Low to medium Ubuntu Core honeypot coded in Python. Features Optional Login Prompt Logs commands used and IP addresses Customize MOTD, Port, Hostname and how many clients can connect at once (default is unlimited) Save and load config Add support to a plethora of commands Todo Packet Capture Better Logging Service Geolocation Email Alerts InsightsRead More
An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There’s still more work to do so feel free to help out with the development. Disclaimer: This reverse shell should only be used in the lawful, remote administration of authorized systems. Accessing a computer network without authorization or permission is illegal. Getting Started PleaseRead More
A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product on github originally by Antonios Atlasis SyncsRead More
WriteHat is a reporting tool which removes Microsoft Word (and many hours of suffering) from the reporting process. Markdown –> HTML –> PDF. Created by penetration testers, for penetration testers – but can be used to generate any kind of report. Written in Django (Python 3). Features: Effortlessly generate beautiful pentest reports On-the-fly drag-and-drop reportRead More
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib methodRead More
PyBeacon is a collection of scripts for dealing with Cobalt Strike’s encrypted traffic. It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings Scripts included There is a small library which includes encryption/decoding methods, however some example scripts are included. stager-decode.py – this tool will simply decode a beacon DLL from a stagerRead More
An open source implementation of the grantor role in Apple’s Wi-Fi Password Sharing protocol. Disclaimer OpenWifiPass is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project. The code serves solely documentary and educational purposes. It is untested and incomplete. For example, the code does not verify the identityRead More
Please Note – This Program Do Not Store Passwords In Any Form And All The Passwords Are Generated Locally Inside You Device. Diceware is a method used to generate cryptographically strong memorable passphrases. This is a python implementation of the diceware password generating algorithm. Inspired after watching this video. How DPG Generate Passwords? Traditional DicewareRead More
Simple python script to check against hypothetical JWT vulnerability. Let’s say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.zbgd5BNF1cqQ_prCEqIvBTjSxMS8bDLnJAE_wE-0Cxg Above token can be decoded to the following data: { “alg”: “HS256”, “typ”: “JWT”}{ “sub”: “1234567890”, “name”: “John Doe”, “iat”: 1516239022} To calculate signature theRead More
ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you in your OSINT investigation on Proton service (for educational purposes only). ProtOSINT is separated in 3 sub-modules: [1] Test the validity of one protonmail account [2] Try to find if your target have aRead More
