hacking tools

Let’s start with a comparison between one thing and another, typically for the purpose of explanation or clarification. A bricklayer with many years of experience goes to a land to perform a job. He knows the tools at his disposal. When he needs to dig the ground to make foundation, for example...

1. SORM - official wiretapping The most obvious way is official wiretapping by the state. In many parts of the world, telephone companies are required to provide access to wiretapping lines for the competent authorities. For example, in Russia, in practice, this is done technically through SORM...

Ditto - A Tool For IDN Homograph Attacks And Detection Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡitter.com/...

Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and...

Satellite - Easy-To-Use Payload Hosting Satellite is an web payload hosting service which filters requests to ensure the correct target is getting a payload. This can also be a useful service for hosting files that should be only accessed in very specific circumstances. Quickstart Guide...

Web Brutator Fast Modular Web Interfaces Bruteforcer ? Install python3 -m pip install -r requirements.txt ⏩ Usage $ python3 web-brutator.py -h __ __ . _______ __ __ / \ / \ __\_ | \______ \_______ __ / |___ / |...

WSuspicious Summary This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day | GoSecure It was inspired from the WSuspect proxy project...

Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding. It gives access to the local networks, you can use the targets as a HTTP proxy and access...

PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell...

Weapons OS Type Name Description All Analysis RMS-Runtime-Mobile-Security Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime All Analysis scrounger Mobile application testing toolkit All Proxy BurpSuite The...

man in the middle (mitm) server for security audits supporting public key authentication, session hijacking and file manipulation Redirect/mirror Shell to another ssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy...

The attacker was engaged in extortion, blocking the operation of computer systems using malware. The Uraisk City Court of the Khanty-Mansiysk Autonomous Okrug-Ugra sentenced a Russian citizen who engaged in cyber fraud on the territory of the Republic of Belarus to two years in prison...

ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you in your OSINT investigation on Proton service (for educational purposes only). ProtOSINT is separated in 3 sub-modules: [1] Test the validity of one...

ᴄᴏɴɴᴇᴄᴛ ʏᴏᴜʀ ᴠᴘɴ ᴛᴏ ᴛʜᴇ ᴜs ᴜᴜ. ᴏᴘᴇɴ ᴛʜᴇ ᴡᴇʙsɪᴛᴇ Twilio - Communication APIs for SMS, Voice, Video and Authentication ɪɴ ʏᴏᴜʀ ʙʀᴏᴡsᴇʀ. ᴄʟɪᴄᴋ ᴏɴ "ɢᴇᴛ ᴀ ғʀᴇᴇ ᴀᴘɪ ᴋᴇʏ". ʀᴇɢɪsᴛᴇʀ ᴜsɪɴɢ ғᴀʟsᴇ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ғʀᴏᴍ ᴛʜᴇ ᴜsᴀ. ᴜᴜ. ғʀᴏᴍ ʜᴇʀᴇ ( Get a whole new identity at the Fake Name Generator )ғᴏʀ ᴇᴍᴀɪʟ ᴅᴏ...

sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine. Resources Usage Installation From Binary From source From github Post Installtion Contribution Usage To display help message for sigurls use the -h flag: $...

Installation The operating system must have python3, python3.7 or higher is recommended Installation dependency pip3 install -r requirements.txt Linux & MacOS & Windows python3 vulmap.py -u http://example.com Options optional arguments: -h, --help show this help message and exit -u URL...

A small contribution to community :) We use all these tools in security assessments and in our vulnerability monitoring service Check your domain for DNS NS takeover (Repo) Cache Poisoning (Repo) XSS via Meta tags (exploitable with cache poisoning) (Repo) CORS misconfiguration on pages...

UhOh365 A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a...

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources...

XSS Scanner Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS...