BoomER : Framework For Exploiting Local Vulnerabilities
BoomER is an open source framework, developed in Python. The tool is focused on post-exploitation, with a main objective, the detection and exploitation of local vulnerabilities, as well as the collection of information from a system, such as the installed applications they have. The framework allows the extension by third parties, through the development of modules, for...
Sliver : Implant Framework
Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant all support MacOS, Windows, and Linux (and possibly every Golang compiler target but we've...
MozDef: Mozilla Enterprise Defense Platform
The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information...
URLextractor : Information Gathering & Website Reconnaissance
URLextractor is a tool for Information Gathering & Website Reconnaissance. Following are some of the features of this tool; IP and hosting info like city and country (using FreegeoIP)DNS servers (using dig)ASN, Network range, ISP name (using RISwhois)Load balancer testWhois for abuse mail (using Spamcop)PAC (Proxy Auto Configuration) fileCompares hashes to diff coderobots.txt (recursively looking for hidden stuff)Source code (looking for passwords and users)External...
BackBox : Tool To Perform Penetration Tests & Security Assessments
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. ...
GhostSquadHackers – Encrypt/Encode Your Javascript Code
GhostSquadHackers is a tool used to Encrypt/Encode your Javascript payloads/code in Windows Scripting. Following are couple of features for this code; Number CalculatingASCII codesCaeser-EncryptionHex EncodingOctal encodingBinary EncryptRandom Octal QuotesAdd trash to codeUrl Encode Also Read - SeccuBus : Easy Automated Vulnerability Scanning, Reporting & Analysis Credit: Necronomikon Download
DNSlivery : Easy Files & Payloads Delivery Over DNS
DNSlivery allows to deliver files to a target using DNS as the transport protocol. Following are the features; allows to print, execute or save files to the targetdoes not require any client on the targetdoes not require a full-fledged DNS server What problem are you trying to solve? Easily deliver files and/or payloads to a compromised target where classic web delivery is...
Seth : Perform A MitM Attack & Extract Clear Text Credentials From RDP Connections
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. The author is Adrian Vollmer (SySS GmbH). Usage Run it...
RDPScan : A Quick Scanner For “BlueKeep” Vulnerability
RDPScan is a quick-and-dirty scanner for the CVE-2019-0708 vulnerability in Microsoft Remote Desktop. Right now, there are about 900,000 machines on the public Internet vulnerable to this vulnerability, so many are to expect a worm soon like WannaCry and notPetya. Therefore, scan your networks and patch (or at least, enable NLA) on vulnerable systems. This is a command-line tool....
Konan – Advanced Web Application Dir Scanner
Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Installation Download it by cloning the Git repository: git clone https://github.com/m4ll0k/Konan.git konan Install requirements with pip cd konan && pip install -r requirements.txt Run python konan.py Support Platforms LinuxWindowsMacOSX Also Read - KaliTorify : Transparent Proxy Through Tor For Kali Linux OS Features FeaturesTooldirsearchdirbgobusterMultiThreadedyesyesyesyesMultiple ExtensionsyesyesnonoHTTP Proxy SupportyesyesyesyesReportingyes (text and json)yes (text and json)yes...
