July 27, 2022 at 11:36 PM
NetworkMiner (http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT)
Paros (http://sourceforge.net/projects/paros/) - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
pig (https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
findsubdomains (https://findsubdomains.com/) - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
cirt-fuzzer (http://www.cirt.dk/) - A simple TCP/UDP protocol fuzzer.
ASlookup (https://aslookup.com/) - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
ZAP (https://www.owasp.org/index.php/OWASP_Z ... xy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
mitmsocks4j (https://github.com/Akdeniz/mitmsocks4j) - Man-in-the-middle SOCKS Proxy for Java
ssh-mitm (https://github.com/jtesta/ssh-mitm) - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
nmap (https://nmap.org/) - Nmap (Network Mapper) is a security scanner
Aircrack-ng (http://www.aircrack-ng.org/) - An 802.11 WEP and WPA-PSK keys cracking program
Nipe (https://github.com/GouveaHeitor/nipe) - A script to make Tor Network your default gateway.
Habu (https://github.com/portantier/habu) - Python Network Hacking Toolkit
Wifi Jammer (https://n0where.net/wifijammer/) - Free program to jam all wifi clients in range
Firesheep (https://codebutler.github.io/firesheep/) - Free program for HTTP session hijacking attacks.
Scapy (https://github.com/secdev/awesome-scapy) - A Python tool and library for low level packet creation and manipulation
Amass (https://github.com/OWASP/Amass) - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
sniffglue (https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer
Netz (https://github.com/spectralops/netz) - Discover internet-wide misconfigurations, using zgrab2 and others.
RustScan (https://github.com/rustscan/rustscan) - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
AND OTHERS STUFF
DRUPAL HUNTER EXPLOITATION TOOL
# --= https://github.com/dr-iman/Drupal-Hunter
CMS DETECTOR v2 (WP, DUPAL, JOOMLA)
# --= https://github.com/dr-iman/cms-detector
WORDPRESS DETECTOR (VULN DORKER)
# --= https://github.com/dr-iman/Wordpress-detector
PACKET STORM EXPLOIT LIST
# --= https://github.com/BuddhaLabs/PacketStorm-Exploits
PHP SHELLS
# --= https://github.com/.../shell.../tree/master/shell/php
PHP FILE MANAGER
# --= https://github.com/alexantr/filemanager
OPENCART BRUTEFORCE AND IMAGE UPLOAD
# --= https://github.com/indoxploit-coders/op ... bruteforce
WEBSHELLS v2
# --= https://github.com/phpshellxyz/webshell
MIXED TOOLS (Cpanel Brute, ShellFinder, Symlink Shell, DDoSer)
# --= https://github.com/incredibleindishell/PHP-web-shells
WHMCS KILLER V4 SHELL(Server Root, Domain Resellers, Client Root, CC, Pass, Accs)
# --= https://github.com/iamhex/WHMCS-Killer-v4
Amazon AWS S3 Bucket Enumeration
# --= https://github.com/0xSearches/sandcastle/
Amazon SMTP Credential Checker
# --= https://github.com/noolep/AWCREC
Twilio Mass Checker
# --= https://github.com/noolep/Twilio_Check
Laravel .env Database Exploit
# --= https://github.com/security007/laravelExploit
007 Scanner(Grabber, Admin finder and more)
# --= https://github.com/security007/007scanner
Laravel Config Exploit
# --= https://github.com/anhaxteam/laravel-config-exploit
Laravel PHP Unit RCE and Env Exploiter
# --= https://github.com/.../Laravel-PhpUnit- ... -Get-Env...
Zerobyte's Laravel Exploiter
# --= https://github.com/zerobyte-id-bak/LaravelENV
DarkSplitz Exploit Framework
# --= https://github.com/koboi137/darksplitz
NetAss2 - Network Assessment Assistance Framework
# --= https://github.com/zerobyte-id-bak/NetAss2
Bashter - Web Scanner & Analyzer
# --= https://github.com/zerobyte-id-bak/Bashter
Domain Take Over Finder
# --= https://github.com/zerobyte-id-bak/FinderDomainTakeOver
Sudomy - Subdomain Enumeration & Analysis
# --= https://github.com/Screetsec/Sudomy
Wordpress Auto Upload Shell in Plugin
# --= https://github.com/AnonRoz-Team/wp_auto_upshell
Domain to IP [FAST]
# --= https://github.com/rebl0x3r/domain2ip
xAttacker - Website Vulnerability Scanner & Auto Exploiter
# --= https://github.com/moham3driahi/xattacker
SQLI, LFI, XSS and RCE Dorker & Auto Exploiter
# --= https://github.com/.../sqli-lfi-xss-rce ... and-auto...
Drupal Hunter
# --= https://github.com/dr-iman/drupal-hunter
Wordpress Exploits (Stored XSS, XML-RPC DDoS, Add Admin, RSS, Login)
# --= https://github.com/shadowz3n/wpexploit
Revslider Auto Exploiter
# --= https://github.com/kyo1337/revsliderautoexploiter
WebDav Mass Exploiter
# --= https://github.com/kyo1337/Webdav-Mass-Exploiter
IP Mass Grabber [.exe]
# --= https://github.com/kyo1337/Mass-IP-Grabbing
Shell Finder [ Dictionary Attack + Wordlist ]
# --= https://github.com/kyo1337/Shell-Finder
CMS Detector + Vulnerability Finder (Exploit DB)
# --= https://github.com/ptonewreckin/cmsdetector
Advanced CMS Detector (Slow but Exact)
# --= https://github.com/redhathackers/cms-detector
RDP Cracker [ BASH + Wordlists ]
# --= https://github.com/exploit-inters/crackrdp
TIDoS - The Offensive Manual Web Application Penetration Testing Framework
# --= https://github.com/exploit-inters/TIDoS-Framework
Paros (http://sourceforge.net/projects/paros/) - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
pig (https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
findsubdomains (https://findsubdomains.com/) - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT).
cirt-fuzzer (http://www.cirt.dk/) - A simple TCP/UDP protocol fuzzer.
ASlookup (https://aslookup.com/) - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...)
ZAP (https://www.owasp.org/index.php/OWASP_Z ... xy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
mitmsocks4j (https://github.com/Akdeniz/mitmsocks4j) - Man-in-the-middle SOCKS Proxy for Java
ssh-mitm (https://github.com/jtesta/ssh-mitm) - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
nmap (https://nmap.org/) - Nmap (Network Mapper) is a security scanner
Aircrack-ng (http://www.aircrack-ng.org/) - An 802.11 WEP and WPA-PSK keys cracking program
Nipe (https://github.com/GouveaHeitor/nipe) - A script to make Tor Network your default gateway.
Habu (https://github.com/portantier/habu) - Python Network Hacking Toolkit
Wifi Jammer (https://n0where.net/wifijammer/) - Free program to jam all wifi clients in range
Firesheep (https://codebutler.github.io/firesheep/) - Free program for HTTP session hijacking attacks.
Scapy (https://github.com/secdev/awesome-scapy) - A Python tool and library for low level packet creation and manipulation
Amass (https://github.com/OWASP/Amass) - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
sniffglue (https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer
Netz (https://github.com/spectralops/netz) - Discover internet-wide misconfigurations, using zgrab2 and others.
RustScan (https://github.com/rustscan/rustscan) - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.
AND OTHERS STUFF
DRUPAL HUNTER EXPLOITATION TOOL
# --= https://github.com/dr-iman/Drupal-Hunter
CMS DETECTOR v2 (WP, DUPAL, JOOMLA)
# --= https://github.com/dr-iman/cms-detector
WORDPRESS DETECTOR (VULN DORKER)
# --= https://github.com/dr-iman/Wordpress-detector
PACKET STORM EXPLOIT LIST
# --= https://github.com/BuddhaLabs/PacketStorm-Exploits
PHP SHELLS
# --= https://github.com/.../shell.../tree/master/shell/php
PHP FILE MANAGER
# --= https://github.com/alexantr/filemanager
OPENCART BRUTEFORCE AND IMAGE UPLOAD
# --= https://github.com/indoxploit-coders/op ... bruteforce
WEBSHELLS v2
# --= https://github.com/phpshellxyz/webshell
MIXED TOOLS (Cpanel Brute, ShellFinder, Symlink Shell, DDoSer)
# --= https://github.com/incredibleindishell/PHP-web-shells
WHMCS KILLER V4 SHELL(Server Root, Domain Resellers, Client Root, CC, Pass, Accs)
# --= https://github.com/iamhex/WHMCS-Killer-v4
Amazon AWS S3 Bucket Enumeration
# --= https://github.com/0xSearches/sandcastle/
Amazon SMTP Credential Checker
# --= https://github.com/noolep/AWCREC
Twilio Mass Checker
# --= https://github.com/noolep/Twilio_Check
Laravel .env Database Exploit
# --= https://github.com/security007/laravelExploit
007 Scanner(Grabber, Admin finder and more)
# --= https://github.com/security007/007scanner
Laravel Config Exploit
# --= https://github.com/anhaxteam/laravel-config-exploit
Laravel PHP Unit RCE and Env Exploiter
# --= https://github.com/.../Laravel-PhpUnit- ... -Get-Env...
Zerobyte's Laravel Exploiter
# --= https://github.com/zerobyte-id-bak/LaravelENV
DarkSplitz Exploit Framework
# --= https://github.com/koboi137/darksplitz
NetAss2 - Network Assessment Assistance Framework
# --= https://github.com/zerobyte-id-bak/NetAss2
Bashter - Web Scanner & Analyzer
# --= https://github.com/zerobyte-id-bak/Bashter
Domain Take Over Finder
# --= https://github.com/zerobyte-id-bak/FinderDomainTakeOver
Sudomy - Subdomain Enumeration & Analysis
# --= https://github.com/Screetsec/Sudomy
Wordpress Auto Upload Shell in Plugin
# --= https://github.com/AnonRoz-Team/wp_auto_upshell
Domain to IP [FAST]
# --= https://github.com/rebl0x3r/domain2ip
xAttacker - Website Vulnerability Scanner & Auto Exploiter
# --= https://github.com/moham3driahi/xattacker
SQLI, LFI, XSS and RCE Dorker & Auto Exploiter
# --= https://github.com/.../sqli-lfi-xss-rce ... and-auto...
Drupal Hunter
# --= https://github.com/dr-iman/drupal-hunter
Wordpress Exploits (Stored XSS, XML-RPC DDoS, Add Admin, RSS, Login)
# --= https://github.com/shadowz3n/wpexploit
Revslider Auto Exploiter
# --= https://github.com/kyo1337/revsliderautoexploiter
WebDav Mass Exploiter
# --= https://github.com/kyo1337/Webdav-Mass-Exploiter
IP Mass Grabber [.exe]
# --= https://github.com/kyo1337/Mass-IP-Grabbing
Shell Finder [ Dictionary Attack + Wordlist ]
# --= https://github.com/kyo1337/Shell-Finder
CMS Detector + Vulnerability Finder (Exploit DB)
# --= https://github.com/ptonewreckin/cmsdetector
Advanced CMS Detector (Slow but Exact)
# --= https://github.com/redhathackers/cms-detector
RDP Cracker [ BASH + Wordlists ]
# --= https://github.com/exploit-inters/crackrdp
TIDoS - The Offensive Manual Web Application Penetration Testing Framework
# --= https://github.com/exploit-inters/TIDoS-Framework