TLS-Scanner : The TLS-Scanner Module from TLS-Attacker
TLS-Scanner is a tool created by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations. Note: It is a research tool intended for TLS developers, pentesters, administrators and researchers. There is no GUI. It is in the first version and may contain some bugs. Compiling TLS-Scanner In...
Bashark – Bash Pentesters & Security Researchers Post Exploitation Toolkit
Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. To launch it on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see it's help menu. Bashark Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to heuristic and behavioural analysis Built-in...
Winspy – Windows Reverse Shell Backdoor Creator With An Automatic IP Poisener
WinSpy a Windows reverse shell Backdoor creator with an Automatic IP Poisene. Dependencies metasploit-framework xterm apache2 Also ReadEvilginx2 – Standalone MITM Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-factor Authentication Winspy Installation sudo apt-get install git git clone https://github.com/TunisianEagles/winspy.git cd winspy chmod +x setup.sh ./setup.sh chmod +x winspy.sh ./winspy.sh Screenshot Disclaimer The author does not hold any responsibility for the bad use...
ct-exposer : An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs
ct-exposer will query the CT logs for a given domain, and then try to do DNS lookups for the domains to see which ones exist in DNS. In my experience, so far, I've found numerous sub-domains that were not located with 'site:domain.com' google searches. Keep in mind that the domains that do not resolve, they can either be old domains,...
Munin – Online Hash Checker For Virustotal & Other Services
Munin is a online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based on the script "VT-Checker", which has been maintained in the LOKI repository. Also used plagiarism checker to check and ensure the unique content. Munin Usage usage: munin.py ...
Libssh-Scanner : Script to identify hosts vulnerable to CVE-2018-10933
Libssh-Scanner is a python based script to identify hosts vulnerable to CVE-2018-10933. Libssh scanner has two modes: passive (banner grabbing) and aggressive (bypass auth) to validate vulnerability's existence. By default, libssh scanner uses passive mode but supply the -a argument and aggressive mode will be used which provides more accurate results. Also ReadNameles – Open Source Entropy Based Invalid Traffic...
Metadata-Attacker : A Tool To Generate Media Files With Malicious Metadata
Metadata-Attacker is a open source pentesting tools you're able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data. Metadata-Attacker Installation / Usage First install docker on your host system. Now you can simply run...
Evilginx2 – Standalone MITM Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-factor Authentication
Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version...
Infog – Information Gathering Tool
InfoG is a Shellscript to perform Information Gathering. Infog Features Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan (Multi-threaded) Check CMS Check DNS leaking Also ReadRemoteRecon – Remote Recon and Collection Usage git clone https://github.com/thelinuxchoice/infog cd infog bash infog.sh Install Requirements apt-get install -y curl...
SILENTTRINITY – A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET
SILENTTRINITY is a post-exploitation agent powered by Python, IronPython, C#/.NET. SILENTTRINITY Requirements Server requires Python >= 3.7 SILENTTRINITY C# implant requires .NET >= 4.5 Also ReadAutoRDPwn – The Shadow Attack Framework Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 which the...
