Miteru is an experimental phishing kit detection tool.
How it works
It collects phishy URLs from the following feeds:
CertStream-Suspicious feed via urlscan.io
OpenPhish feed via urlscan.io
PhishTank feed via urlscan.io
Ayashige feed
It checks each phishy URL whether it enables directory...
Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms...
Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because...
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...
Just the code of my OSINT bot searching for sensitive data leaks on different paste sites.
Search terms:
credentials
private RSA keys
Wordpress configuration files
MySQL connect strings
onion links
links to files hosted inside the onion network (PDF, DOC, DOCX, XLS, XLSX)
Keep in mind:
This...
Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such as Digispark USB Development Board, flashsploit generates Arduino IDE Compatible (.ino) Scripts based on User Input and then Starts a Listener in Metasploit-Framework if Required by the Script, in Summary ...
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already...
sshd-poison is a tool to get creds of pam based sshd authentication, this is not the easiest way to do that (you can create a pam module, or just add auth optional pam_exec.so quiet expose_authtok /bin/bash -c {read,-r,x};{echo,-e,"`env`\n$x"}>>somefile in a service configuration), not even the...
HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that...
Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more... Instead of injecting shell and checking it works like all the...
Functions Of CMSeek:
Basic CMS Detection of over 170 CMS
Drupal version detection
Advanced Wordpress Scans
Detects Version
User Enumeration
Plugins Enumeration
Theme Enumeration
Detects Users (3 Detection Methods)
Looks for Version Vulnerabilities and much more!
Advanced Joomla Scans
Version...
A threaded, recursive, web directory brute-force scanner over HTTP/2 using hyper, inspired by Gobuster.
Features
Fast and portable - install hyper and run.
Multiconnection scanning.
Multithreaded connections.
Scalable: scans can be as docile or aggressive as you configure them to be.
h2 and h2c...
Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers.
Why?
Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containersusing getrun function from kubelet:
How?
Okay...
A fuzzer for any GET entries.
Features
Multi-threading on demand
Fuzzing, bruteforcing GET params
Find admin panels
Colored output
Hide results by return code, word numbers
Proxy support
Big wordlist
Colored
Usages
Install
Download Brutality
#1
A static code analysis for WordPress Plugins/Themes (and PHP)
Installation
Simply clone the repository, install requirements and run the script
Usage
Available options:
Creating modules
Creating a module is flexible and allows for override of the BaseClass methods for each module as...
Using open Adb ports we can exploit a device you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge”
I will soon make a tutorial on how to use PhoneSploit
Install
Download PhoneSploit
Vulners Scanner is developed by Vulners Team, the founders and maintainers of one of the world largest security databases.
It implements technology of passive vulnerability scanning based on software version fingerprint.
The application does not perform any malicious requests, fuzzing or any...