Crypt and decrypt the cisco enable 7 passwords. Scans class A, B, and C networks for cisco routers which have telnet open and have not changed the default password from cisco. Drag and Drop ClickJacking exploit development assistance tool. Vulnerability Static Analysis for Containers. This is a utility to parse a Clam Anti Virus log file, in order to sort them into a malware archive for easier maintanence of your malware collection.
A tool that checks Cloudflare enabled sites for origin IP leaks. Python script to bypass cloudflare from command line. Built upon cfscrape module. A tool for listing Assets from multiple Cloud Providers. A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS.
Automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. A tool for enumerating the code caves in PE files. Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running. Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs.
Leverages publicly available datasets from Google BigQuery to generate wordlists. A collection of tools for pentester: LetDown is a powerful tcp flooder ReverseRaider is a domain scanner that use wordlist scanning or reverse resolution scanning Httsquash is an http server scanner, banner grabber and data retriever. Company Passwords Profiler helps making a bruteforce wordlist for a targeted company.
ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems. A blackbox vulnerability scanner for the Concre5 CMS. Easily create word's permutation and combination to generate complex wordlists and passwords. An auditing tool for Wi-Fi or wired Ethernet connections. Fast CORS misconfiguration vulnerabilities scanner.
Capture all RabbitMQ messages being sent through a broker. Simple script that looks for administrative web interfaces. Web recon tool find temporary files, parse robots. A python tool to extract various credentials and secrets from Windows registry hives. The Credential mapper - Tool that was created to bring awareness to the dangers of credential reuse.
Phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens. A geolocation information gatherer.
Offers geolocation information gathering through social networking platforms. An interactive crib dragging tool for cryptanalysis on ciphertext generated with reused or predictable stream cipher keys.
A python script for testing CRLF injecting issues. LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping.
A brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools. A modular framework designed to automate the penetration testing of wireless networks from drones and such unconventional devices. High performance multihash brute forcer with CUDA support. Allows you to call routines in shared libraries from within bash.
Worlds fastest WPA cracker with dictionary mutation engine. A tool to perform local searches for known vulnerabilities. The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. A stealth backdooring tool, that inject backdoor's shellcode into an existing process. A tool to perform higher-order correlation power analysis attacks CPA.
Store and execute an encrypted windows binary from inside memory, without a single bit touching disk. A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection.
Python script that performs dork searching and searches for local file inclusion and SQL injection errors. This tool will try to find every website that host at the same server at your target. Network statistics gatherer packet sniffer. A proxy which allows you to intercept TLS traffic in native x86 applications across platform.
Fingerprints servers, finds exploits, scans WebDAV. Tests WebDAV enabled servers by uploading test executable files, and then optionally uploading files which allow for command execution or other actions directly on the target.
A static analysis security scanner for ruby written web applications. A Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win A Java tool that allows you to perform online audits of password quality for several database engines.
Simple utility for enumerating D-Bus endpoints, an nmap for D-Bus. A patched version of dd that includes a number of features useful for computer forensics. Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. Performs method enumeration and interrogation against flash remoting end points. Tool that can detect and decode encoded strings, recursively.
Calculates density for files of any file-system-path to finally output an accordingly descending ordered list. Check network for services with default passwords. A merciless sentinel which will seek sensitive files containing critical info leaking through your network. A tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. A tool for recovering passwords from pixelized screenshots. An enterprise friendly way of detecting and preventing secrets in code.
Detect software and its version on websites. An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. A tool for converting Android's. Tool for finding path of predictable resource locations.
Framework for orchestrating forensic collection, processing and data export. Generation-based, context-free grammar fuzzer. Remove illegal dhcp servers with IP-pool underflow. A web content scanner, brute forceing for hidden files. C CLI implementation of the Java dirbuster tool. Detect directory traversal vulnerabilities in HTTP servers and web applications. This is a python script that scans webservers looking for administrative directories, php shells, and more. OSINT Scanning tool which discovers and maps directories found in javascript files hosted on a website.
Tool to work with Windows executables digital signatures. Read BitLocker encrypted volumes under Linux. This code dissects the internal data structures in ELF files. A Python based fuzzing framework with many features. Dont kill my cat - Malicious payload evasion tool. PoC for an adaptive parallelised DNS prober.
A simple python script that brute forces DNS and subsequently geolocates the found subdomains. Search for available domain names in an IP range. A python wordlist-based DNS subdomain scanner. A highly configurable DNS proxy for pentesters. DNS subdomain bruteforcing tool with Tor support through torsocks. Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
Nasty creature constantly searching for DNS servers. It uses standard dns querys and waits for the replies. A utility for quickly searching presorted DNS names. Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. Python script for enumeration of hosts, subdomains and emails from a given domain using google. Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. Finds all the security information for a given domain name. A web API to deliver domain information from whois and alexa.
A tool to link a domain with registered organisation names and emails, to other domains. NET Assemblies from memory. Command-line tool to scan Google search results for vulnerabilities. Tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities. Selenium powered Python script to automate searching for vulnerable web apps. A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks.
Tool to exploit the network and gathering information with nmap help. An open source framework to enable effective information sharing. Listens to network traffic and picks out images from TCP streams it observes. A security testing framework for Android - Precompiled binary from official repository.
A fully functional JavaScript library vulnerability scanner written in under lines of code. Collection of tools for network auditing and penetration testing. A simple tool to dump users in popular forums and CMS. Dumps account names and information even though RestrictAnonymous has been set to 1. Remove duplicates from massive wordlist, without sorting it for dictionnary-based password cracking.
Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks. A bash script that leverages ettercap and other tools to obtain credentials. A flexible fuzzer, not only for web, has a CSV output for efficient output analysis platform independent. This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more.
This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. A malloc 3 debugger that uses virtual memory hardware to detect illegal memory accesses. Horizontal domain discovery tool you can use to discover other domains owned by a given company. Collection of ELF utilities includes sstrip. A tool to decode obfuscated shellcodes using the unicorn-engine for the emulation and the capstone-engine to print the asm code.
Finds public elite anonymity proxies and concurrently tests them. A PowerShell and Python post-exploitation agent. Attempts to find the enable password on a cisco system via brute force. Tool that enumerates shared folders across the network and under a custom user account. A tool for enumerating information from Windows and Samba systems. Enumerate the permissions associated with an AWS credential set. Enemies Of Symfony - Debug mode Symfony looter.
Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host.
Windows tool which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Tool to exploit epmd related services such as rabbitmq, ejabberd and couchdb by bruteforcing the cookie and gaining RCE afterwards. Graphical network monitor for various OSI layers and protocols. Can change the Ethernet address of the network adapters in Windows. Floods a switched network with Ethernet frames with random hardware addresses.
A cross-platform assistant for creating malicious MS Office documents. Man-in-the-middle attack framework used for phishing login credentials.
Modular framework that takes advantage of poor upgrade implementations by injecting fake updates. Tool that limits bandwidth of devices on the same network without access.
TrueCrypt loader backdoor to sniff volume password. Embedding executable files in PDF Documents. Fix acquired. A tool to detect anomalies in PE Portable Executable files. A fast and modular scanner for Tor exit relays.
Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. Exploit Pack - The next generation exploit framework.
Smart ssrf scanner using different methods like parameter brute forcing in post and get. Convolutional neural network for analyzing pentest screenshots. Exploit for Eye-Fi Helper directory traversal vulnerability. Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
A single file bruteforcer supports multi-protocol. OSINT tool to replace facebook graph search. A facebook profile and reconnaissance system. Social Engineering Tool Oriented to facebook. This script tries to guess passwords for a given facebook account using a list of passwords dictionary. Black Alchemy's Fake AP generates thousands of counterfeit Hide in plain sight amongst Fake AP's cacophony of beacon frames. Fake mail server that captures e-mails as files for acceptance testing.
Weaponizing favicon. An accurate facebook account information gathering. Show info about the author by facebook photo url. A fast, simple, recursive content discovery tool written in Rust. A hacking harness that you can use during the post-exploitation phase of a red-teaming engagement.
This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.
A binary file fuzzer for Windows with several options. A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it. A modular Python application to pull intelligence about malicious files. A Egress filter mapping application with additional functionality. A little tool for local and remote file inclusion auditing and exploitation. A tool that scans networks looking for DNS servers. High-precision indoor positioning framework.
Crack different types of hashes using free online services. Locates all devices associated with an iCloud account. The fastest and cross-platform subdomain enumerator, do not waste your time. Find exploits in local and online databases instantly. A penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network.
A tool that transforms Firefox browsers into a penetration testing suite. An active reconnaissance network security tool.
Script for searching the extracted firmware file system for goodies. A Collection of different ways to execute code outside of the expected entry points. A tool to handle Firebird database management. Flare processes an SWF and extracts all scripts from it. Obfuscated String Solver - Automatically extract obfuscated strings from malware. Searches through source code for potential security flaws.
A Vulnerability Scanner for Wordpress and Moodle. A security auditing and social-engineering research tool. Block-based software vulnerability fuzzing framework. Multithreaded threat Intelligence gathering utilizing.
A console program to recover files based on their headers, footers, and internal data structures. A tool for predicting the output of random number generators. Simple and fast forking port scanner written in perl. Can only scan on host at a time, the forking is done on the specified port range. Or on the default range of 1. Helper script for working with format string bugs. Program that remotely determines DNS server versions. Identify unknown open ports and their associated applications.
This is a utility to parse a F-Prot Anti Virus log file, in order to sort them into a malware archive for easier maintanence of your collection. IPMI remote console and system management software. Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Wrapper tool to identify the remote device and push device specific frida-server binary. Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules also called "payload modules" or "paymods".
A low-level filesystem sandbox for Linux using syscall intercepts. Automates file system mirroring through remote file disclosure vulnerabilities on Linux machines. The master of all master fuzzing scripts specifically targeted towards FTP server software. FTP investigation tool - Scans ftp server for the following: reveal entire directory tree structures, detect anonymous access, detect directories with write permissions, find user specified data within repository.
Scans remote FTP servers to identify what software and what versions they are running. A Python library used to write fuzzing programs. Tool that automates the process of detecting and exploiting file upload forms flaws. A python script for obfuscating wireless networks. It sends a bunch of more or less bogus packets to the host of your choice.
A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes. An XML driven fuzz testing framework that emphasizes easy extensibility and reusability. A byte code analyzer for finding deserialization gadget chains in Java applications. NET serialized gadgets that can trigger.
Examine the contents of the IE's cookie files for forensic purposes. Network auditing and analysis tool developed in Python. A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
Simple, secure and performance file encryption tool written in C. This little tools is designed to get geolocalization information of a host, it get the information from two sources maxmind and geoiptool. GeoIPgen is a country to IP addresses generator. A graphical user interface for aircrack-ng and pyrit. Finding Ethereum nodes which are vulnerable to RPC-attacks. Command line utility for searching and downloading exploits. The application was created to allow anyone to easily download profile pictures from GG.
A Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. GUI suite for phishing and penetration attacks. Python script to generate obfuscated. Train a model and detect gibberish strings with it.
Automatically spawn a reverse shell fully interactive for Linux or Windows victim. A program to visually represent the Kismet data in a flexible manner. Dump the contents of a remote git repository without directory listing enabled. A tool to dump a git repository from a website. A batch-catching, pattern-matching, patch-attacking secret snatcher.
Python program to scrape secrets from GitHub through usage of a large repository of dorks. A pentesting tool that dumps the source code from. Monitor GitHub to search and find sensitive data in real time for different online services.
Collection of github dorks and helper tool to automate the process of checking dorks. A script that clones Github repositories of users and organizations automatically. An information gathering tool to collect git commit emails in version control host services. Tool for advanced mining for content on Github. Reconnaissance tool for GitHub organizations.
A repository with 3 tools for pwn'ing websites with. A tool that Reads any gMSA password blobs the user can access and parses the values. With drivers for usrp and fcd. A library which provides a secure layer over a reliable transport layer Version 2. A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. Google mass exploit robot - Make a google search, and parse the results for a especific exploit you define.
A python script to find domains by using google dorks. A tool that automates queries against Google search appliances, but with a twist. Extract strings from a Go binary using radare2.
A golang, web screenshot utility using Chrome Headless. Lists information about the applied Group Policies. A real-time satellite tracking and orbit prediction application. Interactive SDR receiver waterfall for many devices. Gnuradio blocks and tools for receiving GSM transmissions.
A web application scanner. Basically it detects some kind of vulnerabilities in your website. Performs traffic redirection by sending spoofed ARP replies.
A tool to generate obfuscated one liners to aid in penetration testing. Tool that lists the different ways of reaching a given type in a GraphQL schema. Scripting engine to interact with a graphql endpoint for pentesting purposes. Simple script for parsing web logs for RFIs and Webshells v1. A vulnerability scanner for container images and filesystems. Google Talk decoder tool that demonstrates recovering passwords from accounts. Search gtfobins and lolbas files from your terminal. A simple program that checks if a host in an ethernet network is a gateway to Internet.
Scans a website and suggests security headers to apply. A shell for with Pythonect-like syntax, including wrappers for commonly used security tools. A simple tool to scan and exploit redis servers. A CLI tool to identify the hash type of a given hash.
Simple framework that has been made for penetration testing tools. Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. Small, fast tool for performing reverse DNS lookups en masse.
Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.
A repository crawler that runs checksums for static files found within a given git repository. An small application designed to analyze your system searching for global objects related to running process and display information for every found object, like tokens, semaphores, ports, files,.. CLI tool for open source and threat intelligence. A python script which scraps online hash crackers to find cleartext of a hash. Software to identify the different types of hashes used to encrypt data and especially passwords.
Multithreaded advanced password recovery utility. Set of small utilities that are useful in advanced password cracking. Capture handshakes of nearby WiFi networks automatically. Search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. A tool that allows you to quickly hash plaintext strings, or compare hashed values with a plaintext locally.
A tool to search files for matching password hash types and other interesting data. Software to identify the different types of hashes used to encrypt data.
A tool to exploit the hash length extension attack in various hashing algorithms. A python script written to parse and identify password hashes. A tool for automating cracking methodologies through Hashcat. A Python framework for finding C structures from process memory - heap analysis - Memory structures forensics.
This tool allows you to test clients on the heartbleed bug. Small tool to capture packets from wlan devices.
Set of tools to generate plainmasterkeys rainbowtables and hashes for hashcat and John the Ripper. Portable solution for capturing wlan traffic and conversion to hashcat and John the Ripper formats. Generate HDCP source and sink keys from the leaked master key. Script that listens on TCP port and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's. Scans for systems vulnerable to the heartbleed bug, and then download them.
A simple and easy to use spear phishing helper. A special payload generator that can bypass all antivirus software. HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Converts Motorola and Intel hex files to binary. A very versatile packet injector and sniffer that provides a command-line framework for raw network access.
A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. This tool can perform man-in-the-middle and switch flooding attacks. It has 4 major functions, 3 of which attempt to man-in-the-middle one or more computers on a network with a passive method or flood type method.
Modern phishing tool with advanced functionality. A simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3. A general-use fuzzer that can be configured to use known-good input and delimiters in order to fuzz specific locations.
A tool for Efficiently finding registered accounts from emails. Scans all running processes. Network credential injection to detect responder and other network poisoners.
A small daemon that creates virtual hosts on a network. A general-purpose fuzzer with simple, command-line interface. A high-interaction Honey Pot solution designed to log all SSH communications between a client and server. A hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Integrated web scraper and email account data breach comparison tool.
Reverse engineering tool that lets you disassemble, decompile and debug your applications. A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. Modified hostapd to facilitate AP impersonation attacks. Hot patches executables on Linux using. Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names.
Count the number of people around you by monitoring wifi signals. Honeynet Project generic authenticated datafeed protocol. A security scanner for HTTP response headers. A web application analysis tool for detecting communications between javascript and the server.
A Python script that exploits a weakness in the way that. Active HTTP server fingerprinting and recon tool. Self contained web shells and other attacks via. A tool to enumerate the enabled HTTP methods supported on a webserver.
A slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. If you want to format Python 2 code as well, install with pip install black[python2]. If you want to format Jupyter Notebooks, install with pip install black[jupyter]. Black is already successfully used by many projects, small and big.
Black has a comprehensive test suite, with efficient parallel tests, and our own auto formatting and parallel Continuous Integration runner.
However, Black is still beta. Things will probably be wonky for a while. This is made explicit by the "Beta" trove classifier, as well as by the "b" in the version number. What this means for you is that until the formatter becomes stable, you should expect some formatting to change in the future.
That being said, no drastic stylistic changes are planned, mostly responses to bug reports. Also, as a safety measure which slows down processing, Black will check that the reformatted code still produces a valid AST that is effectively equivalent to the original see the Pragmatism section for details. If you're feeling confident, use --fast. Black is a PEP 8 compliant opinionated formatter. Black reformats entire files in place. Style configuration options are deliberately limited and rarely added.
It doesn't take previous formatting into account see Pragmatism for exceptions. Our documentation covers the current Black code style, but planned changes to it are also documented. They're both worth taking a look:.
Please refer to this document before submitting an issue. What seems like a bug might be intended behaviour. Early versions of Black used to be absolutist in some respects.
They took after its initial author. This was fine at the time as it made the implementation simpler and there were not many users anyway. Not many edge cases were reported. As a mature tool, Black does make some exceptions to rules it otherwise holds. Please refer to this document before submitting an issue just like with the document above. Black is able to read project-specific default values for its command line options from a pyproject.
Pro-tip : If you're asking yourself "Do I need to configure anything? Black is all about sensible defaults. Applying those defaults will have your code in compliance with many other Black formatted projects. I can't think of any single tool in my entire programming career that has given me a bigger productivity increase by its introduction. Dusty Phillips , writer :. Hynek Schlawack , creator of attrs , core developer of Twisted and CPython:. Carl Meyer , Django core developer:.
Kenneth Reitz , creator of requests and pipenv :. Looks like this:. Happy to see you willing to make the project better. You can get started by reading this:. Everyone participating in the Black project, and in particular in the issue tracker, pull requests, and social media activity, is expected to treat other people with respect and more generally to follow the guidelines articulated in the Python Community Code of Conduct.
At the same time, humor is encouraged. In fact, basic familiarity with Monty Python's Flying Circus is expected. We are not savages. Clarify circumstances in which Black may change the AST Reflect the --skip-magic-trailing-comma and --experimental-string-processing flags in the name of the cache file.
Without this fix, changes in these flags would not take effect if the cache had already been populated. Fixed a rare but annoying formatting instability created by the combination of optional trailing commas inserted by Black and optional parentheses looking at pre-existing "magic" trailing commas. This fixes issue and all of its many many duplicates. Black now processes one-line docstrings by stripping leading and trailing spaces, and adding a padding space when needed to break up """".
Black now respects --skip-string-normalization when normalizing multiline docstring quotes Black no longer removes all empty lines between non-function code and decorators when formatting typing stubs. Now Black enforces a single empty line. Added parsing support for unparenthesized tuples and yield expressions in annotated assignments Added --stdin-filename argument to allow stdin to respect --force-exclude rules PR Python 2 support is now optional, install with python3 -m pip install black[python2] to maintain support.
Fixed "Black produced code that is not equivalent to the source" when formatting Python 2 docstrings Black now supports Python 3. Black no longer normalizes capital R-string prefixes as those have a community-accepted meaning Black no longer crashes on from Black no longer introduces quotes in f-string subexpressions on string boundaries Black now creates cache files atomically which allows it to be used in parallel pipelines like xargs -P8 Black now correctly indents comments in files that were previously formatted with tabs Python grammar pickle caches are stored with the formatting caches, making Black work in environments where site-packages is not user-writable This fixed non-deterministic formatting if trailing commas where used both in function signatures with stars and function calls with stars but the former would be reformatted to a single line.
This avoids very weirdly looking formattings 34, If the file is Python 3. Dec 5, Nov 18, Nov 17, Nov 1, Sep 14, Aug 29, Jul 16, Jun 10, May 31, May 10, May 4, Apr 28, Apr 27, Apr 25,
0コメント