Vaf – Very Advanced (Web) Fuzzer
very advanced fuzzer compiling Install nim from nim-lang.org Run nimble build A vaf.exe file will be created in your directory ready to be used using vaf using vaf is simple, here’s the current help...
Tagged: ethical hacking
Invoke-Stealth – Simple And Powerful PowerShell Script Obfuscator
Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately,...
MeterPwrShell – Automated Tool That Generate The Perfect Powershell Payload
Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT...
M365_Groups_Enum – Enumerate Microsoft 365 Groups In A Tenant With Their Metadata
The all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility: public or private description email address owners members Teams enabled? SharePoint URL (e.g. for...
PwnLnX – An Advanced Multi-Threaded, Multi-Client Python Reverse Shell For Hacking Linux Systems
An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There’s still more work to do so feel free to help out with the development. Disclaimer: This reverse shell should only be used...
Fav-Up – IP Lookup By Favicon Using Shodan
Lookups for real IP starting from the favicon icon and using Shodan. Installation pip3 install -r requirements.txt Shodan API key (not the free one) Usage CLI First define how you pass the API key:...
Profil3r – OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a...
Cook – A Customizable Wordlist And Password Generator
Easily create permutations and combinations of words with predefined sets of extensions, words and patterns/function. You can use this tool to easily create complex endpoints and passwords. Customizing tool according to your unique secrets...
Tscopy – Tool to parse the NTFS $MFT file to locate and copy specific files
Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they...
Posta – Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites...
OverRide – Binary Exploitation And Reverse-Engineering (From Assembly Into C)
Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag – password for next level README.md – how to find password source.c – the...
SlackPirate – Slack Enumeration And Extraction Tool – Extract Sensitive Information From A Slack Workspace
This is a tool developed in Python which uses the native Slack APIs to extract ‘interesting’ information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million...
IPCDump – Tool For Tracing Interprocess Communication (IPC) On Linux
Announcement post ipcdump is a tool for tracing interprocess communication (IPC) on Linux. It covers most of the common IPC mechanisms — pipes, fifos, signals, unix sockets, loopback-based networking, and pseudoterminals. It’s a useful...
CrossLinked – LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization. This technique provides accurate results without the use of API keys, credentials, or even...
Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the...
Kubesploit – A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g). Our Motivation While...
