Category: Mac


Black Window 10 v2 (codename: Polemos)

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system and…


Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

ArjunDiscoveryHTTPMacNEW TOOLSParameterParameter FinderParameter FuzzingParameter Scanner

Arjun v1.1 – HTTP Parameter Discovery Suite

FeaturesMulti-threading3 modes of detectionRegex powered heuristic scanningHuge list of 3370 parameter namesUsageNote: Arjun doesn't work with python < 3.4Discover parametersTo find GET parameters, you can simply do:python3 -u --getSimilarly, use --post to find POST parameters.Multi-threadingArjun uses 2 threads by default but you can tune its performance according to your network connection.python3 -u --get -t 22Delay between requestsYou can delay the request by using the -d option as follows:python3 -u --get -d 2Adding HTTP HeadersUsing the --headers switch will…

CrawlerDirhuntDirscannerMacNEW TOOLSProcessesSecurity ToolsVirusTotalWebWebsecWithout Bruteforce

Dirhunt v0.6.0 – Find Web Directories Without Bruteforce

DEVELOPMENT BRANCH: The current branch is a development version. Go to the stable release by clicking on the master branch.Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.$ dirhunt does not use brute…

AES DecryptionAES EncryptionBurpBurp AES-KillerBurp ExtensionsBurp PluginBurpsuite ExtenderBurpsuite ToolsDecryptorMacNEW TOOLS

AES-Killer v3.0 – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

Burpsuite Plugin to decrypt AES Encrypted traffic on the fly.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesThe IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption.How it worksRequire AES Encryption Key (Can be obtained by using frida script or reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by using frida script or…

Advanced SQL InjectionAutomatic SQL InjectionMacNEW TOOLSsql injectionSQL Injection ExploitationSQL injection scannerSQL injection test environmentSQLi

SQLMap v1.2.11 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2,…

Brute-forceCaptive PortalEvil TwinKaliMacMac ChangerNEW TOOLSPcapPenetration TestSniffAirTP-LINKWPA2

SniffAir – A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries…

DarkSpiritzMacNEW TOOLSPenetration Test Frameworkpenetration testingPenetration Testing FrameworkPentesting FrameworkTesting Framework

DarkSpiritz v2.0 – A Penetration Testing Framework For Linux, MacOS, And Windows Systems

A penetration testing framework for Linux and Windows systems.What is DarkSpiritz?Created by the SynTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how…

HardeningMacNEW TOOLSSystem Auditing ToolSystem AuditorSystem HardeningSystem/Network ManagerVulnerability Scanner

Lynis 2.7.0 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported…

Arbitrary File UploadJQShellMacNEW TOOLSpwnedTOR

JQShell – A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)

JQShellA weaponized version of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0).DisclaimerUsing this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use this software for illegal purposes. This software is intended for educational use only. No servers were illegally pwned in the making of this software.FeaturesSingle Target Multi Target Tor PrerequisitesPlease install these required packages.Python3pip3 install requests pysocks subprocess stem Tor Control PortTo use tor, in this script,…

Hacking ToolMacMetasploit Web DeliveryNEW TOOLSPasteJackerPasteJackingpenetration testingPython3Social Engineering AttacksWeb HackingWindows Hacking

PasteJacker – Add PasteJacking To Web-Delivery Attacks

The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there's no tool doing this job the right way.Now while this attack depends on what the user will paste, imagine adding this attack to Metasploit web delivery module.See this simple scenario to make things clear:The target opens an HTML page served by the tool and this page has…