Search results

A cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. How it works? It tool doesn't use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find subdomains and it method make it...

WAFW00F identifies and fingerprints Web Application Firewall (WAF) products. How does it work: To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of...

PasteShr version 1.6 suffers from multiple remote SQL injection vulnerabilities. MD5 | 7a51baa5eca6c04a0eb42f1e84db549c Download ====================================================

VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability. MD5 | e4ae43fff5271c25af6a88e2b9cdeb55 Download https://www.vmware.com/security/advisories/VMSA-2019-0007.html

Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms...

Miteru is an experimental phishing kit detection tool. How it works It collects phishy URLs from the following feeds: CertStream-Suspicious feed via urlscan.io OpenPhish feed via urlscan.io PhishTank feed via urlscan.io Ayashige feed It checks each phishy URL whether it enables directory...

Brutemap - Tool That Automates Testing Accounts To The Site's Login Page Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also...

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...

Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: credentials private RSA keys Wordpress configuration files MySQL connect strings onion links links to files hosted inside the onion network (PDF, DOC, DOCX, XLS, XLSX) Keep in mind: This...

Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such as Digispark USB Development Board, flashsploit generates Arduino IDE Compatible (.ino) Scripts based on User Input and then Starts a Listener in Metasploit-Framework if Required by the Script, in Summary ...

Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already...

first of all, you need them IP Address IP Address: Generate a Link which you send to your victim. If he clicks it, his IP will be sent to your email inbox. http://getthierip.com http://whatstheirip.com http://IPlogger.com - then, open up notepad and write this commands: ok after get him IP...

Powerfull Simple XSS Scanner made with python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: Usage Basic usage: Advanced usage see help: Roadmap v0.3B: Added custom options ( Such --proxy, --user-agent etc... ) First...

This release brings the kernel up to version 4.19.28, fixes numerous bugs, includes many updated packages, and most excitingly, features a new release of Kali Linux NetHunter! Kali NetHunter 2019.2 Release NetHunter now supports over 50 devices running all the latest Android versions, from...

Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on the list and store the oneliner into a...

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find...

Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more... Instead of injecting shell and checking it works like all the...

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that...

sshd-poison is a tool to get creds of pam based sshd authentication, this is not the easiest way to do that (you can create a pam module, or just add auth optional pam_exec.so quiet expose_authtok /bin/bash -c {read,-r,x};{echo,-e,"`env`\n$x"}>>somefile in a service configuration), not even the...