InstantBox : Get a Clean, Ready-To-Go Linux Box in Seconds
InstantBox is a project that spins up temporary Linux systems with instant webshell access from any browser. What can it do? provides a clean Linux environment for a presentationlet students experience the charm of Linux at your school or your next LUG meetrun with an inspiration in a clean environmentmanage servers from any deviceexperiment with an open source projecttest software...
Pepe : Collect Information About Email Addresses From Pastebin
Pepe is a tool to collect information about email addresses from Pastebin. Script parses Pastebin email:password dumps and gather information about each email address. It supports Google, Trumail, Pipl, FullContact and HaveIBeenPwned. Moreover, it allows you to send an informational mail to person about his leaked password, at the end every information lands in Elasticsearch for further exploration. It supports...
W12Scan : A Simple Asset Discovery Engine for Cybersecurity
W12Scan is a network asset discovery engine that can automatically aggregates related assets for analysis and use. W12scan is also my graduation design. :) Here is a web source program,but the scanning end is at w12scan-client Also Read - GodOfWar : Malicious Java WAR Builder With Built-In Payloads Thinking Based on python3 + django + elasticsearch + redis and use the...
TeleKiller : A Tools Session Hijacking And Stealer Local Passcode Telegram Windows
TeleKiller is a Tools Session Hijacking And Stealer Local passcode Telegram Windows and following are the features of the same. Session Hijacking Stealer Local Passcode Keylogger Shell Bypass 2 Step Verification Bypass Av (Coming Soon) Also Read - GodOfWar : Malicious Java WAR Builder With Built-In Payloads Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.gitcd TeleKillerpip install -r requirements.txtpython TeleKiller.py Dependency...
PwnedOrNot : OSINT Tool to Find Passwords for Compromised Email Addresses
PwnedOrNot is a OSINT tool to find passwords for compromised email addresses. pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam Status And with all this...
0d1n : Web Security Tool to Make Fuzzing at HTTP/S
0d1n is a tool for automating customized attacks against web applications. Let us have a look on the features the Web Security Tool Supports. brute force login and passwords in auth formsdirectory disclosure ( use PATH list to brute, and find HTTP status code )test to find SQL Injection and XSS vulnerabilitiesOptions to load ANTI-CSRF token each requestOptions to use...
CredsLeaker : Display a Powershell Credentials Box
CredsLeaker script is used to display a powershell credentials box asked the user for credentials. However, That was highly noticeable. Now it's time to utilize Windows Security popup! As before, The box cannot be closed (only by killing the process) will keeps checking the credentials against the DC. When validated, it will close and leak it to a web server outside. Also...
XSStrike : Most Advanced XSS Scanner
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis...
GodOfWar : Malicious Java WAR Builder With Built-In Payloads
GodOfWar is a command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Also Read - MySQL Magic: Dump MySQL Client Password From Memory Installation $ gem install godofwar Usage $...
QRLJacking : A New Social Engineering Attack Vector
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. Also Read - MySQL Magic: Dump MySQL...
