SecLists : Security Tester’s Companion For Security Assessments
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing...
WAF ByPass : Firewall Bypass Script Based On DNS History Records
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters. This script will try to find: the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...an old server which still running the same...
Pompem : Tool For Exploits & Vulnerability in Database
Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability...
Trommel : Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
TROMMEL sifts through embedded device files to identify potential vulnerable indicators. It identifies the following indicators related to: Secure Shell (SSH) key filesSecure Socket Layer (SSL) key filesInternet Protocol (IP) addressesUniform Resource Locator (URL)email addressesshell scriptsweb server binariesconfiguration filesdatabase filesspecific binaries files (i.e. Dropbear, BusyBox, etc.)shared object library filesweb application scripting variables, andAndroid application package (APK) file permissions. It has also integrated vFeed which...
DCOMrade : Powershell script for enumerating vulnerable DCOM Applications
DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently supports the following Windows operating systems (both x86 and x64): Microsoft Windows 7Microsoft...
Top 10 Best Web Hacking Tools
Here is the best web hacking tools that helps you in pen-testing and protecting the websites. Burp Suite: Burp Suite is a graphical tool used for testing Web application security. It helps you identify vulnerabilities and verify attack vectors that are affecting web applications. While browsing the target application, a penetration tester can configure its internet browser to route traffic through the...
Egress Assess : Tool Used to Test Egress Data Detection Capabilities
Egress Assess is a tool used to test egress data detection capabilities. To setup, run the included setup script, or perform the following: Install pyftpdlibGenerate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the following command: openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes Also Read ...
Fibratus : Tool for Exploration & Tracing of the Windows Kernel
Fibratus is a tool which is able to capture the most of the Windows kernel activity - process/thread creation and termination, context switches, file system I/O, registry, network activity, DLL loading/unloading and much more. The kernel events can be easily streamed to a number of output sinks like AMQP message brokers, Elasticsearch clusters or standard output stream. You can use filaments (lightweight Python modules) to extend...
Kaboom : Script That Automates The Penetration Test
Kaboom is a script that automates the penetration test. It performs several tasks for each phases of pentest: Information gathering TCP scanUDP scanVulnerability assessment It tests several services:smbsshsnmpsmtpftptftpms-sqlmysqlrdphttphttpsand more...It finds the CVEs and then searchs them on exploit-db or Metasploit db.Exploitation brute force ssh Also Read : Pftriage : Python Tool & Library To Help Analyse Files During Malware Triage...
Crashcast-Exploit : Tool To Mass Play YouTube Video, Terminate Apps & Rename Chromecast Device
CRASHCAST mass-exploit tool allows you to mass play any YouTube video, remotely terminate apps, and rename Chromecast device(s) obtained from Shodan.io. Prerequisites The only thing you need installed is Python 3.x sudo apt-get install python3 You also require to have cURL installed sudo apt-get install curl You also require Shodan python module pip install shodan Also Read : SSRFmap : Automatic SSRF Fuzzer And Exploitation...
