Tag: windows


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

DiscoverKube-HunterMacNEW TOOLSScan

Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own!Run kube-hunter: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.Contribute: We welcome contributions, especially…

ElasticsearchExposingMacNEW TOOLSSensitive InformationStretcher

Stretcher – Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information

Stretcher is a tool to search for open elasticsearch servers.Usage: python --shodan {key} --action analyze --threads {0..100} --dork python --help _____ __ __ __ / ___// /_________ / /______/ /_ ___ _____ \__ \/ __/ ___/ _ \/ __/ ___/ __ \/ _ \/ ___/ ___/ / /_/ / / __/ /_/ /__/ / / / __/ / /____/\__/_/ \___/\__/\___/_/ /_/\___/_/ Tool designed to help identify incorrectly Applications that are exposing sensitive [+] Interesting indexes were found payment, address, email, user Browser:…

Advanced SQL InjectionAutomatic SQL InjectionMacNEW TOOLSsql injectionSQL Injection ExploitationSQL injection scannerSQL injection test environmentSQLi

SQLMap v1.3 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2,…

Command LineExrexMacNEW TOOLSRegular Expressions

Exrex – Irregular Methods On Regular Expressions

Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more. It's pure python, without external dependencies.There are regular expressions with infinite matching strings (eg.: [a-z]+), in these cases exrex limits the maximum length of the infinite parts.Exrex uses generators, so the memory usage does not depend on the number of matching strings.FeaturesGenerating all matching stringsGenerating a random matching stringCounting the number of matching stringsSimplification of regular expressionsInstallationTo install exrex,…

MacNEW TOOLSSecurity AutomationSecurity ResearchSecurity ScannerShodanShodan APIShodan CLIShodan ScriptsShodan ToolShodanploitShodansploitSSH

Shodanploit – Shodan Command Line Interface Written In Python

Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service, SCADA systems, and more. Moreover, more specific searches are possible. As a result of the search, Shodan shows us the number of vulnerable hosts on Earth.So what does shodansploit do ?With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches. All…

BeEFCommand LineJavaScriptJS ShellJSShellMacNEW TOOLSRemote Code Execution

JSShell – An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).Version 2.0 is created entirely from scratch, introducing new exciting features, stability and maintainability.AuthorDaniel Abeles.Shell VideoFeaturesMulti client supportCyclic DOM objects supportPre flight scriptsCommand Queue & ContextExtensible with PluginsInjectable via <script> tagsDumping command output to fileShell paginationInstallation & SetupConfig FileIn the…

Command LineCuteitIP addressIP ObfuscatorLan AttacksLan NetworkMacNEW TOOLS

Cuteit – Make A Malicious IP A Bit Cuter (IP Obfuscator)

A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload.All of that is simply done with obfuscating ip to many forms.Download Cuteit


ThunderDNS – Tool To Forward TCP Traffic Over DNS Protocol

This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support.RunSetting up NS records on our domain:Please wait for clearing DNS-cache.Simple server run:python3 ./ --domain oversec.ruSimple server run (Dockerfile):docker run <imageid> -e DOMAIN='<domain>'Simple client run (Bash):bash ./ -d -n <clientname>Simple client run (PowerShell):PS:> ./ps_client.ps1 -domain -clientname <clientname>Show registered clients list:python3 ./ --dns --dns_port 9091 --clientsRun proxy:python3 ./ --dns --dns_port 9091 --socks5 --localport 9090 --client 1Video demonstrationDownload ThunderDNS

CRSDistributedMacModSecurityNEW TOOLSOWASP ModSecurity

CRS – OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.The Core Rule Set provides protection against many common attack categories, including:SQL Injection (SQLi)Cross Site Scripting (XSS)Local File Inclusion (LFI)Remote File Inclusion (RFI)Remote Code Execution (RCE)PHP Code InjectionHTTP Protocol Violations    HTTPoxyShellshockSession FixationScanner DetectionMetadata/Error LeakagesProject Honey Pot…