JavaRockstar 
Rollmac (Credits: violentshell) Free networks often impose either a time or data restriction and this can be used quickly. When this happens you can change your mac address and reconnect, but this is annoying, and it takes time. In addition, most networks will ask you to re-accept the terms and conditions of the network in … Read more
Welcome back today we will be talking about Remote Access of machines running on Linux Operating Systems. Why would someone want to Target a system running on Linux? Over 60% of all web servers around the world are running variations of Linux and a lot of personal Computers & Smart Phones. Let us just say … Read more
Welcome back today we will talk about Injecting some malicious XSS code into a Image. We will be using Kali Linux for this tutorial however you can use an operating system of your choice. We recommend using Linux. If you don’t already have Linux you can download Kali Linux from here. Cross Site Scripting is … Read more
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns. [Live Project – Python3.6] https://github.com/v3n0m-Scanner/V3n0M-Scanner V3n0M is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the … Read more
The Arch Linux based distro that runs upon any Linux distros without root access. JuNest (Jailed User NEST) is a lightweight Arch Linux based distribution that allows to have an isolated GNU/Linux environment inside any generic host GNU/Linux OS and without the need to have root privileges for installing packages. JuNest contains mainly the package … Read more
WAFNinja is a tool which contains two functions to attack Web Application Firewalls. WAFNinja – Penetration testers favorite for WAF Bypassing WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to … Read more
The Botdr4g0n is a security tool for DDOS attacks on SSH BOT management for distributed attacks. SSH Botnet SSH Botnet How to Install python 2.7 git clone https://github.com/mh4x0f/botdr4g0n.git cd botdr4g0n python setup.py install root@local:~# botdr4g0n _ _ _ _ _ ___ | |__ ___ | |_ __| |_ __| || | __ _ / _ … Read more
Clickbait Detector Detects clickbait headlines using deep learning. If you like this software please consider leaving the author a star on github. Find the Chrome Extension here ( built by rahulkapoor90 ) Requirements Python 2.7.12 Keras 1.2.1 Tensorflow 0.12.1 Numpy 1.11.1 NLTK 3.2.1 Getting Started Install a virtualenv in the project directory virtualenv venv Activate … Read more
WebRTC (Web Real-Time Communication) is a collection of communications protocols and application programming interfaces that enable real-time communication over peer-to-peer connections. This allows web browsers to not only request resources from backend servers, but also real-time information from browsers of other users. This enables applications such as video conferencing, file transfer, chat, or desktop … Read more
Brute-force (dictionary attack, jk) attack that supports multiple protocols and services http://ex0dus-0x.github.io Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and services (including Twitter, Facebook, … Read more
This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements. Wifi-Dumper This is an open source tool to dump the … Read more
Man in the middle Proxy is An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers http://mitmproxy.org. Documentation & Help: General information, tutorials, and precompiled binaries can be found on the mitmproxy and pathod websites. http://mitmproxy.org DOWNLOAD MITMPROXY Credits: mitmproxy.org
OWASP Passfault evaluates passwords and enforces password policy in a completely different way. Running the Command-line Interface: install java 8 jdk cd core ../gradlew installDist run build/install/core/bin/core Running the jsonWebService: cd jsonService ../gradlew build jettyRunWar browse to localhost:8080/jsonService Note the war will be located in jsonService/build/lib/passfault-jsonService-[version].war Running in Docker: Pull the Passfault image: docker pull … Read more
iptodomain This tool was created by Juan Esteban Valencia Pantoja it extracts domains information from IP address based in the information saved in virustotal. Description: This tool allows you to extract domains from a IP range, using the historic information archived in Virustotal(using API key). It is usefull if you want to know what domains are … Read more
Have you recently bought a new Android Smartphone? there is a chance that it could be infected with malware. A study by Check Point has found 36 high end smartphones of popular branding such as Samsung, LG, Xiamoni, Nexus, Oppo, Lenovo and Asus where the most infected devices being sold worldwide by two unidentified companies … Read more
Insanity-Framework to Generate Payloads and Control Remote Machines. Insanity-Framework ** VERSION 1.6 RELEASED !!! ** * Copyright 2017 Insanity Framework (IF) Written by: * Alisson Moretto – 4w4k3 Special Thanks to Thomas Perkins – Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has … Read more
Fluxion is the future of MITM WPA attacks Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible … Read more
Google Security Team’s researchers Jan Bee and Jason Geffner have discovered an easy-to-exploit, but a critical vulnerability in ESET’s anti-virus software (ESET endpoint Antivirus 6) which allows hackers to remotely execute an arbitrary code with root privileges on a Mac system. The researchers found this vulnerability at the beginning of November 2016 and are tracked … Read more
Uber Technologies Inc. Uber is an online transportation network company headquartered in San Francisco, California, with operations in 528 cities worldwide. So, what happens if someone finds a way to ride for free in Uber, it will make a loss. Recently, an Indian Security researcher named Anand Prakash discovered a bug in August last received … Read more
Puppy Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from … Read more