Category: Hacking Tools

penetration testingEXPLOIT-COLLECTORHomeHacking Tools

HELK – Open Source Threat Hunting Platform

The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack. This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure. Goals of HELK Open Source Threat Hunting Platform Provide an open-source hunting platform to the…


tko-subs – Detect & Takeover Subdomains With Dead DNS Records

tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped. What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do? This tool allows you: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be…


Arcane – Tool To Backdoor iOS Packages (iPhone ARM)

Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories. It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device. How Arcane Tool To Backdoor iOS Package Works It’s possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the preinst, postinst, prerm, and postrm files. Read the rest of Arcane – Tool…

NEW TOOLSPython3sql injectionHacking Toolsweb-securityXSS ScannersBug BountyWeb ScannerTermuxScant3R

Scant3R – Web Security Scanner

ScanT3r - Web Security Scanner _____ ___________ / ___/_________ _____/_ __/__ /_____ \__ \/ ___/ __ `/ __ \/ / /_ </ ___/ ___/ / /__/ /_/ / / / / / ___/ / / /____/\___/\__,_/_/ /_/_/ /____/_/ # Coded By : Khaled Nassar @knassar702Detect This vulnerabilities Remote Code Execution LinuxXSS Reflected Template Injection Jinja2 ERB Java Twig Freemarker SQl Injection ScreenShot:GIFOS Support :Linux Android Windows InstallLinuxopen your terminalenter this command $ git clone $ cd scant3r $ python3 -m pip install -r requirements.txtAndroidDownload…


Axiom – Pen-Testing Server For Collecting Bug Bounties

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line. With Axiom, you just need to run a single command to get setup, and then you can use the Axiom toolkit scripts to spin up and down your new hacking VPS. Setting up your own ‘hacking vps’, to catch shells, run enumeration tools, scan, let things run in the background in a tmux window, used to be…

NEW TOOLSMetasploit Frameworkpenetration testingHacking ToolsANDRAXPenetration Testing Platform

ANDRAX v5R NH-Killer – Penetration Testing on Android

ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!The development of ANDRAX began on 08/09/2016 (DD/MM/YYYY) only for people in BrazilANDRAX has been fully redefined and reloaded on 05/10/2018 (DD/MM/YYYY) open to the international public.ANDRAX enable to all Android device with root access enabled and a good unlocked rom become a weapon for advanced Penetration Testing.Why is Android so powerful?Simple, everyone has…

EXPLOIT-COLLECTORHomeHacking ToolsRATRemote Administration Tool

Quasar RAT – Windows Remote Administration Tool

Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. It aims to provide high stability and an easy-to-use user interface and is a free, open source tool. Features of Quasar RAT Windows Remote Administration Tool The main features that can be found in Quasar are: TCP network stream (IPv4 & IPv6 support) Fast network serialization (Protocol Buffers) Compressed (QuickLZ) & Encrypted (TLS) communication UPnP Support Task Manager…


Sandcastle – AWS S3 Bucket Enumeration Tool

Sandcastle is a Python-based Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations. Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.), you first create a bucket in one of the AWS Regions. You can then upload any number of objects to the bucket. Read the rest of Sandcastle – AWS S3…