Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
mitm  phishing 
21 days ago
BabySploit (for beginbers, or when you dont need an elephant gun)
BabySploit is a penetration testing framework aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit. With a very easy to use UI and toolkit, anybody from any experience level will find use out of BabySploit.
Hacking  Pen_Testing  exploit 
27 days ago
AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for AWS guide: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf
aws  security  auditing  hardening  aws_security 
5 weeks ago
Build interactive map of cameras from Shodan
shodan  CCTV  Maps 
5 weeks ago
KillShot - Information Gathering Tool
You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot.
This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan xss and sql.
vulnerability  scanner  Pen_Testing  Ruby  Reconnaissance 
6 weeks ago
A Tool To Generate Media Files With Malicious Metadata
xss  Meta_Data  attack 
8 weeks ago
send files to yourself or your friends easily
remote_access  CommandLine  File_sharing 
9 weeks ago
5 open source RSS feed readers | Opensource.com
I'm back in the market for an RSS feed reader. These are some decent contenders, mostly for some OSINT, DevSec, Infosoc and other such like blogs and podcasts.
rss  feed_reader  aggregation 
9 weeks ago
Jake Creps – Open Source Intelligence
Open Source Intelligence blogger on tools, methods and tutorials
OSINT  blogs  How_To 
9 weeks ago
The OSINT Podcast
This is the Open Source Intelligence (OSINT) podcast. Here I will discuss news related to social media, data privacy, open source intelligence, investigative journalism as well as talk about tools and resources you can use to improve your research. You might also find interviews with people in the field that have unique insight and bring value to the show.
OSINT  How_To  blogs 
9 weeks ago
ODIN: Automated network asset, email, and social media profile discovery and cataloguing.
Automated network asset, email, and social media profile discovery and cataloguing
Reconnaissance  OSINT 
10 weeks ago
Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
threat-research  Reconnaissance 
11 weeks ago
Photon v1.1.4
Incredibly Fast Crawler Designed For Recon
11 weeks ago
Graphviz - Graph Visualization Software
Graphviz is open source graph visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains.
Graphics  visualization  diagram  OpenSource 
12 weeks ago
EggShell - iOS/macOS/Linux Remote Administration Tool
EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is project is a proof of concept, intended for use on machines you own.
remote_access  exploit  CommandLine  python 
12 weeks ago
Leaked? 2.0
A Checking Tool For Hash Codes, Passwords And Emails Leaked.
Reconnaissance  security 
12 weeks ago
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
DNS  Steganography  python 
12 weeks ago
advanced network reconnaissance toolkit
september 2018
Text Mechanic – Text Manipulation Tools
Simple, single task, browser based, text manipulation tools.
text  data 
september 2018
This is one to watch: A secure contact platform developed by a secure drop coder for those needing solid security, but maybe not at the Secure Drop threat model level.
september 2018
badKarma - Advanced Network Reconnaissance Toolkit
badKarma aim to help the tester in all the penetration testing phases (information gathering, vulnerability assessment,exploitation,post-exploitation and reporting). It allow the tester to save time by having point-and-click access to their toolkit and interacte with them through GUIs or Terminals, also every task is logged under a sqlite database in order to help during the reporting phase or in a incident response scenario.
Pen_Testing  Reconnaissance 
august 2018
fuxploider - File Upload Vulnerability Scanner And Exploitation program
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.
Hacking  Pen_Testing  shell 
august 2018
Weekly @CipherMonkey Cryptographic Puzzles
Every Sunday, new ciphers are posted on Twitter as puzzles for you to solve. They come in 4 difficulties: easy, medium, hard, and extreme. Use the tools on this site for help solving the puzzles.
game  puzzle  Encryption 
august 2018
Galileo - Web Application Audit Framework
Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

Fsociety Hacking Tools Pack - A Penetration Testing Framework

Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target

WAScan - Web Application Scanner
Pen_Testing  Framework 
august 2018
SharpShooter - Payload Generation Framework
SharpShooter targets v2, v3 and v4 of the .NET framework which will be found on most end-user Windows workstations.
Hacking  windows 
august 2018
mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration.
august 2018
Let's Get Your Own Free Domain - DEV Community 👩‍💻👨‍💻
How to get free domains from some possibly dodgy places. Or maybe they're amazing.
august 2018
Gophish - Open Source Phishing Framework
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
phishing  simulation  Pen_Testing 
august 2018
The Social Engineer's Playbook
The Social Engineer's Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers and Security Analysts. Build effective social engineering plans using the techniques, tools and expert guidance in this book. Learn valuable elicitation techniques, such as: Bracketing, Artificial Ignorance, Flattery, Sounding Board and others. This book covers an introduction to tools, such as: Maltego, Social Engineer Toolkit, Dradis, Metasploit and Kali Linux among others. Crucial to any social engineering test is the information used to build it. Discover the most valuable sources of intel and how to put them to use.
social_engineering  book  Hacking 
august 2018
Hoaxy® by OSoMe
Visualize the spread of claims and fact checking.

Also http://analytics.followthehashtag.com/#!/
august 2018
RMTeam's Blue Data app
Multilingual App for field research data collection.
august 2018
A fully-modern text-based browser, rendering to TTY and browsers, which some day I may actually get to work. https://www.brow.sh
browser  shell 
august 2018
Burp Suite Scanner
Useful tool for nosing and capturing information from sites
security  Reconnaissance 
august 2018
Noun Project Search
Open source, gpl icons by the thousands.
Graphics  Design  creative_commons 
august 2018
Comix I/O
Create your own xkcd-style comics using HTML markup.
august 2018
Python Tricks 101
Python tips which are relatively uncommon and are very useful.
python  programming 
august 2018
Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT - KitPloit - PenTest Tools for your Security Arsenal ☣
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.
Reconnaissance  tracking  Social_Networks 
august 2018
When you're developing image styles in css, you can use some bears.
css  WebDev_Tools 
august 2018
CMS (Content Management Systems) Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 40 other CMSs
Pen_Testing  exploit  CMS 
august 2018
gpgsync/README.md at develop · firstlookmedia/gpgsync · GitHub
GPG Sync is designed to let users always have up-to-date OpenPGP public keys for other members of their organization.
Encryption  pgp 
august 2018
My $169 development Chromebook
This is now a classic, but still green advice, worth as a starting point to optimising a Chromebook.
security  dev  chromebooks 
july 2018
Track The News
Meet the open-source Twitter bot to help you surface stories on anything
OSINT  Research  aggregation  python 
july 2018
WebApp Information Gatherer
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.
Reconnaissance  python 
july 2018
"Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search
doxxing  Reconnaissance  reverse_image_search 
july 2018
Cloudron - The best platform for running web apps
Lotos of useful, quickly deployable open source apps.
june 2018
VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.
Pen_Testing  scanner 
june 2018
Awesone web security
🐶 Curated list of Web Security materials and resources.
june 2018
Multiple Ways to Get root through Writable File
In Linux everything is a file, including directories and devices that have permissions to allow or restricted three operations i.e. read/write/execute
hacking  Linux 
june 2018
Developer Tools | Hugo
All the tools for deving Hugo websites.
hugo  flat_file_websites  WebDev_Tools 
june 2018
WTF - A Terminal Dashboard
WTF is a personal information dashboard for your terminal, developed for those who spend most of their day in the command line.
terminal  todo  productivity 
june 2018
Fsociety Hacking Tools Pack - A Penetration Testing Framework - KitPloit - PenTest Tools for your Security Arsenal ☣
Other shows' merchandise usually runs along the action figure or Happy Neal spectrum. With Mr. Robot, it's the working stuff from the show, like if Terminator actually led to fit repos of killer robots.
june 2018
Crafting the InfoSec Playbook - O'Reilly Media
Security Monitoring and Incident Response Master Plan
buylist  security  book 
may 2018
Shell Scripting and Security
Basic ways you can use shell scripts to monitor password strength and secret accounts
shell  CommandLine  security 
may 2018
Awesome Hacking Tools
A curated list of awesome Hacking Tools. If you want to contribute to this list send me a pull request
may 2018
Sunder is a user-friendly graphical interface for Shamir's Secret Sharing.

Also see https://freedom.press/news/meet-sunder-new-way-share-secrets/
tryout  Encryption 
may 2018
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions
pentesting  hacking  unix  shell 
may 2018
WebTorrent Desktop
Streaming torrent app for Mac, Windows, and Linux
torrent  streaming 
may 2018
find all rhe things on otger computers.
 If you want to do an inventory of all installed software in your active directory domain, then keep on reading my post.
How_To  Reconnaissance  network  scanner 
may 2018
Malware Analysis is for the (Cuckoo) Birds - TrustedSec
The Cuckoo sandbox is an open source malware analysis system that can perform used against many different types of malware, ranging from Office documents to executables. 
malware  OpenSource 
may 2018
jarun/googler: Google from the terminal
Search the web with Google from the command line instead of the browser... because stuff.
google  python  Cli  search 
may 2018
saltpack - a modern crypto messaging format
Need to encode, transmit, or store encrypted or signed data? saltpack is a streamlined, modern solution, designed with simplicity in mind. It is easy to implement & integrate. We've made few crypto decisions and instead leave almost all of the heavy lifting to the NaCl library
may 2018
This Tool Queries The Emails That Registered The Domain And Verifies If They Were Leaked In Some Data Leak - KitPloit - PenTest Tools for your Security Arsenal ☣
email  whois  Domains  Open_Data  Reconnaissance 
may 2018
VFRAME is a computer vision toolkit designed for human rights researchers and investigative journalists
machine_learning  AI  Open_Data  verification 
may 2018
SugarCube is a framework to fetch, transform and publish data. Data processes are described using plugins, which are chained in sequence to transform any sort of data. It is used to support data based investigations.
scraping  OpenSource  Open_Data  verification 
may 2018
One to Zero
How to build a static website using a zero configuration toolkit
WebDev  static-hosting 
may 2018
Harpoon: an OSINT / Threat Intelligence tool · Tek's blog

Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task. The code is on Github, feel free to open issues and propose Pull Requests.
may 2018
Juice Shop i- ntentionally insecure webapp for security trainings
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. - http://owasp-juice.shop
training  security  WebDev  QWASP  infosec  education  javascript 
may 2018
PAVELOW helps you with your exploiting and vulnerability searching adventures on KALI Linux by using a few different pre-installed tools among several others that PAVELOW will installed & setup for you(they all can be found right here on Github too).
Hacking  exploit  Pen_Testing 
may 2018
NetBlocks Framework
Open technology for transparent internet governance using javascript, python and other tracking, documenting tools.
transparency  monitoring  censorship  Framework 
may 2018
Exploitation Framework for Embedded Devices
routers  Hacking  IoT 
may 2018
FOIA 101: Tips and Tricks to Make You a Transparency Master
This is a nice guide on how to use a very complex Cli for recon.
transparency  Research 
may 2018
Can I use... Support tables for HTML5, CSS3, etc
Let's you know how useable your front end work is going to be on different browsers and devices.
browser  WebDev 
may 2018
Motherboard Made a Tool That Archives Websites on Demand - Motherboard
mass_archive, a basic Python script, will push a webpage or URL to multiple archive services at once, hopefully making online journalism or research a bit more efficient.
may 2018
Penetration Testing checklist on Process Street
This Process Street penetration testing checklist is engineered to give a documentation process for staff carrying out penetration testing on either their own networks and services or those of a client.
may 2018
An information gathering tool to colect git commit emails in version control host services.
Git  Reconnaissance  phishing 
april 2018
How to Easily Generate Hundreds of Phishing Domains « Null Byte :: WonderHowTo
onvincing domain name is critical to the success of any phishing attack. With a single Python script, it's possible to find hundreds of available phishing domains and even identify phishing websites deployed by other hackers for purposes such as stealing user credentials.
How_To  phishing  Hacking  python  Domains 
april 2018
« earlier      
!document_management 2fa academic actvist_tech ad_blocking aggregation ai alerts analysis analytics android anonymity ansible anti_censorship anti_forensics archive article attack auditing authentication automation aws aws_security backup bios bitcoin blockchain blogs bluetooth book bots browser bruteforce business_intelligence buylist canary capture cctv censorship chrome chrome_plugin chromebooks circumvention cli closed_source cloud_services cms coding collaboration commandline confederated content_creation copyright creative_commons css cyber_warfare dark_services dashboards data data_analsis data_analysis data_collection data_journalism data_mining data_policy data_scraping data_visualisation data_wipe databases ddos decentralised decentralized design dev devsec diagram diff digital_radio digsec digsec_howto digsec_services digsec_tools django dns docker domains dorking doxxing drupal drupal_modules education email encryption end_point_security enumeration exploit facebook feed_reader file_sharing firewall firmware flat_file_websites foia fonts forensic foss framework frameworks frontend_dev game gaming gatsby geolocation git goodorgs google google_dorks graphic_design graphics gui hacking hardening hardware honey_pot honeypot hosting how how_to htaccess html http https hugo icons ict ict_policy image_archive image_archives image_editing infosec interactive intranet ios iot ip ipfs iphone irc javascript journalism journalism_technology journalist_safety js law lazyweb_tools leaks letsencrypt linkedin linux lists localhost mac machine_learning malware manifesto maps markdown meshnet messaging_apps meta_data metasploit microsoft mitm mobile mobile_apps mongodb monitor monitoring mozilla mysql nato network ngo nmpap node_js notes nsa oauth2 objective-c onion_sites ooni open_data opensource operating_systems opsec optimization orgsec osint otr p2p packet_inspection password_manager passwords pdf pen_testing pentesting pgp phishing physical_security platforms policy privacy privilege_escalation productivity products programming protocol prototyping proxy public_domain puzzle python qwasp raspberry_pi re reconnaissance redis remote_access reporting research retro reverse_image_search routers rss ruby s3 samba scan scanner scraping search secure_contact security selfhosted server service_providers shell shodan shortcuts signal simulation slack smb social_engineering social_networks software source_protection spreadsheets sql ssh ssl static-hosting steganography strapi streaming subdomains surveillance sys sysadmin tcp telephony terminal testing text text_analysis threat-research tinycode tls todo tor tor_bridges torrent tracking traffic training transparency tryout tunneling twitter ubuntu ui unix usb ux verification via:popular video video_editing vim visualization voip volatile_file_sharing vpn vulnerability wagtail web_design web_servers web_standards web_toys webdev webdev_testing webdev_tools whistleblowing whois wifi windows wordpress wordpress_plugins workflow_tools writing_app wysiwyg xmpp xss

Copy this bookmark: