Clik here to view.
Frida – Dynamic Code Instrumentation Toolkit
Frida is basically Greasemonkey for native apps, or, put in more technical terms, it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript into native apps on Windows,...
View ArticleClik here to view.
TempRacer – Windows Privilege Escalation Tool
TempRacer is a Windows Privilege Escalation Tool written in C# designed to automate the process of injecting user creation commands into batch files with administrator level privileges. The code itself...
View ArticleClik here to view.
Responder – LLMNR, MDNS and NBT-NS Poisoner
Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: NetBIOS Suffixes). By default, the tool will only...
View ArticleClik here to view.
Phishing Frenzy – E-mail Phishing Framework
Phishing Frenzy is an Open Source Ruby on Rails e-mail phishing framework designed to help penetration testers manage multiple, complex phishing campaigns. The goal of the project is to streamline the...
View ArticleClik here to view.
DNSRecon – DNS Enumeration Script
DNSRecon is a Python based DNS enumeration script designed to help you audit your DNS security and configuration as part of information gathering stage of a pen-test. DNS reconnaissance is an important...
View ArticleClik here to view.
INURLBR – Advanced Search Engine Tool
INURLBR is a PHP based advanced search engine tool for security professionals, it supports 24 search engines and 6 deep web or special options. Very useful for the information gathering phase of a...
View ArticleClik here to view.
Recon-ng – Web Reconnaissance Framework
Recon-ng is a full-featured Web Reconnaissance Framework written in Python. Complete with independent modules, database interaction, interactive help, and command completion – Recon-ng provides a...
View ArticleClik here to view.
Empire – PowerShell Post-Exploitation Agent
Empire is a pure PowerShell post-exploitation agent built on cryptographically secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing...
View ArticleClik here to view.
WAFW00F – Fingerprint & Identify Web Application Firewall (WAF) Products
WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out...
View ArticleClik here to view.
SPF (SpeedPhish Framework) – E-mail Phishing Toolkit
SPF (SpeedPhish Framework) is a an e-mail phishing toolkit written in Python designed to allow for quick recon and deployment of simple social engineering phishing exercises. There are also other...
View ArticleClik here to view.
Gdog – Python Windows Backdoor With Gmail Command & Control
Gdog is a stealthy Python Windows backdoor that uses Gmail as a command and control server, it’s inspired by Gcat and pushes a little beyond a proof of concept with way more features. And don’t forget,...
View ArticleClik here to view.
The Backdoor Factory (BDF) – Patch Binaries With Shellcode
The Backdoor Factory or BDF is a tool which enables you to patch binaries with shellcode and continue normal execution exactly as the executable binary would have in its’ pre-patched state. Some...
View ArticleClik here to view.
SubBrute – Subdomain Brute-forcing Tool
SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain brute-forcing tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind...
View ArticleClik here to view.
wildpwn – UNIX Wildcard Attack Tool
wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often. The...
View ArticleClik here to view.
Wfuzz – Web Application Brute Forcer
Wfuzz is a Python based flexible web application brute forcer which supports various methods and techniques to expose web application vulnerabilities. This allows you to audit parameters,...
View ArticleClik here to view.
Unicorn – PowerShell Downgrade Attack
Magic Unicorn is a simple tool for using a PowerShell downgrade attack to inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique...
View ArticleClik here to view.
shadow – Firefox Heap Exploitation Tool (jemalloc)
shadow is a new, extended (and renamed version) of a Firefox heap exploitation tool, which is quite a swiss army knife for Firefox/jemalloc heap exploitation. If you want to dive in really deep to this...
View ArticleClik here to view.
Automater – IP & URL OSINT Tool For Analysis
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater...
View ArticleClik here to view.
DMitry – Deepmagic Information Gathering Tool
DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU) Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base...
View ArticleClik here to view.
dnmap – Distributed Nmap Framework
dnmap is a distributed Nmap framework which can hand off Nmap scans to several clients. It reads an already created file with Nmap commands and send those commands to each client connected to it. The...
View Article