TwitWork : Monitor Twitter Stream 2020
TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one (or more) keywords or on an @ based on twitter tracking. Demo This is a demo of export data on keyword "Coronavirius" Requirements NodeJsNpmTwitter api key Also Read - WiFi Passview : An Open Source Batch Script...
XCTR Hacking Tools 2020
XCTR Hacking Tools initially, you need to create a project where you will save everything. All of the collected information is saved as "project-name" in results directory. You can update user agent and proxy information in the settings section and also update url, proxy, project name, wordlist, thread numbers. Features This tool include: Dork FinderAdmin Panel FinderCms FinderIp...
WiFi Passview : An Open Source Batch Script Based WiFi Passview For Windows
WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview. Disclaimer: WiFi Passview is NOT designed for malicious use! Please use this program responsibly! How...
DNSFookup : DNS Rebinding Toolkit
DnsFookup is a DNS Rebinding freamwork containing: a dns server obviouslyweb api to create new subdomains and control the dns server, view logs, stuff like thatshitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... (at least it tries to) You can...
BadBlood : Microsoft Active Directory Domain With A Structure
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to...
Xencrypt : A PowerShell Script Anti-Virus Evasion Tool
Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and ...
Subfinder : A Subdomain Discovery Tool To Find Valid Websites Subdomains
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. It is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have designed it to comply with all passive sources...
IoTGoat : A Deliberately Insecure Firmware Based On OpenWrt
The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project. To get started with developing IoTGoat challenges, review the Build Environment Guidance page....
Polyshell : A Bash/Batch/PowerShell Polyglot
PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell. This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payloads. It is also specifically designed to be deliverable via input injection using a USB Rubby Ducky, MalDuino, or similar...
Extended SSRF Search : Smart SSRF Scanner Using Different Methods
This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters). Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp collaborator. Then you can add your urls to config/url-to-test.txt. Here the script accepts domains...
