CyberChef – A web App For Encryption, Encoding, Compression & Data Analysis
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The...
Pwned – A Command-Line Tool For Querying The ‘Have I been Pwned?’ Service
A command-line tool for querying Troy Hunt's Have I been pwned ? service using the hibp Node.js module. Pwned Installation Download and install Node.js, then install pwned globally using npm: npm install pwned -g Alternatively, you can run it on-demand using the npx package runner: npx pwned How To Ue ? pwned <command> Commands: pwned ba <account|email> get all breaches for...
Droidefense – Advance Android Malware Analysis Framework
Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy'...
Phishing Frenzy – Ruby on Rails Phishing Framework
Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. Also ReadCangibrina – A Fast & Powerfull Dashboard (admin) Finder Installing Phishing Frenzy on Kali Linux Clone Repo Clone the Phishing Frenzy...
HashPump – Tool To Exploit Hash Length Extension Attack In Various Hashing Algorithms
HashPump is a tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512. Menu $ hashpump -h HashPump HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack. -h --help ...
Wildpwn – Tool Used For Unix Wildcard Attacks
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks. It’s considered a fairly old-skool attack vector, but it still works quite often. Wildpwn Usage It goes something like this: usage: wildpwn.py payload folder Tool to generate unix wildcard attacks positional arguments: payload Payload to use: (combined | tar | rsync) folder...
BurpSuite Extension Ruby : Template to speed up building a Burp Extension using Ruby
Due the lake of examples and implementations of BurpSuite Extension Ruby, we have decided to make it easy for all rubyists to have a confident and quick start to build useful extension for InfoSec community. This repository is a collection of templates of Burp Suite Extensions, focusing on Burp suite API functionalities and simplifying Java language consuming through JRuby. Here, we're...
SVScanner – Scanner Vulnerability And MaSsive Exploit
SVScanner is a tool for scanning and massive exploits. Our tools target several open source cms. Requirements PHP 7 (version and up) Install Modules PHP : php-cli & php-curl for linux Also ReadHershell – Simple TCP Reverse Shell Which Can Work On Multiple Systems SVScanner Installation Linux git clone https://github.com/radenvodka/SVScanner.git cd SVScanner php svscanner.php Windows Download Xampp (PHP7) Download SVScanner : https://github.com/radenvodka/SVScanner/releases and open with cmd php svscanner.php Disclamier Modifications, changes, or...
MobSF – Mobile Security Framework Is An Automated All-In-One Mobile Application
Mobile Security Framework or MobSF is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. It can do dynamic application testing at...
Burpsuite Extensions – A collection of Burp Suite extensions
A collection of BurpSuite extensions. Burpsuite Extensions gunziper A plugin for the burpsuite (https://portswigger.net/burp/) which enables you to "unpack" requests/responses (e.g. do an base64decode and afterwards a java deserialisation) Deserialisation is done with xstream (http://x-stream.github.io/index.html) and kxml2 (https://sourceforge.net/projects/kxml/files/kxml2/2.3.0/) the possibility to gather e.g. a CSRF token from responses and automatically insert it in any request (without the need to do an...
