SQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool
SQLMap v1.2.9 is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the...
Peda – Python Exploit Development Assistance for GDB
PEDA is a python exploit development assistance for GDB. Features Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development (for a full list of commands use peda help): aslr -- Show/set ASLR setting of GDB checksec -- Check for various security options of binary dumpargs --...
KisMac2 – Free Open Source Wireless Stumbling & Security Tool For Mac OS X
KisMAC2 is a free, open source wireless stumbling and security tool for Mac OS X. This project, is an active project to continue where original development of KisMac has stopped. The Trac for the original KisMac is at http://trac.kismac-ng.org Also ReadScrounger – Mobile Application Testing Toolkit What's new: Mac OS 10.9 - 10.12 (64-bit only) ARC (64-bit only) New GUI Modern Objective-c...
Java-Stager : A PoC To Download, Compile & Execute A Java File In Memory
A PoC Java-Stager which can download, compile, and execute a Java file in memory. The key parts of the talk for me are: Load a Stager onto victim (touches disk, but is a benign binary) Stager downloads raw code over HTTP (which stays in memory) Stager compiles raw code (also in memory) Stager then executes compiled code (also in memory) Also...
htrace.sh – Simple Shell Script To Debugging Http/Https Traffic Tracing
htrace.sh simple shell script to debugging http/https traffic tracing, response headers and mixed-content. Scanning domain using Nmap NSE Library. Support external security tools: Mozilla Observatory and SSL Labs API. htrace.sh is a shell script that allows you to validate your domain configuration and catch any errors (e.g. redirect loops). It also displays basic information about the ssl configuration (if...
Scrounger – Mobile Application Testing Toolkit
Scrounger is a mobile application toolkit. The word Scrounger means a person who borrows from or lives off others. There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is because it lives off mobile application's vulnerabilities. The...
Vulners-Scanner : Vulnerability Scanner Based On Vulners.com Audit API
Vulners-Scanner is a PoC host-based vulnerability scanner, which uses vulners.com API. Detects operating system, collects installed packages and checks vulnerabilities in it. It currently support collecting packages for Debian-based (debian, kali, kali) and Rhel-based (redhat, centos, fedora) operating systems. Experimental support of detecting vulnerabilities in running docker containers (only advanced script). Need to activate it changing checkDocker=False to checkDocker=True in...
theZoo – A Repository Of LIVE Malwares For Your Own Joy & Pleasure
theZoo purpose is to allow the study of malware and enable people who are interested in malware analysis to have access to live malware, analyses the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment. We recommend running them in a VM which has no internet connection (or an internal virtual...
WinPwnage – Elevate, UAC Bypass, Privilege Escalation, dll Hijack Techniques
WinPwnage meaning is to study the techniques. Techniques are found online, on different blogs and repos here on GitHub. I do not take credit for any of the findings, thanks to all the researchers. Rewrote them and ported it to Python 2.7. The code under todo folders are not tested, do not expect it to work. Techniques Implemented In WinPwnage UAC...
Nemesis – A Command Line Network Packet Crafting & Injecting Utility
The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. Nemesis Features ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP protocol support Layer 2 or Layer 3...
