▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RSA key security vulnerability detection tool
> kali-parrot-ubuntu...
t.me/UndercodeTesting

🦑 INSTALLISATION & RUN :

> Clone https://github.com/crocs-muni/roca
1) Pip installation

> Install with pip (install all dependencies)

2) pip install roca-detect
Local installation

3) Execute in the root folder of the package:

pip install --upgrade --find-links=. .
rely

4) You may need to install other dependencies, so pip you can install encryption packages, for example.

🦑 CentOS / RHEL：

> sudo yum install python-devel python-pip gcc gcc-c++ make automake

> autoreconf libtool openssl-devel libffi-devel dialog

🦑 Ubuntu的：

sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig
usage

🦑 Basic usage of printing:


1) If installed with pip / manually
roca-detect --help

2) Without installation (can miss dependencies)
python fingerprint/detect.py

3) The test tool accepts multiple file names / directories as input parameters. It returns a report showing how many files have been fingerprinted (and which files).

🦑 Example:

Run recursively on all SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2020 13:39:21 [51272] INFO Records tested: 92
2020 13:39:21 [51272] INFO .. PEM certs :. . . 0
202013:39:21 [51272] INFO .. DER certs :. . . 0
2020 13:39:21 [51272] INFO .. RSA key files: . 16
...

🦑 PGP key

1) To test your PGP key, you can export it from your email client or download it from the PGP key server, for example https://pgp.mit.edu/

2) You can also use the gpg command line utility to export your public key:

gpg --armor --export your@email.com > mykey.asc

🦑 ADVANCED CASES

1) The detection tool extracts displayable keyword information:

> roca-detect.py --dump --flatten --indent ~/.ssh/
Advanced installation method

2) Virtual environment
It is generally recommended to create a new python virtual environment for the project:

virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .
Separate Python 2.7.13

3) It will not work with lower Python versions. Use to pyenv install a new Python version. It downloads the Python source internally and installs it ~/.pyenv.


git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install ..v
pyenv local ..v

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 BIGGEST LIST OF TERMUX SCRIPTS

- [Tishna](https://github.com/haroonawanofficial/Tishna-Automated-Web-Application-Hacker) - Complete Automated pentest framework for Servers, Application Layer to Web Security. :star:44
- [seeker](https://github.com/thewhiteh4t/seeker) - Accurately Locate Smartphones using Social Engineering. :star:661
- [ANDRAX](https://andrax.thecrackertechnology.com/download) - ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! :star:222
- [findomain](https://github.com/Edu4rdSHL/findomain) - The fastest and cross-platform subdomain enumerator, don't waste your time. :star:822
- [ReconCobra](https://github.com/haroonawanofficial/ReconCobra) - Complete Automated pentest framework for Information Gathering. :star:53
- [HttpLiveProxyGrabber](https://github.com/04x/HttpLiveProxyGrabber) - Best Proxy Grabber Tool!. :star:5
- [instagramCracker](https://github.com/04x/instagramCracker) - Full Speed Instagram Cracker. :star:45
- [ToolB0x](https://github.com/04x/ToolB0x) - Hacking Tools :zap:. :star:9
- [TekDefense-Automater](https://github.com/1aN0rmus/TekDefense-Automater) - Automater - IP URL and MD5 OSINT Analysis. :star:402
- [BruteX](https://github.com/1N3/BruteX) - Automatically brute force all services running on a target.. :star:687
- [Findsploit](https://github.com/1N3/Findsploit) - Find exploits in local and online databases instantly. :star:940
- [ReverseAPK](https://github.com/1N3/ReverseAPK) - Quickly analyze and reverse engineer Android packages. :star:314
- [Sn1per](https://github.com/1N3/Sn1per) - Automated pentest framework for offensive security experts. :star:3123
- [noisy](https://github.com/1tayH/noisy) - Simple random DNS, HTTP/S internet traffic noise generator. :star:978
- [LITEDDOS](https://github.com/4L13199/LITEDDOS) - This Tool Is Supporting For DDOS Activities, The Way Is Typing Command : $ python2 islddos.py <ip> <port> <packet> example: $python2 islddos.py 104.27.190.77 8080 100 IP target: 104.27.190.77 port: 8080 packet:100 Made In indonesia Indonesia Security Lite. :star:21
- [LITESPAM](https://github.com/4L13199/LITESPAM) - Berisi Tools Spammer Dengan Berbagai Macam jenis Dengan Limit Tinggi Bahkan Unlimited. :star:65
- [hakkuframework](https://github.com/4shadoww/hakkuframework) - Hakku Framework penetration testing. :star:171
- [BeeLogger](https://github.com/4w4k3/BeeLogger) - Generate Gmail Emailing Keyloggers to Windows.. :star:474
- [KnockMail](https://github.com/4w4k3/KnockMail) - Verify if email exists. :star:47
- [Umbrella](https://github.com/4w4k3/Umbrella) - A Phishing Dropper designed to Pentest.. :star:157
- [mfterm](https://github.com/4ZM/mfterm) - Terminal for working with Mifare Classic 1-4k Tags. :star:94
- [djangohunter](https://github.com/hackatnow/djangohunter) - Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.. :star:194
- [shodanwave](https://github.com/hackatnow/shodanwave) - Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera. . :star:162
- [WebXploiter](https://github.com/a0xnirudh/WebXploiter) - WebXploiter - An OWASP Top 10 Security scanner !. :star:30
- [CrawlBox](https://github.com/abaykan/CrawlBox) - Easy way to brute-force web directory.. :star:93
- [TrackOut](https://github.com/abaykan/TrackOut) - Simple Python IP Tracker. :star:12
- [sslcaudit](https://github.com/abbbe/sslcaudit) - No description provided :star:17
- [Sublist3r](https://github.com/aboul3la/Sublist3r) - Fast subdomains enumeration tool for penetration testers. :star:4116
- [doork](https://github.com/AeonDave/doork) - Passive Vulnerability Auditor. :star:106
- [sir](https://github.com/AeonDave/sir) - Skype Ip Resolver. :star:6
- [xl-py](https://github.com/anggialberto/xl-py) - No description provided :star:24
- [netdiscover](https://github.com/alexxy/netdiscover) - netdiscover. :star:188

- [ATSCAN](https://github.com/AlisamTechnology/ATSCAN) - Advanced dork Search & Mass Exploit Scanner. :star:573
- [fuxploider](https://github.com/almandin/fuxploider) - File upload vulnerability scanner and exploitation tool.. :star:1380
- [ipwn](https://github.com/altjx/ipwn) - No description provided :star:108
- [w3af](https://github.com/andresriancho/w3af) - w3af: web application attack and audit framework, the open source web vulnerability scanner.. :star:2947
- [AndroBugs_Framework](https://github.com/AndroBugs/AndroBugs_Framework) - AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.. :star:705
- [roxysploit](https://github.com/andyvaikunth/roxysploit) - A Hackers framework. :star:12
- [PadBuster](https://github.com/AonCyberLabs/PadBuster) - Automated script for performing Padding Oracle attacks. :star:450
- [capstone](https://github.com/aquynh/capstone) - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.. :star:3923
- [wirespy](https://github.com/aress31/wirespy) - Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).. :star:206
- [lscript](https://github.com/arismelachroinos/lscript) - The LAZY script will make your life easier, and of course faster.. :star:1847
- [ADB-Toolkit](https://github.com/ASHWIN990/ADB-Toolkit) - ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!. :star:12
- [Hunner](https://github.com/b3-v3r/Hunner) - Hacking framework. :star:109
- [Termux-Styling-Shell-Script](https://github.com/BagazMukti/Termux-Styling-Shell-Script) - Unofficial Termux Styling [ Bash ]. :star:2
- [killshot](https://github.com/bahaabdelwahed/killshot) - A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner. :star:133
- [admin-panel-finder](https://github.com/bdblackhat/admin-panel-finder) - A Python Script to find admin panel of a site. :star:49
- [beef](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project. :star:4631
- [Parsero](https://github.com/behindthefirewalls/Parsero) - Parsero | Robots.txt audit tool. :star:109
- [bettercap](https://github.com/bettercap/bettercap) - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.. :star:6448
- [bleachbit](https://github.com/bleachbit/bleachbit) - BleachBit system cleaner for Windows and Linux. :star:683
- [trape](https://github.com/jofpin/trape) - People tracker on the Internet: OSINT analysis and research tool by Jose Pino. :star:4439
- [gcat](https://github.com/byt3bl33d3r/gcat) - A PoC backdoor that uses Gmail as a C&C server. :star:1108
- [wfdroid-termux](https://github.com/bytezcrew/wfdroid-termux) - Android Terminal Web-Hacking Tools. :star:9
- [fbht](https://github.com/chinoogawa/fbht) - Facebook Hacking Tool. :star:313
- [netattack](https://github.com/chrizator/netattack) - A simple python script to scan and attack wireless networks.. :star:90
- [netattack2](https://github.com/chrizator/netattack2) - An advanced network scan and attack script based on GUI. 2nd version of no-GUI netattack. . :star:256
- [AUXILE](https://github.com/CiKu370/AUXILE) - Auxile Framework. :star:11
- [hash-generator](https://github.com/CiKu370/hash-generator) - beautiful hash generator. :star:0
- [hasher](https://github.com/CiKu370/hasher) - Hash cracker with auto detect hash. :star:20
- [ko-dork](https://github.com/CiKu370/ko-dork) - A simple vuln web scanner. :star:14
- [OSIF](https://github.com/CiKu370/OSIF) - Open Source Information Facebook. :star:290
- [WifiBruteCrack](https://github.com/cinquemb/WifiBruteCrack) - Program to attempt to brute force all wifi networks in range of a device, and return a possible set of networks to connect to and the password,. :star:18

- [lynis](https://github.com/CISOfy/lynis) - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.. :star:6461
- [rdpy](https://github.com/citronneur/rdpy) - Remote Desktop Protocol in Twisted Python. :star:1159
- [commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool.. :star:2157
- [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Cuckoo Sandbox is an automated dynamic malware analysis system. :star:4021
- [Easymap](https://github.com/Cvar1984/Easymap) - No description provided :star:2
- [Ecode](https://github.com/Cvar1984/Ecode) - Encode / Decode. :star:3
- [Hac](https://github.com/Cvar1984/Hac) - No description provided :star:5
- [sqlscan](https://github.com/Cvar1984/sqlscan) - Quick SQL Scanner, Dorker, Webshell injector PHP. :star:9
- [shimit](https://github.com/cyberark/shimit) - A tool that implements the Golden SAML attack. :star:138
- [secHub](https://github.com/cys3c/secHub) - Python Security/Hacking Kit. :star:15
- [hammer](https://github.com/cyweb/hammer) - Hammer DDos Script - Python 3. :star:472
- [Kadabra](https://github.com/D35m0nd142/Kadabra) - [DEPRECATED] Kadabra is my automatic LFI Exploiter and Scanner, written in C++ and a couple extern module in Python.. :star:22
- [LFISuite](https://github.com/D35m0nd142/LFISuite) - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner . :star:748
- [Clickjacking-Tester](https://github.com/D4Vinci/Clickjacking-Tester) - A python script designed to check if the website if vulnerable of clickjacking and create a poc. :star:27
- [Dr0p1t-Framework](https://github.com/D4Vinci/Dr0p1t-Framework) - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks. :star:1013
- [elpscrk](https://github.com/D4Vinci/elpscrk) - A Common User Passwords generator script that looks like the tool Eliot used it in Mr.Robot Series Episode 01 :D :v. :star:65
- [SecLists](https://github.com/danielmiessler/SecLists) - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.. :star:21857
- [dnsrecon](https://github.com/darkoperator/dnsrecon) - DNS Enumeration Script. :star:1137
- [HiddenEye](https://github.com/DarkSecDevelopers/HiddenEye) - Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ]. :star:946
- [Intersect-2.5](https://github.com/deadbits/Intersect-2.5) - Post-Exploitation Framework. :star:58
- [wifite](https://github.com/derv82/wifite) - No description provided :star:2041
- [wifite2](https://github.com/derv82/wifite2) - Rewrite of the popular wireless network auditor, "wifite". :star:1889
- [CeWL](https://github.com/digininja/CeWL) - CeWL is a Custom Word List Generator. :star:387
- [CMSmap](https://github.com/Dionach/CMSmap) - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. . :star:216
- [torshammer](https://github.com/dotfighter/torshammer) - Tor's hammer. Slow post DDOS tool written in python.. :star:152
- [RTLSDR-Scanner](https://github.com/EarToEarOak/RTLSDR-Scanner) - A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library. :star:467
- [The-Eye](https://github.com/EgeBalci/The-Eye) - Simple security surveillance script for linux distributions.. :star:32
- [Pybelt](https://github.com/Ekultek/Pybelt) - The hackers tool belt. :star:419
- [multimon-ng](https://github.com/EliasOenal/multimon-ng) - No description provided :star:538
- [Empire](https://github.com/EmpireProject/Empire) - Empire is a PowerShell and Python post-exploitation agent.. :star:5034

- [sipvicious](https://github.com/EnableSecurity/sipvicious) - SIPVicious suite is a set of security tools that can be used to audit SIP based VoIP systems.. :star:367
- [wafw00f](https://github.com/EnableSecurity/wafw00f) - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.. :star:1456
- [BAF](https://github.com/engMaher/BAF) - Blind Attacking Framework. :star:61
- [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell. :star:1773
- [xsser](https://github.com/epsylon/xsser) - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.. :star:413
- [spamchat](https://github.com/errorBrain/spamchat) - Spam Chat Facebook. :star:0
- [wifi-hacker](https://github.com/esc0rtd3w/wifi-hacker) - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2). :star:867
- [nodexp](https://github.com/esmog/nodexp) - NodeXP - A Server Side Javascript Injection tool capable of detecting and exploiting Node.js vulnerabilities. :star:60
- [weeman](https://github.com/evait-security/weeman) - HTTP server for phishing in python. :star:235
- [dedsploit](https://github.com/ex0dus-0x/dedsploit) - Network protocol auditing framework. :star:126
- [rang3r](https://github.com/floriankunushevci/rang3r) - rang3r | Multi Thread IP + Port Scanner. :star:11
- [fluxion](https://github.com/FluxionNetwork/fluxion) - Fluxion is a remake of linset by vk496 with less bugs and enhanced functionality.. :star:2074
- [hURL](https://github.com/fnord0/hURL) - hexadecimal & URL encoder + decoder. :star:44
- [EyeWitness](https://github.com/FortyNorthSecurity/EyeWitness) - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.. :star:2113
- [dnsenum](https://github.com/fwaeytens/dnsenum) - dnsenum is a perl script that enumerates DNS information. :star:298
- [msfpc](https://github.com/g0tmi1k/msfpc) - MSFvenom Payload Creator (MSFPC). :star:629
- [hasherdotid](https://github.com/galauerscrew/hasherdotid) - Hasherdotid. :star:0
- [crowbar](https://github.com/galkan/crowbar) - Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools. . :star:659
- [AstraNmap](https://github.com/Gameye98/AstraNmap) - No description provided :star:4
- [Auxscan](https://github.com/Gameye98/Auxscan) - No description provided :star:4
- [Black-Hydra](https://github.com/Gameye98/Black-Hydra) - No description provided :star:32
- [FaDe](https://github.com/Gameye98/FaDe) - Fake Deface. :star:4
- [GINF](https://github.com/Gameye98/GINF) - Github information gathering. :star:2
- [inther](https://github.com/Gameye98/inther) - No description provided :star:0
- [Lazymux](https://github.com/Gameye98/Lazymux) - termux tool installer. :star:443
- [OWScan](https://github.com/Gameye98/OWScan) - No description provided :star:11
- [santet-online](https://github.com/Gameye98/santet-online) - No description provided :star:17
- [SpazSMS](https://github.com/Gameye98/SpazSMS) - Send unsolicited messages repeatedly on the same phone number. :star:14
- [distorm](https://github.com/gdabah/distorm) - Powerful Disassembler Library For x86/AMD64. :star:623
- [wifitap](https://github.com/GDSSecurity/wifitap) - wifitap updated for BT5r3. :star:136
- [indonesian-wordlist](https://github.com/geovedi/indonesian-wordlist) - Indonesian wordlist. :star:96
- [dbd](https://github.com/gitdurandal/dbd) - Durandal's Backdoor. :star:85
- [Leaked](https://github.com/GitHackTools/Leaked) - Leaked? 2.1 - A Checking tool for Hash codes, Passwords and Emails leaked. :star:151
- [slowloris](https://github.com/gkbrk/slowloris) - Low bandwidth DoS tool. Slowloris rewrite in Python.. :star:763
- [golismero](https://github.com/golismero/golismero) - GoLismero - The Web Knife. :star:662

- [SCANNER-INURLBR](https://github.com/googleinurl/SCANNER-INURLBR) - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.. :star:744
- [GoogleSearch-CLI](https://github.com/GoogleX133/GoogleSearch-CLI) - Search anything on Google without captcha. :star:6
- [avet](https://github.com/govolution/avet) - AntiVirus Evasion Tool. :star:1025
- [hulk](https://github.com/grafov/hulk) - HULK DoS tool ported to Go with some additional features.. :star:279
- [openvas](https://github.com/greenbone/openvas) - Open Vulnerability Assessment Scanner. :star:503
- [Gemail-Hack](https://github.com/Ha3MrX/Gemail-Hack) - python script for Hack gmail account brute force. :star:55
- [Namechk](https://github.com/HA71/Namechk) - Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks.. :star:283
- [webdav](https://github.com/hacdias/webdav) - Simple Go WebDAV server.. :star:294
- [4nonimizer](https://github.com/Hackplayers/4nonimizer) - A bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers (OpenVPN). :star:349
- [sqliv](https://github.com/the-robot/sqliv) - massive SQL injection vulnerability scanner. :star:727
- [hashcat](https://github.com/hashcat/hashcat) - World's fastest and most advanced password recovery utility. :star:6985
- [maskprocessor](https://github.com/hashcat/maskprocessor) - High-Performance word generator with a per-position configureable charset. :star:188
- [zarp](https://github.com/hatRiot/zarp) - Network Attack Tool. :star:953
- [Metasploit_termux](https://github.com/Hax4us/Metasploit_termux) - No description provided :star:168
- [Nethunter-In-Termux](https://github.com/Hax4us/Nethunter-In-Termux) - This is a script by which you can install Kali nethunter (Kali Linux) in your termux application without rooted phone . :star:418
- [TermuxAlpine](https://github.com/Hax4us/TermuxAlpine) - Use TermuxAlpine.sh calling to install Alpine Linux in Termux on Android. This setup script will attempt to set Alpine Linux up in your Termux environment.. :star:100
- [MSF-Pg](https://github.com/haxzsadik/MSF-Pg) - No description provided :star:1
- [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - BinGoo! A Linux bash based Bing and Google Dorking Tool. :star:127
- [Planetwork-DDOS](https://github.com/Hydra7/Planetwork-DDOS) - No description provided :star:5
- [osrframework](https://github.com/i3visio/osrframework) - OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.. :star:354
- [angryFuzzer](https://github.com/ihebski/angryFuzzer) - Tools for information gathering. :star:168
- [PyBozoCrack](https://github.com/ikkebr/PyBozoCrack) - A silly & effective MD5 cracker in Python. :star:234
- [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform. :star:2415
- [plecost](https://github.com/iniqua/plecost) - Plecost - Wordpress finger printer Tool . :star:278
- [keimpx](https://github.com/nccgroup/keimpx) - Check for valid credentials across a network over SMB. :star:154
- [sslyze](https://github.com/iSECPartners/sslyze) - Current development of SSLyze now takes place on a separate repository. :star:639
- [wreckuests](https://github.com/JamesJGoodwin/wreckuests) - Wreckuests — yet another one hard-hitting tool to run DDoS atacks with HTTP-flood. :star:115
- [dmitry](https://github.com/jaygreig86/dmitry) - DMitry (Deepmagic Information Gathering Tool). :star:65
- [peepdf](https://github.com/jesparza/peepdf) - Powerful Python tool to analyze PDF documents. :star:514
- [cowpatty](https://github.com/joswr1ght/cowpatty) - coWPAtty: WPA2-PSK Cracking. :star:64
- [blackbox](https://github.com/jothatron/blackbox) - No description provided :star:9

- [Pyrit](https://github.com/JPaulMora/Pyrit) - The famous WPA precomputed cracker, Migrated from Google.. :star:398
- [GoldenEye](https://github.com/jseidl/GoldenEye) - GoldenEye Layer 7 (KeepAlive+NoCache) DoS Test Tool. :star:520
- [kickthemout](https://github.com/k4m4/kickthemout) - 💤 Kick devices off your network by performing an ARP Spoof attack.. :star:1559
- [onioff](https://github.com/k4m4/onioff) - 🌰 An onion url inspector for inspecting deep web links.. :star:378
- [DHCPig](https://github.com/kamorin/DHCPig) - DHCP exhaustion script written in python using scapy network library. :star:210
- [pybluez](https://github.com/karulis/pybluez) - Bluetooth Python extension module. :star:130
- [Remot3d](https://github.com/KeepWannabe/Remot3d) - Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors. :star:204
- [RegRipper2.8](https://github.com/keydet89/RegRipper2.8) - RegRipper version 2.8. :star:343
- [evilginx](https://github.com/kgretzky/evilginx) - PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2. :star:845
- [evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication. :star:2792
- [txtool](https://github.com/kuburan/txtool) - an easy pentesting tool.. :star:158
- [pydictor](https://github.com/LandGrey/pydictor) - A powerful and useful hacker dictionary builder for a brute-force attack. :star:1080
- [recon-ng](https://github.com/lanmaster53/recon-ng) - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.. :star:402
- [theHarvester](https://github.com/laramies/theHarvester) - E-mails, subdomains and names Harvester - OSINT . :star:3236
- [httptunnel](https://github.com/larsbrinkhoff/httptunnel) - Bidirectional data stream tunnelled in HTTP requests.. :star:233
- [InSpy](https://github.com/leapsecurity/InSpy) - A python based LinkedIn enumeration tool. :star:332
- [Responder](https://github.com/lgandx/Responder) - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. . :star:1714
- [credmap](https://github.com/lightos/credmap) - The Credential Mapper. :star:368
- [qark](https://github.com/linkedin/qark) - Tool to look for several security related Android application vulnerabilities. :star:2104
- [wifresti](https://github.com/LionSec/wifresti) - Find your wireless network password in Windows , Linux and Mac OS. :star:241
- [xerosploit](https://github.com/LionSec/xerosploit) - Efficient and advanced man in the middle framework. :star:1094
- [Evil-create-framework](https://github.com/LOoLzeC/Evil-create-framework) - No description provided :star:11
- [SH33LL](https://github.com/LOoLzeC/SH33LL) - SHELL SCANNER. :star:6
- [Infoga](https://github.com/m4ll0k/Infoga) - Infoga - Email OSINT. :star:551
- [SMBrute](https://github.com/m4ll0k/SMBrute) - SMB Protocol Bruteforce. :star:205
- [WAScan](https://github.com/m4ll0k/WAScan) - WAScan - Web Application Scanner. :star:1556
- [WPSeku](https://github.com/m4ll0k/WPSeku) - WPSeku - Wordpress Security Scanner . :star:666
- [xsmash](https://github.com/m4rktn/xsmash) - Facebook Hack Box . :star:16
- [zeroeye](https://github.com/m4rktn/zeroeye) - Key Generator v1.66. :star:10
- [subscraper](https://github.com/m8r0wn/subscraper) - External pentest and bug bounty tool to perform subdomain enumeration through various techniques. SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.. :star:135

- [JohnTheRipper](https://github.com/magnumripper/JohnTheRipper) - This is the official repo for John the Ripper, "Jumbo" version. The "bleeding-jumbo" branch is based on 1.9.0-Jumbo-1 which was released on May 14, 2019. An import of the "core" version of john this jumbo was based on (or newer) is found in the "master" branch (CVS: https://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/src/).. :star:3179
- [dnsmap](https://github.com/makefu/dnsmap) - fork of http://code.google.com/p/dnsmap/source/checkout. :star:74
- [IPGeoLocation](https://github.com/maldevel/IPGeoLocation) - Retrieve IP Geolocation information. :star:278
- [Crips](https://github.com/Manisso/Crips) - IP Tools To quickly get information about IP Address's, Web Pages and DNS records.. :star:164
- [fsociety](https://github.com/Manisso/fsociety) - fsociety Hacking Tools Pack – A Penetration Testing Framework. :star:4686
- [Xshell](https://github.com/Manisso/Xshell) - ~ Shell Finder By Ⓜ Ⓐ Ⓝ Ⓘ Ⓢ Ⓢ Ⓞ ☪ ~. :star:17
- [cupp](https://github.com/Mebus/cupp) - Common User Passwords Profiler (CUPP). :star:1151
- [CyberScan](https://github.com/medbenali/CyberScan) - CyberScan: Network's Forensics ToolKit. :star:201
- [HTools](https://github.com/mehedishakeel/HTools) - 50+ Hacking Tools Collection. :star:44
- [Hatch](https://github.com/metachar/Hatch) - Hatch is a brute force tool that is used to brute force most websites. :star:172
- [Mercury](https://github.com/metachar/Mercury) - Mercury is a hacking tool used to collect information and use the information to further hurt the target. :star:181
- [crackle](https://github.com/mikeryan/crackle) - Crack and decrypt BLE encryption. :star:488
- [nk26](https://github.com/milio48/nk26) - NKosec Encode, 2 side encode. change alphabet to numeric or back numeric to alphabet.. :star:1
- [WP-plugin-scanner](https://github.com/mintobit/WP-plugin-scanner) - A tool to list plugins installed on a wordpress powered website.. :star:6
- [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.. :star:17055
- [xspy](https://github.com/mnp/xspy) - Record X11 keypress events to a log file. :star:9
- [Th3inspector](https://github.com/Moham3dRiahi/Th3inspector) - Th3Inspector 🕵️ Best Tool For Information Gathering 🔎. :star:744
- [XAttacker](https://github.com/Moham3dRiahi/XAttacker) - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter. :star:654
- [apt2](https://github.com/MooseDojo/apt2) - automated penetration toolkit. :star:975
- [sslstrip](https://github.com/moxie0/sslstrip) - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.. :star:1424
- [creddump](https://github.com/moyix/creddump) - Automatically exported from code.google.com/p/creddump. :star:154
- [DKMC](https://github.com/Mr-Un1k0d3r/DKMC) - DKMC - Dont kill my cat - Malicious payload evasion tool. :star:731
- [FBUPv2.0](https://github.com/Hendriyawan/FBUPv2.0) - No description provided :star:2
- [BadMod](https://github.com/MrSqar-Ye/BadMod) - CMS auto detect and exploit.. :star:262
- [fierce](https://github.com/mschwager/fierce) - A DNS reconnaissance tool for locating non-contiguous IP space.. :star:906
- [braa](https://github.com/mteg/braa) - Ultra-fast SNMPv1/v2 stack. Get/set/walk tens of thousands of hosts at once.. :star:20
- [Stitch](https://github.com/nathanlopez/Stitch) - Python Remote Administration Tool (RAT). :star:1422
- [demiguise](https://github.com/nccgroup/demiguise) - HTA encryption tool for RedTeams. :star:846
- [Winpayloads](https://github.com/nccgroup/Winpayloads) - Undetectable Windows Payload Generation. :star:1070
- [termux-ubuntu](https://github.com/Neo-Oli/termux-ubuntu) - Ubuntu chroot on termux. :star:347
- [bbqsql](https://github.com/Neohapsis/bbqsql) - SQL Injection Exploitation Tool. :star:435
- [EggShell](https://github.com/neoneggplant/EggShell) - iOS/macOS/Linux Remote Administration Tool. :star:1101

- [mfcuk](https://github.com/nfc-tools/mfcuk) - MiFare Classic Universal toolKit (MFCUK). :star:487
- [mfoc](https://github.com/nfc-tools/mfoc) - Mifare Classic Offline Cracker. :star:626
- [termux-fedora](https://github.com/nmilosev/termux-fedora) - A script to install a Fedora chroot into Termux. :star:124
- [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated Mass Exploiter. :star:3965
- [AutoPixieWps](https://github.com/nxxxu/AutoPixieWps) - Automated pixieWps python script. :star:97
- [exploitdb](https://github.com/offensive-security/exploitdb) - The official Exploit Database repository. :star:4837
- [gobuster](https://github.com/OJ/gobuster) - Directory/File, DNS and VHost busting tool written in Go. :star:2505
- [Simple-Fuzzer](https://github.com/orgcandman/Simple-Fuzzer) - Simple Fuzzer is a simple config-file driven block/mutation based fuzzing system. :star:52
- [OWASP-WebScarab](https://github.com/OWASP/OWASP-WebScarab) - OWASP WebScarab. :star:464
- [QRLJacking](https://github.com/OWASP/QRLJacking) - QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.. :star:548
- [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for Rogue Wi-Fi Access Point Attack. :star:2740
- [Spammer-Grab](https://github.com/p4kl0nc4t/Spammer-Grab) - A brand new, awakened version of the old Spammer-Grab.. :star:24
- [zirikatu](https://github.com/pasahitz/zirikatu) - Fud Payload generator script. :star:134
- [eternal_scanner](https://github.com/peterpt/eternal_scanner) - An internet scanner for exploit CVE-2017-0144 (Eternal Blue) & CVE-2017-0145 (Eternal Romance). :star:245
- [get](https://github.com/peterpt/get) - Get is a simple script to retrieve an ip from hostname or vice-versa .. :star:0
- [enum4linux](https://github.com/portcullislabs/enum4linux) - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.. :star:175
- [KatanaFramework](https://github.com/PowerScript/KatanaFramework) - The New Hacking Framework. :star:416
- [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerSploit - A PowerShell Post-Exploitation Framework. :star:6187
- [proxystrike](https://github.com/qunxyz/proxystrike) - Automatically exported from code.google.com/p/proxystrike. :star:0
- [FakeImageExploiter](https://github.com/r00t-3xp10it/FakeImageExploiter) - Use a Fake image.jpg to exploit targets (hide known file extensions). :star:444
- [Meterpreter_Paranoid_Mode-SSL](https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL) - Meterpreter Paranoid Mode - SSL/TLS connections. :star:227
- [morpheus](https://github.com/r00t-3xp10it/morpheus) - Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool). :star:577
- [trojanizer](https://github.com/r00t-3xp10it/trojanizer) - Trojanize your payload - WinRAR (SFX) automatization - under Linux distros. :star:218
- [ExploitOnCLI](https://github.com/r00tmars/ExploitOnCLI) - Trying to be the best tool to search for exploits in the terminal.. :star:9
- [XPL-SEARCH](https://github.com/r00tmars/XPL-SEARCH) - Search exploits in multiple exploit databases!. :star:1
- [MyServer](https://github.com/Rajkumrdusad/MyServer) - MyServer is your own localhost web server. you can setup PHP, Apache, Nginx and MySQL servers on your android devices or linux like Ubuntu etc. MyServer is Developed for android terminal like Termux or GNURoot Debian terminal.. :star:50
- [Tool-X](https://github.com/Rajkumrdusad/Tool-X) - Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other android terminals. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based distributions.. :star:750
- [ezsploit](https://github.com/rand0m1ze/ezsploit) - Linux bash script automation for metasploit. :star:205
- [binwalk](https://github.com/ReFirmLabs/binwalk) - Firmware Analysis Tool. :star:5185