Autoenum – Automatic Service Enumeration Script

Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments (i.e. HTB, VulnHub, OSCP) and draws a bit from a number of existing tools including AutoRecon (https://github.com/Tib3rius/AutoRecon), Auto-Recon (https://github.com/Knowledge-Wisdom-Understanding/Auto-Recon), and nmapautomator (https://github.com/21y4d/nmapAutomator). Could also be used in a real-life pentestingRead More

WiFi Passview v4.0 – An Open Source Batch Script Based WiFi Passview For Windows!

WiFi Passview is an open-source batch script-based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview software such as webpassview and mailpassview. Visit WikiDisclaimer: WiFi Passview is NOT designed for malicious use! Please use this program responsibly!HowRead More

Zip Cracker – Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline

This Script Supports Only Zip File in This VersionYou Can Also Use This Script With crunchCross-platform SupportedUsage: zipcracker.py [options] Options: –version show program’s version number and exit -h, –help show this help message and exit -f FILENAME, –file=FILENAME Please Specify Path of Zip File -d DICTIONERY, –dict=DICTIONERY Please Specify Path of Dictionery. -o OUTPUT, –output=OUTPUTRead More

DroidTracker – Script To Generate An Android App To Track Location In Real Time

Script to generate an Android App to track location in real time Features: Custom App Name 2 Port Forwarding options (Ngrok or using SSH Tunneling with Serveo.net) Obfuscated URL by Tinyurl Fully Undetectable Legal disclaimer:Usage of DroidTracker for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicableRead More

SecretFinder – A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT…) And Search Anything On Javascript Files

SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding and search anything onRead More

URLCADIZ – A Simple Script To Generate A Hidden Url For Social Engineering

A simple script to generate a hidden url for social engineering.Legal disclaimer:Usage of URLCADIZ for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program InstallingRead More

Spyeye – Script To Generate Win32 .Exe File To Take Screenshots

Script to generate Win32 .exe file to take screenshots every ~10 seconds. Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable (FUD) -> Don’t Upload to virustotal.com! Legal disclaimer:Usage of SpyEye for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws.Read More

Recox – Master Script For Web Reconnaissance

The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a sophisticated attack. RecoX automates several functions and saves a significantRead More

RepoPeek – A Python Script To Get Details About A Repository Without Cloning It

RepoPeek is a Python script to get details about a repository without cloning it. All the information are retrieved using the GitHub API.Please Note: API requests made by this module aren’t using basic authentication or OAuth. Therefore the rate limit allows for up to 60 requests per hour. Unauthenticated requests are associated with the originatingRead More

Powerob – An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.Installationgit clone https://github.com/cwolff411/powerob Usagepython3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1Takes an INPUTFILE obfuscates it and dumps the obfuscated version into OUTPUTFILE.python3 powerob.py listLists all of the currently obfuscated files along with their commands and associated obfuscated commands.python3 powerob.py getcommand Invoke-AllChecksFor reference on the flyRead More

X