Photos from National Cyber Security Services's post
DevAudit:-- Open-source, cross-platform, multi-purpose #security #auditing #tool targeted at #developers and #teams adopting #DevOps and #DevSecOps that detects security #vulnerabilities at multiple levels of the solution stack.
Features:-
1. Cross-platform with a #Docker image also available.
2. #CLI interface.
3. Continuously updated vulnerabilities data.
4. Audit #operating #system and #development package dependencies.
5. Audit application #server configurations.
6. Audit application #configurations.
7. Audit application #code by #static analysis.
8. #Remote agentless auditing.
9. Agentless Docker container auditing.
10. #GitHub repository auditing.
11. #PowerShell support.
#Download #Link:-
https://github.com/OSSIndex/DevAudit
DevAudit:-- Open-source, cross-platform, multi-purpose #security #auditing #tool targeted at #developers and #teams adopting #DevOps and #DevSecOps that detects security #vulnerabilities at multiple levels of the solution stack.
Features:-
1. Cross-platform with a #Docker image also available.
2. #CLI interface.
3. Continuously updated vulnerabilities data.
4. Audit #operating #system and #development package dependencies.
5. Audit application #server configurations.
6. Audit application #configurations.
7. Audit application #code by #static analysis.
8. #Remote agentless auditing.
9. Agentless Docker container auditing.
10. #GitHub repository auditing.
11. #PowerShell support.
#Download #Link:-
https://github.com/OSSIndex/DevAudit
AttackSurfaceMapper:-- #AttackSurfaceMapper is a #tool that aims to #automate the #reconnaissance #process.
Attack Surface Mapper is a reconnaissance tool that uses a mixture of #opensource #intelligence and #active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, #subdomains, and IP addresses and it uses numerous techniques to find more targets. It #enumerates subdomains with #bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of #websites, generating visual #maps, looking up credentials in public breaches, passive port scanning with #Shodan and scraping #employees from #LinkedIn.
Add optional API keys to enable more data gathering
Register and obtain an API key from:-
1. #VirusTotal
2. #ShodanIO
3. #HunterIO
4. #WeLeakInfo
5. LinkedIn
6. #GrayHatWarfare
#Download #Link:-
https://github.com/superhedgy/AttackSurfaceMapper
AttackSurfaceMapper:-- #AttackSurfaceMapper is a #tool that aims to #automate the #reconnaissance #process.
Attack Surface Mapper is a reconnaissance tool that uses a mixture of #opensource #intelligence and #active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, #subdomains, and IP addresses and it uses numerous techniques to find more targets. It #enumerates subdomains with #bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of #websites, generating visual #maps, looking up credentials in public breaches, passive port scanning with #Shodan and scraping #employees from #LinkedIn.
Add optional API keys to enable more data gathering
Register and obtain an API key from:-
1. #VirusTotal
2. #ShodanIO
3. #HunterIO
4. #WeLeakInfo
5. LinkedIn
6. #GrayHatWarfare
#Download #Link:-
https://github.com/superhedgy/AttackSurfaceMapper
Attack Surface Mapper is a reconnaissance tool that uses a mixture of #opensource #intelligence and #active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, #subdomains, and IP addresses and it uses numerous techniques to find more targets. It #enumerates subdomains with #bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of #websites, generating visual #maps, looking up credentials in public breaches, passive port scanning with #Shodan and scraping #employees from #LinkedIn.
Add optional API keys to enable more data gathering
Register and obtain an API key from:-
1. #VirusTotal
2. #ShodanIO
3. #HunterIO
4. #WeLeakInfo
5. LinkedIn
6. #GrayHatWarfare
#Download #Link:-
https://github.com/superhedgy/AttackSurfaceMapper
AttackSurfaceMapper:-- #AttackSurfaceMapper is a #tool that aims to #automate the #reconnaissance #process.
Attack Surface Mapper is a reconnaissance tool that uses a mixture of #opensource #intelligence and #active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, #subdomains, and IP addresses and it uses numerous techniques to find more targets. It #enumerates subdomains with #bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of #websites, generating visual #maps, looking up credentials in public breaches, passive port scanning with #Shodan and scraping #employees from #LinkedIn.
Add optional API keys to enable more data gathering
Register and obtain an API key from:-
1. #VirusTotal
2. #ShodanIO
3. #HunterIO
4. #WeLeakInfo
5. LinkedIn
6. #GrayHatWarfare
#Download #Link:-
https://github.com/superhedgy/AttackSurfaceMapper
Photos from National Cyber Security Services's post
Malcolm:-- #Malcolm is a #powerful, easily #deployable #network #traffic #analysis #tool suite for full #packet #capture artifacts (#PCAP files) and #Zeek logs.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:-
1. Easy to use:– Malcolm accepts network traffic #data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is #automatically normalized, #enriched, and correlated for analysis.
2. Powerful traffic analysis:– Visibility into network communications is provided through two intuitive interfaces: #Kibana, a flexible data #visualization plugin with dozens of prebuilt #dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network #sessions #comprising suspected security incidents.
3. Streamlined deployment:– Malcolm operates as a cluster of #Docker containers, isolated #sandboxes which each serves a dedicated function of the #system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a #Linux #server in a #security operations center (SOC) or for incident response on a #Macbook for an individual engagement.
4. Secure #communications:– All #communications with Malcolm, both from the user interface and from #remote log forwarders, are secured with industry-standard #encryption #protocols.
5. Permissive license:– Malcolm is comprised of several widely used open-source tools, making it an attractive alternative to security solutions requiring paid #licenses.
6. Expanding control systems visibility:– While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the #community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common #ICS protocols.
#Download #Link:-
https://github.com/idaholab/Malcolm
Malcolm:-- #Malcolm is a #powerful, easily #deployable #network #traffic #analysis #tool suite for full #packet #capture artifacts (#PCAP files) and #Zeek logs.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:-
1. Easy to use:– Malcolm accepts network traffic #data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is #automatically normalized, #enriched, and correlated for analysis.
2. Powerful traffic analysis:– Visibility into network communications is provided through two intuitive interfaces: #Kibana, a flexible data #visualization plugin with dozens of prebuilt #dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network #sessions #comprising suspected security incidents.
3. Streamlined deployment:– Malcolm operates as a cluster of #Docker containers, isolated #sandboxes which each serves a dedicated function of the #system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a #Linux #server in a #security operations center (SOC) or for incident response on a #Macbook for an individual engagement.
4. Secure #communications:– All #communications with Malcolm, both from the user interface and from #remote log forwarders, are secured with industry-standard #encryption #protocols.
5. Permissive license:– Malcolm is comprised of several widely used open-source tools, making it an attractive alternative to security solutions requiring paid #licenses.
6. Expanding control systems visibility:– While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the #community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common #ICS protocols.
#Download #Link:-
https://github.com/idaholab/Malcolm
Photos from National Cyber Security Services's post
Faceswap:-- A #tool that #utilizes #deep #learning to #recognize and #swap #faces in #pictures and #videos.
#FaceSwap has #ethical uses.
1. FaceSwap is not for #creating #inappropriate #content.
2. FaceSwap is not for changing faces without consent or
with the intent of hiding its use.
3. FaceSwap is not for any illicit, #unethical, or
questionable purposes.
4. FaceSwap exists to #experiment and #discovers #AI
#techniques, for #social or #political commentary, for
#movies, and for any number of ethical and reasonable
uses.
#Download #Link:-
https://github.com/deepfakes/faceswap
Faceswap:-- A #tool that #utilizes #deep #learning to #recognize and #swap #faces in #pictures and #videos.
#FaceSwap has #ethical uses.
1. FaceSwap is not for #creating #inappropriate #content.
2. FaceSwap is not for changing faces without consent or
with the intent of hiding its use.
3. FaceSwap is not for any illicit, #unethical, or
questionable purposes.
4. FaceSwap exists to #experiment and #discovers #AI
#techniques, for #social or #political commentary, for
#movies, and for any number of ethical and reasonable
uses.
#Download #Link:-
https://github.com/deepfakes/faceswap
Qu1cksc0pe:-- Quick #suspicious #file #analysis #tool.
1. Usage before install: python3 qu1cksc0pe.py --file suspicious_file --category anything
2. Usage after install: qu1cksc0pe --file suspicious_file --category anything
#Download #Link:-
https://github.com/CYB3RMX/Qu1cksc0pe
Qu1cksc0pe:-- Quick #suspicious #file #analysis #tool.
1. Usage before install: python3 qu1cksc0pe.py --file suspicious_file --category anything
2. Usage after install: qu1cksc0pe --file suspicious_file --category anything
#Download #Link:-
https://github.com/CYB3RMX/Qu1cksc0pe
1. Usage before install: python3 qu1cksc0pe.py --file suspicious_file --category anything
2. Usage after install: qu1cksc0pe --file suspicious_file --category anything
#Download #Link:-
https://github.com/CYB3RMX/Qu1cksc0pe
Qu1cksc0pe:-- Quick #suspicious #file #analysis #tool.
1. Usage before install: python3 qu1cksc0pe.py --file suspicious_file --category anything
2. Usage after install: qu1cksc0pe --file suspicious_file --category anything
#Download #Link:-
https://github.com/CYB3RMX/Qu1cksc0pe
Photos from National Cyber Security Services's post
Onex v0.1:-- Onex is a #hacking #tool installer and package manager for #hackers. Onex is a library of all hacking tools for Termux and other #Linux distributions. onex can install any third-party tool or any hacking tool for you.
"onex a hacking tools library." Onex is a #kali Linux hacking tools installer for #termux and other Linux distribution. It's a package manager for hackers. onex manages large numbers of hacking tools that can be installed on a single click. Using onex, you can install all hacking tools in Termux and other Linux based distributions. onex can install more than 370+ kali Linux hacking tools. use onex install [tool_name] command to install any hacking tool.
onex works on any of the following operating systems:-
1. #Android (Using the Termux App)
2. Linux (Linux Based Systems)
#Download #Link:-
https://github.com/rajkumardusad/onex
Onex v0.1:-- Onex is a #hacking #tool installer and package manager for #hackers. Onex is a library of all hacking tools for Termux and other #Linux distributions. onex can install any third-party tool or any hacking tool for you.
"onex a hacking tools library." Onex is a #kali Linux hacking tools installer for #termux and other Linux distribution. It's a package manager for hackers. onex manages large numbers of hacking tools that can be installed on a single click. Using onex, you can install all hacking tools in Termux and other Linux based distributions. onex can install more than 370+ kali Linux hacking tools. use onex install [tool_name] command to install any hacking tool.
onex works on any of the following operating systems:-
1. #Android (Using the Termux App)
2. Linux (Linux Based Systems)
#Download #Link:-
https://github.com/rajkumardusad/onex
#Django-DefectDojo:--
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
#Django-DefectDojo:--
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
#Django-DefectDojo:--
#DefectDojo is an #open-source #application #vulnerability correlation and #security #orchestration #tool.
DefectDojo is a security program and vulnerability #management tool. DefectDojo allows you to manage your application #security #program, maintain product and application #information, schedule #scans, triage #vulnerabilities and push findings into #defect trackers. Consolidate your findings into one source of truth with #DefectDojo.
#Download #Link:-
https://github.com/DefectDojo/django-DefectDojo
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
OWASP D4N155:-- #Intelligent and #dynamic #wordlist using #OSINT.
It's an #information #security #audit #tool that creates intelligent wordlists based on the content of the target page.
#Download #Link:-
https://github.com/OWASP/D4N155
OWASP D4N155:-- #Intelligent and #dynamic #wordlist using #OSINT.
It's an #information #security #audit #tool that creates intelligent wordlists based on the content of the target page.
#Download #Link:-
https://github.com/OWASP/D4N155
It's an #information #security #audit #tool that creates intelligent wordlists based on the content of the target page.
#Download #Link:-
https://github.com/OWASP/D4N155
OWASP D4N155:-- #Intelligent and #dynamic #wordlist using #OSINT.
It's an #information #security #audit #tool that creates intelligent wordlists based on the content of the target page.
#Download #Link:-
https://github.com/OWASP/D4N155
Photos from National Cyber Security Services's post
Android Application Analyzer:-- The #tool is used to #analyze the content of the #android #application in local storage.
Install the dependency using following #command:-
1. chmod +x setup.sh
2. ./setup.sh
Use the following command to run the tool:
1. python3 main.py
In order to run "Fridump" and "Frida #universal #ssl unpinning" script, #Frida client must be installed on base machine
#Download #Link:-
https://github.com/NotSoSecure/android_application_analyzer
Android Application Analyzer:-- The #tool is used to #analyze the content of the #android #application in local storage.
Install the dependency using following #command:-
1. chmod +x setup.sh
2. ./setup.sh
Use the following command to run the tool:
1. python3 main.py
In order to run "Fridump" and "Frida #universal #ssl unpinning" script, #Frida client must be installed on base machine
#Download #Link:-
https://github.com/NotSoSecure/android_application_analyzer
AWSBucketDump:-- #Security #Tool to Look For Interesting Files in #S3 #Buckets.
#AWSBucketDump is a tool to quickly enumerate #AWS S3 buckets to look for loot. It's similar to a #subdomain #bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your #hard#drive.
Pre-Requisites:-
Non-Standard Python Libraries:-
1. xmltodict
2. requests
3. argparse
#Download #Link:-
https://github.com/jordanpotti/AWSBucketDump
AWSBucketDump:-- #Security #Tool to Look For Interesting Files in #S3 #Buckets.
#AWSBucketDump is a tool to quickly enumerate #AWS S3 buckets to look for loot. It's similar to a #subdomain #bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your #hard#drive.
Pre-Requisites:-
Non-Standard Python Libraries:-
1. xmltodict
2. requests
3. argparse
#Download #Link:-
https://github.com/jordanpotti/AWSBucketDump
#AWSBucketDump is a tool to quickly enumerate #AWS S3 buckets to look for loot. It's similar to a #subdomain #bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your #hard#drive.
Pre-Requisites:-
Non-Standard Python Libraries:-
1. xmltodict
2. requests
3. argparse
#Download #Link:-
https://github.com/jordanpotti/AWSBucketDump
AWSBucketDump:-- #Security #Tool to Look For Interesting Files in #S3 #Buckets.
#AWSBucketDump is a tool to quickly enumerate #AWS S3 buckets to look for loot. It's similar to a #subdomain #bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your #hard#drive.
Pre-Requisites:-
Non-Standard Python Libraries:-
1. xmltodict
2. requests
3. argparse
#Download #Link:-
https://github.com/jordanpotti/AWSBucketDump