WiFi Passview : An Open Source Batch Script Based WiFi Passview For Windows
WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview. Disclaimer: WiFi Passview is NOT designed for malicious use! Please use this program responsibly! How...
DNSFookup : DNS Rebinding Toolkit
DnsFookup is a DNS Rebinding freamwork containing: a dns server obviouslyweb api to create new subdomains and control the dns server, view logs, stuff like thatshitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... (at least it tries to) You can...
BadBlood : Microsoft Active Directory Domain With A Structure
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to...
Xencrypt : A PowerShell Script Anti-Virus Evasion Tool
Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and ...
Subfinder : A Subdomain Discovery Tool To Find Valid Websites Subdomains
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. It is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have designed it to comply with all passive sources...
IoTGoat : A Deliberately Insecure Firmware Based On OpenWrt
The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project. To get started with developing IoTGoat challenges, review the Build Environment Guidance page....
Polyshell : A Bash/Batch/PowerShell Polyglot
PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell. This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payloads. It is also specifically designed to be deliverable via input injection using a USB Rubby Ducky, MalDuino, or similar...
Extended SSRF Search : Smart SSRF Scanner Using Different Methods
This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters). Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp collaborator. Then you can add your urls to config/url-to-test.txt. Here the script accepts domains...
Mouse : iOS & macOS Post-Exploitation Framework
Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse Payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more. Getting...
MultiJuicer : Run Capture Flags & Security Trainings With OWASP Juice Shop
MultiJuicer is a tool used to run capture the flags and security trainings with OWASP juice shop . Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn't intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but...
