gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line. Both Linux and macOS is supported, with Windows support 'partially working'. Inspiration for gowitness comes from Eyewitness. If you are looking for something with lots of extra features, be sure to check it out along with these other projects. Installation All you would need is an installation of the latest Google Chrome or Chromium and gowitness itself. gowitness can be downloaded using go get -u github.com/sensepost/gowitness or using th ..read more

The PathAuditor is a tool meant to find file access related vulnerabilities by auditing libc functions. The idea is roughly as follows: Audit every call to filesystem related libc functions performed by the binary. Check if the path used in the syscall is user-writable. In this case an unprivileged user could have replaced a directory or file with a symlink. Log all violations as potential vulnerabilities. We're using LD_PRELOAD to hook all filesystem related library calls and log any encountered violations to syslog. This is not an officially supported Google product. Example Vulnerabili ..read more

Shelly is a simple tool written using Python, which works to critique a website Instalation : $ git clone https://github.com/tegal1337/Shelly $ cd Shelly $ python3 shell.py Requirements : sudo pip install -r requirements.txt Example : python3 shell.py -g backdoor -p tegal1337 ______ ____ / __/ / ___ / / __ __ _\ \/ _ / -_/ / / // / /___/_//_\__/_/_/\_, / /___/ v.1 -------------------------- Python shell - Tegal1337 | Generate : [+] ./backdoor.py -g "nama_shell" -p "password" Connect Server : [+] ./backdoor.py -u "url_shell" -p "password" Backdoor berhasil d ..read more

Lockdoor tools contents Information Gathring Tools (21) Web Hacking Tools(15) Reverse Engineering Tools (15) Exploitation Tools (6) Pentesting & Security Assessment Findings Report Templates (6) Password Attack Tools (4) Shell Tools + Blackarch's Webshells Collection (4) Walk Throughs & Pentest Processing Helpers (3) Encryption/Decryption Tools (2) Social Engineering tools (1) All you need as Privilege Escalation scripts and exploits Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin) 09/2019 : 0.6 Information Gathring tools (13) Web Hacking Tools (9) Working on Kal ..read more

Requirements Linux sudo apt install tor sudo apt install python3-socks (optional) pip3 install --user -r requirements.txt Windows download tor expert bundle pip3 install -r requirements.txt Usage Preview Linux git clone https://github.com/mIcHyAmRaNe/okadminfinder3.git cd okadminfinder3 chmod +x okadminfinder.py python3 okadminfinder.py Windows download & extract zip cd okadminfinder3 py -3 okadminfinder.py Pentestbox (same procedure as Linux) you can add an alias by adding this line: okadminfinder=py -3 "%pentestbox_ROOT%/bin/Path/to/okadminfinder3/okadminfinder.py ..read more

A backdoor is a tool used to gain remote access to a machine. Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response. This is useful, but it is also limited. BetterBackdoor overcomes these limitations by including the ability to inject keystrokes, get screenshots, transfer files, and many other tasks. Features BetterBackdoor can create and control a backdoor. This created backdoor can: Run Command Prompt commands Run PowerShell scripts Run DuckyScripts to inject keystrokes Exfiltrate files based on extension Exfiltra ..read more

Pylane is a python vm injector with debug tools, based on gdb and ptrace. Pylane uses gdb to trace python process, inject and run some code in its python vm. Usageuse inject command to inject a python script in an process: pylane inject <PID> <YOUR_PYTHON_FILE>use shell command to inject an interactive shell: pylane shell <PID>Pylane shell features: use IPython as its interactive interface, support magic functions like ? and % support remote automatic completion provide debug toolkit functions, such as: lookup class or instance by name get source code of an object print a ..read more

Obfuscate python scripts making them password-protected using AES Encryption UsageJust execute the script, and follow the menu. InfoOnce an script is obfuscated, when running it a password asking prompt will appear, after submiting the correct password, the script will execute decrypting it's decrypted content in the memory Download Ghostfuscator ..read more

Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible. InstallationThis tool is written for python>=3. Do not use this on production environments! Ubuntu On a fresh updated Ubuntu. apt update apt install -y python3.6 python3-pip git nmap git clone --recurse-submodules https://github.com/aas-n/spraykatz.git cd spraykatz pip3 install -r requirements.txt Using SpraykatzA quick sta ..read more

Extracting metadata and hardcoded Indicators of Compromise from ransomware, in a scalable, efficient, way with cuckoo integrations. Ideally, is it run during cuckoo dynamic analysis, but can also be used for static analysis on large collections of ransomware. Designed to be fast, with low false positive for cryptocurrency addresses. Limited false positives for emails, urls, onions, and domains (which is pretty hard to make perfect). In short, this is fast and easy initial triage if you only want monetisation vectors. Installation instructionsPlease ensure you have Python3 installed. In a Li ..read more