A Tool To Generate Media Files With Malicious Metadata
xss  Meta_Data  attack 
5 days ago
send files to yourself or your friends easily
remote_access  CommandLine  File_sharing 
8 days ago
5 open source RSS feed readers | Opensource.com
I'm back in the market for an RSS feed reader. These are some decent contenders, mostly for some OSINT, DevSec, Infosoc and other such like blogs and podcasts.
rss  feed_reader  aggregation 
9 days ago
Jake Creps – Open Source Intelligence
Open Source Intelligence blogger on tools, methods and tutorials
OSINT  blogs  How_To 
9 days ago
The OSINT Podcast
This is the Open Source Intelligence (OSINT) podcast. Here I will discuss news related to social media, data privacy, open source intelligence, investigative journalism as well as talk about tools and resources you can use to improve your research. You might also find interviews with people in the field that have unique insight and bring value to the show.
OSINT  How_To  blogs 
9 days ago
ODIN: Automated network asset, email, and social media profile discovery and cataloguing.
Automated network asset, email, and social media profile discovery and cataloguing
Reconnaissance  OSINT 
16 days ago
Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
threat-research  Reconnaissance 
25 days ago
Photon v1.1.4
Incredibly Fast Crawler Designed For Recon
28 days ago
Graphviz - Graph Visualization Software
Graphviz is open source graph visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains.
Graphics  visualization  diagram  OpenSource 
29 days ago
EggShell - iOS/macOS/Linux Remote Administration Tool
EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is project is a proof of concept, intended for use on machines you own.
remote_access  exploit  CommandLine  python 
4 weeks ago
Leaked? 2.0
A Checking Tool For Hash Codes, Passwords And Emails Leaked.
Reconnaissance  security 
4 weeks ago
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
DNS  Steganography  python 
4 weeks ago
advanced network reconnaissance toolkit
6 weeks ago
Text Mechanic – Text Manipulation Tools
Simple, single task, browser based, text manipulation tools.
text  data 
6 weeks ago
This is one to watch: A secure contact platform developed by a secure drop coder for those needing solid security, but maybe not at the Secure Drop threat model level.
6 weeks ago
badKarma - Advanced Network Reconnaissance Toolkit
badKarma aim to help the tester in all the penetration testing phases (information gathering, vulnerability assessment,exploitation,post-exploitation and reporting). It allow the tester to save time by having point-and-click access to their toolkit and interacte with them through GUIs or Terminals, also every task is logged under a sqlite database in order to help during the reporting phase or in a incident response scenario.
Pen_Testing  Reconnaissance 
7 weeks ago
fuxploider - File Upload Vulnerability Scanner And Exploitation program
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.
Hacking  Pen_Testing  shell 
7 weeks ago
Weekly @CipherMonkey Cryptographic Puzzles
Every Sunday, new ciphers are posted on Twitter as puzzles for you to solve. They come in 4 difficulties: easy, medium, hard, and extreme. Use the tools on this site for help solving the puzzles.
game  puzzle  Encryption 
7 weeks ago
Galileo - Web Application Audit Framework
Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

Fsociety Hacking Tools Pack - A Penetration Testing Framework

Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target

WAScan - Web Application Scanner
Pen_Testing  Framework 
8 weeks ago
SharpShooter - Payload Generation Framework
SharpShooter targets v2, v3 and v4 of the .NET framework which will be found on most end-user Windows workstations.
Hacking  windows 
8 weeks ago
mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration.
8 weeks ago
Let's Get Your Own Free Domain - DEV Community 👩‍💻👨‍💻
How to get free domains from some possibly dodgy places. Or maybe they're amazing.
8 weeks ago
Gophish - Open Source Phishing Framework
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
phishing  simulation  Pen_Testing 
8 weeks ago
The Social Engineer's Playbook
The Social Engineer's Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers and Security Analysts. Build effective social engineering plans using the techniques, tools and expert guidance in this book. Learn valuable elicitation techniques, such as: Bracketing, Artificial Ignorance, Flattery, Sounding Board and others. This book covers an introduction to tools, such as: Maltego, Social Engineer Toolkit, Dradis, Metasploit and Kali Linux among others. Crucial to any social engineering test is the information used to build it. Discover the most valuable sources of intel and how to put them to use.
social_engineering  book  Hacking 
8 weeks ago
Hoaxy® by OSoMe
Visualize the spread of claims and fact checking.

Also http://analytics.followthehashtag.com/#!/
8 weeks ago
RMTeam's Blue Data app
Multilingual App for field research data collection.
8 weeks ago
A fully-modern text-based browser, rendering to TTY and browsers, which some day I may actually get to work. https://www.brow.sh
browser  shell 
9 weeks ago
Burp Suite Scanner
Useful tool for nosing and capturing information from sites
security  Reconnaissance 
9 weeks ago
Noun Project Search
Open source, gpl icons by the thousands.
Graphics  Design  creative_commons 
9 weeks ago
Comix I/O
Create your own xkcd-style comics using HTML markup.
9 weeks ago
Python Tricks 101
Python tips which are relatively uncommon and are very useful.
python  programming 
9 weeks ago
Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT - KitPloit - PenTest Tools for your Security Arsenal ☣
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.
Reconnaissance  tracking  Social_Networks 
9 weeks ago
When you're developing image styles in css, you can use some bears.
css  WebDev_Tools 
9 weeks ago
CMS (Content Management Systems) Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 40 other CMSs
Pen_Testing  exploit  CMS 
10 weeks ago
gpgsync/README.md at develop · firstlookmedia/gpgsync · GitHub
GPG Sync is designed to let users always have up-to-date OpenPGP public keys for other members of their organization.
Encryption  pgp 
10 weeks ago
My $169 development Chromebook
This is now a classic, but still green advice, worth as a starting point to optimising a Chromebook.
security  dev  chromebooks 
11 weeks ago
Track The News
Meet the open-source Twitter bot to help you surface stories on anything
OSINT  Research  aggregation  python 
july 2018
WebApp Information Gatherer
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.
Reconnaissance  python 
july 2018
"Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search
doxxing  Reconnaissance  reverse_image_search 
july 2018
Cloudron - The best platform for running web apps
Lotos of useful, quickly deployable open source apps.
june 2018
VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.
Pen_Testing  scanner 
june 2018
Awesone web security
🐶 Curated list of Web Security materials and resources.
june 2018
Multiple Ways to Get root through Writable File
In Linux everything is a file, including directories and devices that have permissions to allow or restricted three operations i.e. read/write/execute
hacking  Linux 
june 2018
Developer Tools | Hugo
All the tools for deving Hugo websites.
hugo  flat_file_websites  WebDev_Tools 
june 2018
WTF - A Terminal Dashboard
WTF is a personal information dashboard for your terminal, developed for those who spend most of their day in the command line.
terminal  todo  productivity 
june 2018
Fsociety Hacking Tools Pack - A Penetration Testing Framework - KitPloit - PenTest Tools for your Security Arsenal ☣
Other shows' merchandise usually runs along the action figure or Happy Neal spectrum. With Mr. Robot, it's the working stuff from the show, like if Terminator actually led to fit repos of killer robots.
june 2018
Crafting the InfoSec Playbook - O'Reilly Media
Security Monitoring and Incident Response Master Plan
buylist  security  book 
may 2018
Shell Scripting and Security
Basic ways you can use shell scripts to monitor password strength and secret accounts
shell  CommandLine  security 
may 2018
Awesome Hacking Tools
A curated list of awesome Hacking Tools. If you want to contribute to this list send me a pull request
may 2018
Sunder is a user-friendly graphical interface for Shamir's Secret Sharing.

Also see https://freedom.press/news/meet-sunder-new-way-share-secrets/
tryout  Encryption 
may 2018
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions
pentesting  hacking  unix  shell 
may 2018
WebTorrent Desktop
Streaming torrent app for Mac, Windows, and Linux
torrent  streaming 
may 2018
find all rhe things on otger computers.
 If you want to do an inventory of all installed software in your active directory domain, then keep on reading my post.
How_To  Reconnaissance  network  scanner 
may 2018
Malware Analysis is for the (Cuckoo) Birds - TrustedSec
The Cuckoo sandbox is an open source malware analysis system that can perform used against many different types of malware, ranging from Office documents to executables. 
malware  OpenSource 
may 2018
jarun/googler: Google from the terminal
Search the web with Google from the command line instead of the browser... because stuff.
google  python  Cli  search 
may 2018
saltpack - a modern crypto messaging format
Need to encode, transmit, or store encrypted or signed data? saltpack is a streamlined, modern solution, designed with simplicity in mind. It is easy to implement & integrate. We've made few crypto decisions and instead leave almost all of the heavy lifting to the NaCl library
may 2018
This Tool Queries The Emails That Registered The Domain And Verifies If They Were Leaked In Some Data Leak - KitPloit - PenTest Tools for your Security Arsenal ☣
email  whois  Domains  Open_Data  Reconnaissance 
may 2018
VFRAME is a computer vision toolkit designed for human rights researchers and investigative journalists
machine_learning  AI  Open_Data  verification 
may 2018
SugarCube is a framework to fetch, transform and publish data. Data processes are described using plugins, which are chained in sequence to transform any sort of data. It is used to support data based investigations.
scraping  OpenSource  Open_Data  verification 
may 2018
One to Zero
How to build a static website using a zero configuration toolkit
WebDev  static-hosting 
may 2018
Harpoon: an OSINT / Threat Intelligence tool · Tek's blog

Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task. The code is on Github, feel free to open issues and propose Pull Requests.
may 2018
Juice Shop i- ntentionally insecure webapp for security trainings
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. - http://owasp-juice.shop
training  security  WebDev  QWASP  infosec  education  javascript 
may 2018
PAVELOW helps you with your exploiting and vulnerability searching adventures on KALI Linux by using a few different pre-installed tools among several others that PAVELOW will installed & setup for you(they all can be found right here on Github too).
Hacking  exploit  Pen_Testing 
may 2018
NetBlocks Framework
Open technology for transparent internet governance using javascript, python and other tracking, documenting tools.
transparency  monitoring  censorship  Framework 
may 2018
Exploitation Framework for Embedded Devices
routers  Hacking  IoT 
may 2018
FOIA 101: Tips and Tricks to Make You a Transparency Master
This is a nice guide on how to use a very complex Cli for recon.
transparency  Research 
may 2018
Can I use... Support tables for HTML5, CSS3, etc
Let's you know how useable your front end work is going to be on different browsers and devices.
browser  WebDev 
may 2018
Motherboard Made a Tool That Archives Websites on Demand - Motherboard
mass_archive, a basic Python script, will push a webpage or URL to multiple archive services at once, hopefully making online journalism or research a bit more efficient.
may 2018
Penetration Testing checklist on Process Street
This Process Street penetration testing checklist is engineered to give a documentation process for staff carrying out penetration testing on either their own networks and services or those of a client.
may 2018
An information gathering tool to colect git commit emails in version control host services.
Git  Reconnaissance  phishing 
april 2018
How to Easily Generate Hundreds of Phishing Domains « Null Byte :: WonderHowTo
onvincing domain name is critical to the success of any phishing attack. With a single Python script, it's possible to find hundreds of available phishing domains and even identify phishing websites deployed by other hackers for purposes such as stealing user credentials.
How_To  phishing  Hacking  python  Domains 
april 2018
ESP8266 deauther
Scan for WiFi devices, block selected connections, create dozens of networks and confuse WiFi scanners!
network  wifi  security 
april 2018
SMBrute is a program that can be used to bruteforce username and passwords of servers that are using SMB (Samba).
Hacking  server  samba  smb  bruteforce 
april 2018
Champions Curriculum:
A training curriculum for teaching information security "champions" within small organisations and helping them conduct a basic assessment. (Work in progress)
InfoSec  OrgSec 
april 2018
Self hosted newsletter app
OpenSource  email  WebDev 
april 2018
tachyons tldr
Cheater for looking up Tachyon CSS classes, which are a different kind of voodoo all together. Remember how people used to bang on about not putting styles in the pages? For flippen' 'eck it's back.
CSS  Design  WebDev 
april 2018
« earlier      
!document_management 2fa academic actvist_tech ad_blocking aggregation ai alerts analysis analytics android anonymity ansible anti_censorship anti_forensics archive article attack authentication automation aws backup bios bitcoin blockchain blogs bluetooth book bots browser bruteforce business_intelligence buylist canary capture cctv censorship chrome chrome_plugin chromebooks circumvention cli closed_source cloud_services cms coding collaboration commandline confederated content_creation copyright creative_commons css cyber_warfare dark_services dashboards data data_analsis data_analysis data_collection data_journalism data_mining data_policy data_scraping data_visualisation data_wipe databases ddos decentralised decentralized design dev devsec diagram diff digital_radio digsec digsec_howto digsec_services digsec_tools django dns docker domains dorking doxxing drupal drupal_modules education email encryption end_point_security enumeration exploit facebook feed_reader file_sharing firewall firmware flat_file_websites foia fonts forensic foss framework frameworks frontend_dev game gaming gatsby geolocation git goodorgs google google_dorks graphic_design graphics gui hacking hardening hardware honey_pot honeypot hosting how how_to htaccess html http https hugo icons ict ict_policy image_archive image_archives image_editing infosec interactive intranet ios iot ip ipfs iphone irc javascript journalism journalism_technology journalist_safety js law lazyweb_tools leaks letsencrypt linkedin linux lists localhost mac machine_learning malware manifesto maps markdown meshnet messaging_apps meta_data metasploit microsoft mitm mobile mobile_apps mongodb monitor monitoring mozilla mysql nato network ngo nmpap node_js notes nsa oauth2 objective-c onion_sites ooni open_data opensource operating_systems opsec optimization orgsec osint otr p2p packet_inspection password_manager passwords pdf pen_testing pentesting pgp phishing physical_security platforms policy privacy privilege_escalation productivity products programming protocol prototyping proxy public_domain puzzle python qwasp raspberry_pi re reconnaissance redis remote_access reporting research retro reverse_image_search routers rss ruby s3 samba scan scanner scraping search secure_contact security selfhosted server service_providers shell shodan shortcuts signal simulation slack smb social_engineering social_networks software source_protection spreadsheets sql ssh ssl static-hosting steganography strapi streaming subdomains surveillance sys sysadmin tcp telephony terminal testing text text_analysis threat-research tinycode tls todo tor tor_bridges torrent tracking traffic training transparency tryout tunneling twitter ubuntu ui unix usb ux verification via:popular video video_editing vim visualization voip volatile_file_sharing vpn wagtail web_design web_servers web_standards web_toys webdev webdev_testing webdev_tools whistleblowing whois wifi windows wordpress wordpress_plugins workflow_tools writing_app wysiwyg xmpp xss

Copy this bookmark: