This page contains a list of mostly malware analysis / reverse engineering related tools, training, podcasts, blog posts, literature and just about anything else closely related to the topic. This page serves as a catalog of sorts, containing "gems", some of which you may have stumbled across, and many others that you may not have.

https://github.com/0x4143/malware-gems?s=09

¶¶ Netflix phishing /get some free webhost
https://github.com/swagkarna/Netflix-Scam-Page
¶¶ Facebook phishing
https://github.com/swagkarna/18-plus-Facebook-Phishing
¶¶ Rat
https://github.com/swagkarna/Rafel-Rat
¶¶ malware analysis
https://github.com/rshipp/awesome-malware-analysis?s=09

¶¶ Our security focused static analysis tool for Android and Java applications.

https://github.com/facebook/mariana-trench?s=09

¶¶ Android app reverse engineering 101
https://www.ragingrock.com/AndroidAppRE/app_fundamentals.html

¶¶ Reverse Engineering For Everyone!

https://0xinfection.github.io/reversing/reversing-for-everyone.mobi

¶¶ A Multi Threads Web Application Source Leak Scanner

https://www.kitploit.com/2021/12/sourceleakhacker-multi-threads-web.html?m=1&s=09

¶¶ Emp3R0R - Linux Post-Exploitation Framework Made By Linux User

https://github.com/jm33-m0/emp3r0r/wiki

¶¶ This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

https://github.com/Viralmaniar/MurMurHash

¶¶ CiLocks - Android LockScreen Bypass
https://github.com/tegal1337/CiLocks

¶¶ Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

https://github.com/defparam/smuggler

¶¶ 403bypasser automates the techniques used to circumvent access control restrictions on target pages. 
https://github.com/yunemse48/403bypasser

¶¶ Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration

Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
https://github.com/FunnyWolf/Viper

¶¶ Bypass 4xx HTTP response status codes. Based on PycURL.
https://github.com/ivan-sincek/forbidden

¶¶ A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter

¶¶ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. https://github.com/stark0de/nginxpwner

¶¶ An automated e-mail OSINT tool
https://github.com/alpkeskin/mosint

¶¶ This is Advance Phishing Tool ! OTP PHISHING
https://github.com/Ignitetch/AdvPhishing

¶¶ Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
https://github.com/urbanadventurer/Android-PIN-Bruteforce

¶¶ All-in-One malware analysis tool
https://github.com/CYB3RMX/Qu1cksc0pe

¶¶ A Cross Platform multifunctional (Windows/Linux/Mac) RAT https://github.com/hash3liZer/SillyRAT

¶¶ Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips tricks and 2454 User-Agents.
https://github.com/lobuhi/byp4xx

¶¶ PeTeReport is an open-source application vulnerability reporting tool
https://github.com/1modm/petereport

¶¶ Machine Learning Network Share Password Hunting Toolkit
https://github.com/HunnicCyber/SharpML

¶¶ https://www.hackingarticles.in/a-detailed-guide-on-log4j-penetration-testing/?s=09

¶¶ The all-in-one Red Team extension for Web Pentester 🛠
https://github.com/LasCC/Hack-Tools

¶¶ A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware
https://processhacker.sourceforge.io/

¶¶ 12 Cybersecurity tools I learned in 2021
https://hal3.medium.com/since-the-year-is-ending-a-productive-year-despite-of-the-pandemic-here-are-the-12-tools-i-731b5ac19295

¶¶ A Linux Toolkit for Malware Analysis
https://remnux.org/

¶¶ Open Source intelligence
(Osint Tools )
https://www.hackers-arise.com/osint

https://www.ragingrock.com/AndroidAppRE/app_fundamentals.html?s=09

Learn to reverse engineer Android applications!

Maltego 4, Part 2:
Reconnaissance on a
Person (Boris Epshteyn)
#osint #maltego

free vpn on kali linux

open terminal
sudo apt install openvpn
download zip file (download one of the file shared below)
go to Downloads folder cd Download
ls
unzip file
unzip VPNBook.com-OpenVPN-FR1.zip
ls
--------------------------
VPNBook.com-OpenVPN-FR1.zip
vpnbook-fr1-tcp80.ovpn
vpnbook-fr1-udp25000.ovpn
vpnbook-fr1-udp53.ovpn
--------------------------

Enter Auth Username: (go back to site and get username & poassword)

Enter Auth Username:
username : vpnbook
Password: ct36a3k

open browser go to ipleak.net check for ip /dnsleak/

¶¶ sAINT

a Spyware Generator for Windows systems written in Java. [Discontinued]
The JRE is required and the executable will not work without it. Because the Windows need JRE for translating the program from java byte code to machine language.

📍apt install maven default-jdk default-jre openjdk-8-jdk openjdk-8-jre -y
📍apt install zlib1g-dev libncurses5-dev lib32z1 lib32ncurses6 -y
¶¶ On Windows, install the latest Java JRE 8 from Oracle = https://www.java.com/en/download/z

📍git clone https://github.com/tiagorlampert/sAINT.git
📍cd sAINT
📍chmod +x configure.sh
📍./configure.sh

# Run
📍java -jar sAINT.jar

¶¶ Youtube Link =

https://github.com/tiagorlampert/sAINT

¶¶ RDDoS_Tool
RedDDoS Tool is a tool for DDoS attacks. You can test networks/servers/any other devices with it
#ddos #network #ip #flood

📍pip install tqdm
📍pip install pyfiglet
📍apt-get update -y
📍apt-get install git
📍git clone https://github.com/Red-company/RDDoS_Tool.git
📍cd RDDoS_Tool
📍bash setup.sh
📍python3 RDDoS_Tool.py

Nethunter permission error fix
Download the file (nethunter.sh)

Open terminal AndroidSu
type
su
sd sdcard or /sdcard
sh nethunter.sh when you see done (restart device your nethunter will work got this error on latest version and fixed on samsung note 10 plus and samsung note 9 = V-12
https://youtu.be/IApHZBgVfZ8

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds. The goal behind this tool was to get results quickly while maintaining low amounts of false positives.

📍git clone https://github.com/thewhiteh4t/nexfil.git
📍cd nexfil
📍pip3 install -r requirements.txt

¶¶ Usage :

usage: nexfil.py [-h] [-u U] [-f F] [-l L] [-t T] [-v] [-U]

nexfil - Find social media profiles on the web | v1.0.1

options:
-h, --help show this help message and exit
-u U Specify username
-f F Specify a file containing username list
-l L Specify multiple comma separated usernames
-t T Specify timeout [Default : 5]
-v Prints version
-U Check for Updates

¶¶ Single username

python3 nexfil.py -u username
Multiple comma separated usernames

python3 nexfil.py -l "user1,user2"
Username list in a file

python3 nexfil.py -f users.txt

¶¶ Stryker - mobile pentest
--Root-Your-Device-1st--

#android #kekstore #pwnterm #kekhunter #materialhunter #stryker
#pixiedust
#bruteforcepin
#connectwithpin
#passwordbruteforce
#wordlist
#capturehandshake
#clientdeauthing

Test your networks for the most effective and dangerous vulnerabilities!

¶¶Download Stryker APK -Link Below
https://stryker.zalex.dev/
https://zalex.dev/stryker/#download

¶¶ Stryker - mobile pentest
--Root-Your-Device-1st--

#android #kekstore #pwnterm #kekhunter #materialhunter #stryker
#pixiedust
#bruteforcepin
#connectwithpin
#passwordbruteforce
#capturehandshake
#clientdeauthing

Test your networks for the most effective and dangerous vulnerabilities!

¶¶Download Stryker APK -Link Below
https://stryker.zalex.dev/
https://zalex.dev/stryker/#download

¶¶Github = https://github.com/stryker-project/app/releases


¶¶ The Stryker Project — user-friendly app for mobile pentest.
Status: Coding
Git: https://github.com/stryker-project

¶¶ If you need help join telegram channel
@strykereng <- Channel with news and updates [ENG]
@strykerapp <- Channel with news and updates [RU]
@strykerchat <- Chat with developer

¶¶ Mini dongle /works with samsungNote9 /no need to install drivers

¶¶ Aliexpress
MVR 44.09 31%OFF | 300Mbps 5dBi USB WiFi Adapter Mini Dongle External Wireless LAN Network Card 2.4GHz 802.11n/g/b for PC Computer for Win 7 8 10
https://a.aliexpress.com/_m0ThS86

¶¶ extra long antenna
2.4G 10dBi High Gain Antenna
length: 400mm
https://a.aliexpress.com/_mObNMlc

¶¶ Amazone
Alfa AWUS036NHA - Wireless B/G/N USB Adaptor - 802.11n - 150Mbps - 2.4 GHz - 5dBi Antenna - Long Range - Atheros Chipset - Windows XP/Vista 64-Bit /128-Bit Windows 7 Compatible https://www.amazon.com/dp/B004Y6MIXS/ref=cm_sw_r_awdo_PBARX7TVSMGAHW6M38Z7

¶¶ megacut

A new powerful Python3 tool for managing internet on a local network

📍git clone https://github.com/stryker-project/megacut
📍cd megacut
📍pip install -r requirements.txt
📍python3 megacut.py

¶¶ Options & Syntax
python3 megacut.py target gateway -m\-k\-b\-r

-k Kill inet on target ip

-m Permanently disable inet on target (only if -k not works)

-b Disable inet for 20 seconds

-r Restore inet on target ip

¶¶ Examples:
python3 megacut.py 192.168.1.101 192.168.1.1 -k

¶¶Install ngrok on termux
Open chrome

¶¶Go to
https://dashboard.ngrok.com/signup
Signup with a new gmail
aftee that go to termux and copy past this

📍wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-arm64.tgz
¶¶ when download is completed

( to extract it type )
📍tar vxzf ngrok-v3-stable-linux-arm64.tgz

¶¶Now go back to chrome ngrok page and lets add our ngrok token copy it full

Example = ngrok config add-authtoken 55NulkHPoB9SsymNPp6U1ewIX2m_3bZakfrsceXpQR1gkay4L
( add ./ after that full link )
¶¶Go back to termux and past i with ./
📍./ngrok config add-authtoken 55NulkHPoB9SsymNPp6U1ewIX2m_3bZakfrsceXpQR1gkay4L

(Open Hotspot in your phone ) before using

¶¶ Seema
#wordlist
a random password generator tool which generates a random password of your choice. If you wants easy password, then it will generate a random easy password and give you and ask from you whether you wants to save or not. If you doesn't want to save your password and it will stop processing but if you wants to save your password then, it will ask from you a name for your password.

📍apt-get update && apt-get upgrade -y
📍apt-get install python git -y
📍git clone https://github.com/adarshaddee/Seema.git
📍cd Seema
📍chmod +x setup.sh
📍./setup.sh

OR YOU CAN USE

📍pip install -r requirements.txt
📍python Seema.py

------------------------------------------------


Random-Password-Generator

Program written by Python Language

Requirements

apt update && apt upgrade pkg install python pip install requests

Run

cd Random-Password-Generator python gen_rand_passwd.py