CommandoVM : A Fully Customizable Windows-Based Pentesting Virtual Machine Distribution
Welcome to CommandoVM a fully customizable, Windows-based security distribution for penetration testing and red teaming. Installation Requirements Windows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAM Recommended Windows 1080+ GB Hard Drive4+ GB RAM2 network adaptersEnable Virtualization support for VMREQUIRED FOR KALI OR DOCKER Instructions Standard Install Create and configure a new Windows Virtual Machine Ensure VM is updated completely. You may have...
Skadi : Collect, Process & Hunt With Host Based Data From MacOS, Windows & Linux
Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines. It scales to work effectively on laptops, desktops, servers, the cloud, and can be installed on top of hardened / gold disk images. This portal allows easy access to...
KRF : A Kernelspace Randomized Faulter
KRF is a Kernelspace Randomized Faulter. It currently supports the Linux and FreeBSD kernels. Fault injection is a software testing technique that involves inducing failures ("faults") in the functions called by a program. If the callee has failed to perform proper error checking and handling, these faults can result in unreliable application behavior or exploitable vulnerabilities. Unlike the many userspace fault...
SET : The Social-Engineer Toolkit Repository From TrustedSec
The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. It is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio. Installation LinuxMac OS X (experimental) Also Read - Memguard : Secure Software Enclave For...
GrapheneX : Automated System Hardening Framework
GrapheneX is an automated system hardening framework. Although the current technology tries to design systems as safe as possible, security flaws and situations that can lead to vulnerabilities caused by unconscious use and missing configurations still exist. The user must be knowledgeable about the technical side of system architecture and should be aware of the importance of securing his/her...
XSpear : Powerfull XSS Scanning & Parameter Analysis
XSpear is XSS Scanner on ruby gems. Key Features Pattern matching based XSS scanningDetect alert confirm prompt event on headless browser (with Selenium)Testing request/response for XSS protection bypass and reflected params Reflected ParamsFiltered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)Dynamic/Static Analysis Find SQL Error patternAnalysis Security...
Theo : Ethereum Recon And Exploitation Tool
Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features Automatic smart contract scanning which generates a list of possible exploits.Sending transactions to exploit a smart contract.Transaction pool monitor.Web3 consoleFrontrunning and backrunning transactions.Waiting for a list of transactions and sending out others.Estimating gas for transactions means only successful transactions are sent.Disabling gas estimation will send transactions...
AutoRecon : Multi Threaded Network Reconnaissance Tool
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans / service detection scans. From those initial results, the tool will launch further...
WiFiBroot : A WiFi Pentest Cracking tool for WPA/WPA2
WiFiBroot is a WiFi-Penetest-Cracking tool for WPA/WPA2 (Handshake, PMKID, Offline Cracking, EAPOLS, Deauthentication Attack). It is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireless...
Memguard : Secure Software Enclave For Storage Of Sensitive Information In Memory
MemGuard secure software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go. Features Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.Memory allocation bypasses the language runtime...
