Habu: Network Hacking Toolkit I’m developing Habu to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the source … Read more
BlackOrphan is a tool built with Bash/nodeJs mainly for gaining a remote shell access to a Linux Box BlackOrphan is a tool built with Bash/nodejs mainly for gaining a remote shell access to a linux BoX USAGE clone this repo git clone https://github.com/zombieleet/BlackOrphan.git run blackorphan from the command line ./BlackOrphan1.0 ============================== 1. Create a server … Read more
DPS & SandBox & AntiVirus STEALTH KILLER. MorphAES is the world’s first polymorphic shellcode engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it’s cross-platform as well and library-independent. Properties: Polymorphism (AES encryption) Metamorphism (logic and constants changing) Platform independent (Linux/BSD/Windows) IDPS stealthing (the total number of possible … Read more
Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3, and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with a wireless adapter that supports Monitor Mode. A … Read more
##Infernal-Wireless v2.6Release 2.6.11 ##Features added and improved: Menu to retrieve logs are added ##Infernal-Wireless v2.6 Release 2.6.10 ##Features added and improved: Added BeeF XSS framework Integration Added HTTP Traffic View within tool Improved Infenral Wireless Attack Visual View of some of the panel improved Improved Basic Authentication during Social engineering assessment over wireless network Infernal-Wireless … Read more
Finds and tracks wifi devices through raw 802.11 monitoring. PyPI page: https://pypi.python.org/pypi/trackerjacker Install pip3 install trackerjacker Usage Find detailed usage like this: trackerjacker -h There are 2 major usage modes for trackerjacker: map mode and track mode: Map mode example Map mode is used to find the Access Points and Devices within the range. Think … Read more
CloakifyFactory & the Cloakify Toolset – Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your … Read more
payloads Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Credits: foospidy Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb – https://github.com/fuzzdb-project/fuzzdb SecLists – https://github.com/danielmiessler/SecLists xsuperbug – https://github.com/xsuperbug/payloads NickSanzotta – https://github.com/NickSanzotta 7ioSecurity – https://github.com/7ioSecurity/XSS-Payloads shadsidd – https://github.com/shadsidd xmendez – https://github.com/xmendez/wfuzz … Read more
PowerStager: This script creates an executable stager that downloads a selected powershell payload. Contact Author: z0noxz Source: https://github.com/z0noxz/powerstager Email: z0noxz@mail.com Description This script creates an executable stager that downloads a selected powershell payload, loads it into memory and executes it using obfuscated EC methods. The script will also encrypt the stager for dynamic signatures and … Read more
A keylogging script that can be injected into websites vulnerable to cross-site scripting. The script tracks user keypresses by concatenating each keypress into a string that is POSTed to a server. The script can be found in file keylogscript.html and can be tested on file captainslog.html. The POST request is currently commented out, but if … Read more
Phishery – SSL Enabled Basic Auth Credential Harvester with a Word Document Template An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector The power of Phishery is best demonstrated by setting a Word document’s template to a Phishery URL. This causes Microsoft Word to make a request to the URL, … Read more
Bluetooth scanner for local devices that may be vulnerable to Blueborne exploit VPN Gate auto-grabber Greetz shouts to sh3llg0d, an0n_l1t3, daemochi, akatz!!!! Overview Bluetooth scanner for blueborne-vulnerable devices, Android only for the moment Quickstart git clone https://github.com/hook-s3c/blueborne-scanner.git cd blueborne-scanner sudo chmod +x ./bluebornescan.py pip install -r ./requirements.txt ./bluebornescan.py Breakdown Scans for local bluetooth devices Looks … Read more
ONIOFF – Onion URL Inspector A simple tool – written in pure python – for inspecting Deep Web URLs (or onions). It takes specified onion links and returns their current status along with the site’s title. Compatible with Python 2.6 & 2.7. Author: Nikolaos Kamarinakis (nikolaskama.me) Installation You can download ONIOFF by cloning the Git … Read more
Droid Hunter – Android application vulnerability analysis pentest tool Droid Hunter Android application vulnerability analysis and Android pentest tool .—. .———– / \ __ / —— / / \( )/ —– ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ‘ \/ ` — ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : — ═╩╝╩╚═╚═╝╩═╩╝ ╩ … Read more
What is QRLJacking? QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session … Read more
HERCULES is a customizable payload generator that can bypass anti-virus software. HackingVision installation tips: HERCULES is programmed in Go if your using Go for the first time you will need to set a GOPATH you can do this by using the following commands. export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin You can add default GOPATH to ~/.bashrc to … Read more
#micetrap ___ .-| | |_/,| (\ { | | |o o |__ _) ) “-.|___| _.( T ) / .–‘–. _((_^–‘ /< .+|_|.-||)`-‘(((/ (((/Catch hackers on the fly with micetrap! Micetrap opens a server on either a given or random port, emulating fake vulnerable services. Port scanners such as Nmap, when fingerprinting ports to discover … Read more
Ruby on Rails Phishing Framework Documentation & Info Relevant up to date documentation can be found on the official Phishing Frenzy website located below Phishing Frenzy Website Please submit any tickets or issues to the github issues page Phishing Frenzy Tickets To contact us directly plese use the official Phishing Frenzy website Phishing Frenzy Website … Read more
Gophish: Open-Source Phishing Toolkit Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Current Status Update 2/19/2017 Gophish version 0.2.1 binaries will be released soon! I am just fixing a few final bugs and then … Read more
mitmAP – A python program to create a fake AP and sniff data. _ _ ___ ______ (_) | / _ \ | ___ \ _ __ ___ _| |_ _ __ ___ / /_\ \| |_/ / | ‘_ ` _ \| | __| ‘_ ` _ \| _ || __/ | | | … Read more