – Collection of scripts to aid in delivering payloads via Office...
Collection of scripts to aid in delivering payloads via Office Macros. Most are python. 1. macro_safe.py Generates safe for VB inclusion into an excel spreadsheet. Requires a batch file generated by...
View ArticleClik here to view.
uSploit framework is very basic exploit/peneration test tool framework.
µSploit framework is very basic exploit/peneration test tool framework. I have been focused to make µSploit easy (user friendly) and simple to use as possible. µSploit is written in python 3, and...
View ArticleClik here to view.
uSploit framework v1.2 – very basic exploit/peneration test tool framework.
Changelog VERSION 1.2-alpha: + updated cloudflare_resolver module + updated network_scanner + added netifaces library + scapy library replaced to core/libs + updated readme + fixed bug from usploit...
View ArticleClik here to view.
The Penetration Testers Framework (PTF) v1.8 codename: Tool Depot.
Changelog v1.8, codename Tool Depot: * added samba-client to ridenum as prereq * added poshc2 (PR) * added title for cmd shell (PR) * added fimap (PR) * changed install path from hardcoded to...
View ArticleClik here to view.
CrackMapExec v3.1.3 – A swiss army knife for pentesting Windows/Active...
Changelog v3.1.3: + New Mimikittenz (https://github.com/putterpanda/mimikittenz) module. + Added the –fail-limit, –gfail-limit and –ufail-limit flags to limit failed login attempts per host, globally...
View ArticleClik here to view.
JMET – The Java Message Exploitation Tool.
Disclaimer: JMET is a proof-of-concept tool for blackbox testing of JMS destinations. Please use this tool with care and only when authorized. Be aware that sending an invalid message to a JMS...
View ArticleClik here to view.
Needle is an open source, modular framework to streamline the process of...
Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has...
View ArticleClik here to view.
IR_Tools – Incident response tool that allow to search for IOC of different...
IR_Tools is a simple tools that help searching for IOC in a file or binary. Function: * It will allow you to simply search for a e-mail adress, url, phone number, username into a text/configuration...
View ArticleClik here to view.
T50 v5.6.6 – The fatest network packet injector.
Changelog t50 v5.6.6: * Fixed a problem where an incomplete option (without argument) is provided on command line. * Nasty bug on command line (where an incomplete final option is provided without an...
View ArticleClik here to view.
drozer v2.4.0 is a comprehensive security audit and attack framework for...
Changelog drozer v2.4.0: + Fixed bug in sharedUID package search + Fixed bug in web delivery page + Fixed bug in busybox path + Updated busybox for PIE Support + Referenced aapt-osx in setup script +...
View ArticleClik here to view.
PowerMemory v1.3 – Exploit the credentials present in files and memory.
Changelog PowerMemory v1.3: * Power-Escalate added * Menu modified * Bugs correction PowerMemory v1.3 Main Menu v1.3: What do you want assess? 1) Reveal memory passwords 2) Local escalation attempt 3)...
View ArticleClik here to view.
ssh-audit v1.0 is a tool for ssh server auditing.
Changelog ssh-audit v1.0.20160917: + Create tests for Dropbear SSH version comparison. + Add Prospector (Python Static Analysis) config and run script. + Signed mpint. + Implement OpenSSH version...
View ArticleClik here to view.
King Phisher v1.5.0 – a phishing-focused social engineering campaign.
Changelog KingPhisher v1.5.0: + SPF button on GUI, for on demand SPF record checking + Additional packages included in Windows build for plugin support + Bug fixes -+- Windows time zone issues fixed...
View ArticleClik here to view.
BLACKBOx v2 – A Penetration Testing Framework.
BLACKBOx – A Penetration Testing Framework. Dependencies: + Python 2.7x + git Roadmap & Changelog 1.8v: + ADD XSS/SQLi/RCE Scanner to google & bing dorker module ! + Fix LFI & Hashkiller...
View Article