OWASP Passfault – Evaluates Passwords and Enforces Password Policy

pass fault

OWASP Passfault evaluates passwords and enforces password policy in a completely different way. Running the Command-line Interface: install java 8 jdk cd core ../gradlew installDist run build/install/core/bin/core Running the jsonWebService: cd jsonService ../gradlew build jettyRunWar browse to localhost:8080/jsonService Note the war will be located in jsonService/build/lib/passfault-jsonService-[version].war Running in Docker: Pull the Passfault image: docker pull … Read more



iptodomain This tool was created by¬†Juan Esteban Valencia Pantoja it extracts domains information from IP address based in the information saved in virustotal. Description: This tool allows you to extract domains from a IP range, using the historic information archived in Virustotal(using API key). It is usefull if you want to know what domains are … Read more

Insanity-Framework a Tool To Generate Payloads and Control Remote Machines


Insanity-Framework to Generate Payloads and Control Remote Machines. Insanity-Framework ** VERSION 1.6 RELEASED !!! ** * Copyright 2017 Insanity Framework (IF) Written by: * Alisson Moretto – 4w4k3 Special Thanks to Thomas Perkins – Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has … Read more

Fluxion – The Future of MITM WPA attacks WiFi Hacking Tool

WiFi Hacking Tool

Fluxion is the future of MITM WPA attacks Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible … Read more

Pupy – Open Source Cross Platform Python Remote Access Tool

Puppy Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from … Read more

Onionmx – Onion Mail Delivery: So Delicious!


Onionmx -Onion Mail Delivery: So Delicious! Download Onionmx Credits: ehloonion Onion mail delivery: so delicious! Why deliver mail over Tor? Even if you use TLS for your connections they are opportunistic. Even if you use OpenPGP for your connections, it is relatively easy for someone passively monitoring email traffic to correlate interesting metadata: who is … Read more

Dr0p1t-Framework – Dropper that bypass most AVs


Dr0p1t-Framework Dr0p1t-Framework A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks ūüėČ Credits: D4Vinci – https://github.com/D4Vinci/ Installation & run server On Linux and Windows it’s the same after installing Dr0p1t by doing the steps mentioned above, install modules in server_requirements.txt by using pip like : python -m pip … Read more



wifijammer Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting. Requires: python 2.7, python-scapy, a wireless card … Read more

Facebrok – Social Engineering Tool Oriented to facebook


ABOUT Download Facebrok Credits: PowerScript facebrok is a social tool for exploiting social network accounts facebook, this platform brings together various Templates explotacion credentials for specific objectives. SF: http://sourceforge.net/projects/facebrok/ http://cave-rt.blogspot.co.uk/2015/06/como-instalar-y-usar-facebrok-project.html REQUIREMENTS PHP MYSQL INSTALLATION Extract the facebrok[Vs{LastVersion}].rar Upload files to server Install. Features tIME lINE |————————————————————->End-Time |-> News Vs 1.9 – 2016-10-12 |-> * New … Read more

PytheM – Multi-purpose pentest framework


PytheM – Penetration Testing Framework v0.6.6 Credits: m4n3dw0lf Download PytheM PytheM is a python multi-purpose pentest framework. It has been developed in the hope that it will be useful and I don’t take responsibility for any misapplication of it. Only runs on GNU/Linux OS. Examples ARP spoofing – Man-in-the-middle pythem> set interface [+] Enter the … Read more

Davscan – A Tool That Fingerprints servers, finds exploits, scans WebDAV


DAVScan Credits: Graph-X [sociallocker id=”968″]Download Davscan[/sociallocker] DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities. The scanner attempts to fingerprint the target server and … Read more

TheFatRat Tutorial – Generate Undetectable Payload FUD, Bypass Anti-Virus, Gain Remote Access


In this tutorial I will show you how to use TheFatRat to generate a Undetectable payload (FUD) to gain remote access to a Windows Operating System. What is TheFatRat ?. TheFatRat is a easy tool to generate backdoor’s with msfvenom (a part from metasploit framework) and easy post exploitation attack. This tool compiles a malware … Read more

Smith – Client/Server Style Agent For Testing Network Connectivity


smith Credits: jidir (Leave him a star on Github) Download Smith¬† A client/server style agent meant for testing connectivity to and from a machine on a network. Installation python setup.py install or pip install . should install smith. Note: If you want to use the tcp/udp protocol options, you’ll need to install scapy and it’s … Read more

Snoopy Tutorial – Finding Previously Connected SSID’S of a Device


Wireless Networks can leak a treasure trove of information. In this tutorial we will use Snoopy to find various Wireless Access Points and Access points a device is probing for this can help us determine the name to call our malicious SSID for a evil twin network. When a device is probing for Wireless Access … Read more

Java Deserialization Scanner


All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities Download Java-Deserialization-Scanner Credits: federicodotta Java Deserialization Scanner Java Deserialization Scanner is a Burp Suite plugin aimed at detect and exploit Java deserialization vulnerabilities. It was written by Federico Dotta, a Security Expert at @ Mediaservice.net. The plugin is made up … Read more



Portspoof Effective defense against port scanners Short description: Art of Annoyance The Portspoof program primary goal is to enhance OS security through a set of few techniques: 1. All TCP ports are always open Instead of informing an attacker that a particular port is CLOSED or FILTERED a system with Portspoof will return SYN+ACK for … Read more

Takeover.sh – Wipe and reinstall a running Linux system via SSH, without rebooting.

ssh dont tell anyone its free

Wipe and reinstall a running Linux distro via SSH, without rebooting.¬† Takeover.sh A script to completely take over a running Linux distro¬†(system) remotely, allowing you to log into an in-memory rescue environment, unmount the original root filesystem, and do anything you want, all without rebooting. Replace one distro with another without touching a physical console. … Read more