AI Summary: Above is a network security sniffer designed for penetration testers and security engineers to identify vulnerabilities in network equipment through traffic analysis. It operates silently, leveraging the Scapy library, and supports the detection of up to 28 protocols, including ARP, EAPOL, and various SCADA protocols. Users can operate it in ‘hot’ mode for real-time sniffing or ‘cold’ mode for analyzing pre-captured traffic dumps, with features like passive ARP detection and VLAN segment search.

AI Summary: AllHackingTools is a penetration testing toolkit designed for Termux that automates the installation and management of various hacking tools. Its primary use case is to facilitate the setup and customization of a hacking environment on Termux, allowing users to quickly download and run tools directly from the interface. Notable features include an updated installer with enhanced design elements, streamlined updating capabilities, and improved system stability.

README

• License • Issues • Project • Wikipedia •

AI Summary: Alternative Frontends is a curated collection of privacy-respecting web applications designed as alternatives to mainstream social media services. It features a variety of lightweight, ad-free frontends that are open-source and self-hostable, catering to users looking for enhanced privacy without sacrificing functionality. Notable offerings include dedicated clients for platforms like YouTube and Reddit, each prioritizing user privacy and offering decentralized hosting options.

README

Alternative Frontends

This is a list of privacy-respecting frontends to popular services like social media. All of them are cross-plattform webapps and should work on your device no matter the OS and hardware.

AI Summary: Android Unpinner is a tool designed to facilitate the removal of SSL certificate pinning from Android APKs without requiring root access. Utilizing the Frida framework, it modifies only the AndroidManifest.xml file to enable debugging, while dynamically injecting a Frida Gadget via ADB to perform the unpinning process. The tool is equipped with comprehensive dependencies for cross-platform use and supports handling XAPKs by extracting and installing split APKs effectively.

AI Summary: AngryOxide is a Rust-based 802.11 attack tool designed for penetration testing and WiFi exploitation research. It provides an active state-based attack engine that retrieves EAPOL messages from access points and clients, with features such as target filtering, auto-hunting capability, and GPS integration for geo-fencing. The tool is equipped with a terminal UI, headless operation mode, and a variety of automated attacks aimed at retrieving cryptographic data for later cracking with tools like Hashcat.

AI Summary: The ASN Lookup Tool and Traceroute Server is a command line utility designed for network analysis, facilitating OSINT investigations through various capabilities including ASN lookup, RPKI validity checks, and geolocation of IP addresses. Key features include JSON output for API integration, support for querying multiple simultaneous targets, and integration with Shodan for reconnaissance without direct interaction with the target systems. This tool is particularly useful in incident response scenarios, providing comprehensive network data insights while maintaining stealth.

AI Summary: asnmap is a Go CLI and library designed for quickly mapping organizational network ranges by leveraging Autonomous System Number (ASN) information. Its primary use case is for cybersecurity analysts to perform lookups for CIDR ranges based on various inputs such as ASN, organization name, domain, or IP addresses, with flexibility in output formats including JSON, CSV, and plain text. Notable features include support for multiple input types, integration with a Project Discovery Cloud Platform API for enhanced data retrieval, and the ability to operate with standard input/output.

AI Summary: The DigiSpark Attiny85 repository provides a cost-effective alternative to Rubber Ducky, enabling users to program the Attiny85 to function as a Human Interface Device (HID) that sends keystrokes to a computer. It includes various pre-built payloads such as a Wi-Fi password stealer, UAC bypass, and keylogger, allowing for a range of offensive actions from data exfiltration to system exploitation. Users can easily set up their development environment and execute these payloads using the Arduino IDE.

AI Summary: Awesome Hacker Search Engines is a curated repository of search engines specifically designed for penetration testing, vulnerability assessments, and red/blue team operations. It categorizes various resources including general search engines, servers, vulnerabilities, exploits, and more, providing tools for effective reconnaissance and threat intelligence gathering. Notable features include links to specialized engines like Shodan and the NIST NVD, enabling streamlined access to critical information for security professionals.

README

Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

AI Summary: Awesome Hacking Resources is a comprehensive collection of materials designed for individuals looking to enhance their skills in hacking and penetration testing. The repository includes various categories such as learning resources, online courses, forums, and tools crucial for topics like malware analysis and network scanning, promoting community contribution and knowledge sharing within the cybersecurity field. Notably, it features a dedicated list of tools and links to educational content, making it a valuable resource for both beginners and advanced practitioners.

AI Summary: The Awesome Malware Analysis repository provides a comprehensive curated list of malware analysis tools and resources, aimed at enhancing research and understanding of malware threats. Notable features include sections on various categories such as malware collections, open-source threat intelligence, detection and classification methodologies, and online scanners, facilitating a structured approach for analysts. This resource serves as a valuable reference for cybersecurity professionals seeking effective tools for malware research and investigation.

AI Summary: The “awesome-termux-hacking” repository aggregates a collection of tools designed for penetration testing and security assessments on Android devices using the Termux environment. Key tools include ANDRAX, a robust penetration testing platform that functions natively on Android, and ReconCobra, an automated pentest framework for information gathering. This repository enhances the capabilities of ethical hacking on mobile platforms by offering various utilities for tasks such as subdomain enumeration, exploit searching, and proxy management.

AI Summary: Blackbird is an OSINT tool designed for rapid username and email searches across over 600 platforms, integrating AI-powered profiling for enhanced data analysis. Notable features include community-driven accuracy, smart filters, automated analysis, and the ability to export results as PDF or CSV files. It leverages tools like WhatsMyName to provide low false positive rates while ensuring user privacy during its operations.

README

Blackbird

Blackbird is a powerful OSINT tool that combines fast username and email searches across more than 600 platforms with free AI-powered profiling. By leveraging community-driven projects like WhatsMyName, it ensures low false positive rates and high-quality results. Features include smart filters, polished PDF/CSV exports, and fully automated analysis — all from a single CLI.

AI Summary: Brutespray is a credential brute-forcing tool designed to automatically test default credentials against discovered services from various scan outputs, including Nmap and Nessus. It supports over 30 protocols and features capabilities such as multi-auth support, password spray mode, an interactive terminal UI, and resume functionality, allowing for efficient and comprehensive credential testing across networks. The tool is built in Go and offers extensive customization options through YAML configuration files and embedded wordlists.

AI Summary: The “Bypass firewalls by abusing DNS history” tool automates the process of discovering direct IP addresses of servers behind web application firewalls (WAFs) by leveraging historical DNS records. Its primary use case is for security professionals, including bug bounty hunters, aiming to uncover misconfigured servers or outdated versions of websites that may be vulnerable to exploits. Notable features include the ability to output confidence levels based on HTML response similarities and support for fetching IPs of subdomains to enhance bypass attempts.

AI Summary: Capsulecorp Pentest is a pre-configured virtual network environment designed for learning network penetration testing, utilizing Vagrant and Ansible to deploy five virtual machines, including a Linux attacker and four Windows 2019 servers with vulnerable services. This tool streamlines the setup process, allowing users to quickly launch a fully functional Active Directory domain for educational purposes, with included features like a vulnerable Jenkins server, Apache Tomcat, and Metasploit. Its primary use case is to facilitate hands-on pentesting practice in a controlled environment, enhancing learning efficiency.

AI Summary: CaptfEncoder is an open-source, cross-platform network security tool suite designed for code conversion, cryptography, and a variety of online query tools. It features a wide range of encoding methods, classical ciphers, and modern cryptographic algorithms, enabling users to perform tasks such as data encoding, encryption, and security analysis efficiently. The tool is built in Rust, ensuring enhanced performance and supports a variety of operating systems including Windows, Linux, and macOS.

AI Summary: Ciphey is a fully automated tool designed for decryption, decoding, and cracking of encoded data, leveraging natural language processing and artificial intelligence techniques. Its primary use case is to assist cybersecurity professionals and enthusiasts in deciphering encrypted messages and files without requiring prior knowledge of the encryption methods used. Notable features include support for various installation methods (Python, Docker, MacPorts, Homebrew) and a user-friendly interface that simplifies the decryption process.

AI Summary: CloudFail is a reconnaissance tool designed to uncover the origin server of targets protected by Cloudflare by utilizing three distinct attack phases: misconfigured DNS scans, querying the Crimeflare database, and brute-forcing over 2500 subdomains. The tool operates through Tor to maintain anonymity while performing these scans, making it particularly useful for security researchers conducting penetration tests or academic inquiries. Key features include seamless integration with Tor for privacy, a focus on potential DNS misconfigurations, and an easy-to-use scanning interface.

AI Summary: CTFever is a comprehensive toolkit designed for Capture The Flag (CTF) participants, offering a variety of utilities to assist in solving challenges. It includes a range of tools for tasks such as encoding/decoding, cryptography, and data analysis, featuring notable options like Base64 encoding, Caesar ciphers, and hash calculations. This resource is particularly beneficial for cybersecurity enthusiasts engaged in competitive environments, aiming to streamline their workflow and enhance their problem-solving capabilities.

AI Summary: DeauthDetector is an open-source tool designed to monitor and detect Wi-Fi deauthentication attacks using an ESP8266 microcontroller. Its primary use case involves real-time identification of malicious deauth frames, indicated by an LED activation, making it an effective low-cost solution for network security monitoring. Notable features include customizable scanning options, support for multiple channels, and easy installation via precompiled binaries or Arduino integration.

README

DeauthDetector

Detect deauthentication frames using an ESP8266

AI Summary: The DedSec Project is an educational toolkit designed for Android using Termux, integrating various scripts, utilities, and local web interfaces to facilitate learning about cybersecurity tools and workflows. It aims to enhance users’ understanding of defensive awareness through practical exercises and organized scripts, while supporting both English and Greek interfaces. Notable features include a comprehensive installation guide, diverse categories of tools, and a focus on educational usage, including personal information capture and simulated environments.

AI Summary: DeepTraffic is a toolkit that employs deep learning models specifically for the classification of network traffic, focusing on identifying malware and anomalies. Its primary application lies in enhancing cybersecurity measures through effective traffic analysis and representation learning using convolutional neural networks. Notable features include end-to-end encrypted traffic classification and the ability to learn hierarchical spatial-temporal features for improved intrusion detection.

README

Deep Learning models for network traffic classification

For more information please read our papers.

AI Summary: DetectDee is a reconnaissance tool designed to track down social media accounts using identifiers such as usernames, emails, and phone numbers across various social networks. Notable features include precise control over request handling to evade web application firewalls, support for multiple input types for user detection, and the option for integration with ChatGPT for enhanced result tagging. Its extensibility and ease of use make it suitable for cybersecurity practitioners in their investigations.

AI Summary: DGFraud is a Graph Neural Network (GNN) toolbox designed for detecting fraud in various systems by integrating and comparing state-of-the-art GNN-based models. Its primary use case lies in enhancing the efficacy of fraud detection mechanisms through advanced graph-based methodologies. Notable features include a modular architecture for implementing new models, comprehensive documentation on existing algorithms, and support for TensorFlow 2.0, allowing seamless integration into existing projects.

README

AI Summary: The Dictionary-Of-Pentesting is a comprehensive collection of dictionaries designed for penetration testing, vulnerability discovery, brute force attacks, and fuzzing. It categorizes resources such as authentication, file paths, ports, domains, and various default credentials, and continuously expands its listings to include regex patterns, user credentials, and application-specific payloads. Notable features include a broad range of default password lists, HTTP parameter enumeration, and the inclusion of specific patterns for cloud services and common vulnerabilities.

AI Summary: The Digital Forensics Guide serves as a comprehensive resource for those engaged in digital forensics, providing a compilation of applications, libraries, and tools essential for effectively conducting forensic investigations. The guide includes sections on various forensic fields such as computer, mobile, and network forensics, along with curated lists of tutorials, certifications, and frameworks to enhance practitioners’ skills and knowledge. Notable features include playbooks for practical application and a structured format for easy navigation through key topics.

AI Summary: The DoublePulsar Detection Script is a Python tool designed to identify the presence of the DoublePulsar implant on systems through SMB and RDP protocols. It supports scanning single IPs or lists of IPs with multi-threading capabilities, and includes functionality for remote uninstall of the implant for remediation. Key features include detection capabilities for both protocols, an early release for urgent network compromise identification, and associated Snort signatures for enhanced detection.

AI Summary: The DumpsterFire Toolset is a cross-platform, modular tool designed for creating automated, time-delayed security events suitable for both Red and Blue Team exercises. Its primary use case is to facilitate realistic cyber incident simulations and training by allowing users to build customizable event chains that can generate network and filesystem artifacts, enhancing incident response capabilities. Notable features include dynamic extensibility for adding custom event modules, a menu-driven interface for ease of use, and the ability to run exercises in a controlled manner without direct supervision.

AI Summary: ESP32-DIV is an open-source multi-band wireless toolkit based on the ESP32, designed for wireless testing, signal analysis, jammer development, and protocol spoofing across Wi-Fi, BLE, 2.4GHz, and Sub-GHz frequency bands. Notable features include real-time packet monitoring, Wi-Fi deauthentication attacks, Bluetooth advertisement spoofing, and Sub-GHz command replay capabilities. The toolkit is intended strictly for educational and research purposes to ensure ethical usage in wireless security assessments.

README

ESP32-DIV

ESP32DIV - Advanced Wireless Toolkit

AI Summary: Evil Limiter is a network management tool designed to monitor, analyze, and control the bandwidth of devices on a local network without needing physical or administrative access. Utilizing ARP spoofing and traffic shaping techniques, it enables users to throttle upload and download speeds for specific hosts, block internet connections, and manage network resources effectively through a command-line interface. Notable features include automatic network configuration detection, the ability to scan IP ranges, and manage hosts dynamically with various commands for limiting and unblocking access.

AI Summary: EvilWAF is a sophisticated transparent MITM Firewall bypass proxy and deep WAF vulnerability scanner designed for authorized security testing purposes. It operates at the transport layer, allowing seamless integration with various security tools while employing advanced techniques such as TCP and TLS fingerprint rotation, source port manipulation, and automated WAF detection to evade defensive mechanisms. Notable features include a comprehensive multi-layer WAF scanning capability, direct origin bypass, and a robust IP rotation strategy through Tor and proxy pools, ensuring effective assessment of firewall vulnerabilities.

AI Summary: Eyeballer is a tool designed for large-scope network penetration testing, specifically aimed at identifying potentially vulnerable web hosts from a vast collection of screenshots. It employs machine learning to classify sites into categories such as “Old-Looking Sites,” “Login Pages,” and “Parked Domains,” allowing users to prioritize targets based on their likelihood of containing vulnerabilities. Notable features include support for GPU usage, a user-friendly setup process, and integration with popular screenshotting tools like EyeWitness and GoWitness.

AI Summary: FISSURE is an open-source RF framework designed for signal understanding and reverse engineering, catering to both operational and educational needs. It enables users to detect, classify, and manipulate RF signals, perform automated vulnerability testing, and integrate with TAK for real-time situational awareness. Key features include support for various deployment options, from desktop GUIs to headless nodes, and a robust plugin ecosystem for enhanced functionality.

README

FISSURE - The RF Framework

Frequency Independent SDR-based Signal Understanding and Reverse Engineering

AI Summary: Fsociety is a comprehensive penetration testing framework designed to provide a wide array of hacking tools utilized in the Mr. Robot series. It features modules for information gathering, password attacks, wireless testing, exploitation, web hacking, and post-exploitation, all implemented in Python 2, with detailed installation instructions for various platforms, including Docker support. Notable tools included are Nmap, sqlmap, WPScan, and several others tailored for diverse security testing scenarios.

AI Summary: geowifi is a tool designed for querying WiFi geolocation data based on the BSSID or SSID from various public databases. Its primary use case is to facilitate the retrieval of network location information, providing output in either map or JSON format. Notable features include support for multiple APIs like Wigle, Google Geolocation, and Combain, enabling users to easily configure and access comprehensive WiFi data.

README

📡💘🌎 | geowifi

Search WiFi geolocation data by BSSID and SSID on different public databases.

AI Summary: Goby is a network security assessment tool designed for efficient vulnerability scanning and comprehensive attack surface analysis of target enterprises. It features over 100,000 rule recognition engines and 200 protocol recognition engines, facilitating identification of various network and software vulnerabilities, along with access to preset account information for more than 1,000 devices. Additionally, Goby supports cross-platform functionality on Windows, MacOS, and Linux, and employs a user-friendly interface built with Electron and Vue.

AI Summary: GoScan is an interactive network scanner client designed to automate and provide abstraction over nmap, facilitating host discovery, port scanning, and service enumeration. It is particularly suitable for use in CTFs, OSCP exams, or professional engagements, capable of maintaining scan state in an SQLite database, allowing for asynchronous results upload even in unstable network conditions. Notable features include service enumeration integration with additional tools such as EyeWitness and Hydra, real-time auto-completion, and support for importing data at various stages of the scanning process.

AI Summary: HackDroid is a comprehensive collection of penetration testing and security-related applications tailored for Android devices. It organizes applications into diverse categories, including forensics, networking, and cryptography, to facilitate easy access and download, while emphasizing the necessity of root permissions and ethical use cases. Notable features include a wide range of tools for various hacking and security tasks, and guidance for use on secondary devices to mitigate risks.

README

AI Summary: The Lifka/hacking-resources repository is a curated collection of hacking utilities and cheat sheets, aimed at assisting cybersecurity professionals and enthusiasts in their studies. It includes a variety of resources such as tools, OS distributions, tutorials, and specific cheat sheets for cloud, web, network, and system hacking. Notable features involve a comprehensive index and contributions from the community, facilitating an ongoing accumulation of valuable cybersecurity knowledge.

README

Hacking resources and cheat sheets

AI Summary: Qeeqbox/honeypots is a versatile package containing 30 customizable honeypots designed for monitoring network traffic, bot activities, and credential harvesting. It features non-blocking responses, easy setup and customization, and supports logging to various outputs, including Postgres databases, terminal, and Syslog. The tool encapsulates multiple protocols like HTTP, FTP, SSH, and more, facilitating quick deployment of multiple honeypots for enhanced threat detection.

README

30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials.

AI Summary: HostHunter is a Python-based tool designed for the discovery and extraction of hostnames linked to specified IPv4 or IPv6 addresses, utilizing OSINT and active reconnaissance methods. It generates comprehensive reports in various formats, including CSV and Nessus, and features capabilities like SSL certificate extraction, hostname validation, and the ability to capture screenshots of target applications. This tool is particularly beneficial for organizations aiming to assess their attack surface effectively.

AI Summary: HOUDINI is a comprehensive collection of Docker images designed for network intrusion testing, facilitating offensive security practices. It not only provides extensive listings of tools but also includes pre-defined docker run commands and cheatsheets for ease of use. Additionally, the repository encourages community contributions to expand its toolset, enhancing collaborative development in network security.

README

🐳 HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion

HOUDINI is a curated list of Network Security related Docker Images for Network Intrusion purposes. A lot of images are created and kept updated through our RAUDI repository. Pretty dope, eh?

AI Summary: IPRanges is a tool that compiles and lists the IP address ranges for various cloud services and platforms, including Google, Amazon, Microsoft, and others. It provides separate text files for IPv4 and IPv6 addresses, categorized into unmerged and merged formats for efficiency. The dataset is updated daily and sourced from publicly available information, making it useful for network management and security configurations.

README

IPRanges

List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), DigitalOcean, GitHub, Facebook (Meta), Twitter, Linode, Telegram, OpenAI (GPTBot), CloudFlare, Vultr, Apple (Private Relay) and ProtonVPN with daily updates.

AI Summary: IVRE (Instrument de veille sur les réseaux extérieurs) is a comprehensive network reconnaissance framework designed for both passive and active reconnaissance. It integrates multiple data sources and tools such as Zeek, Nmap, and Masscan, enabling users to gather extensive information about networks efficiently. Notable features include a web interface for data visualization, support for various database backends, and a modular architecture that allows for easy integration of additional tools.

AI Summary: Jok3r is a Python CLI application designed to assist penetration testers in executing automated network infrastructure and web security assessments. With over 50 integrated open-source tools, it streamlines vulnerability identification through context-aware checks, CVE lookups, and brute force attacks, all packaged within a Docker image for ease of use and customization. Notable features include automatic service fingerprinting, a comprehensive library of security checks for various network services, and automated post-authentication testing.

AI Summary: JustTryHarder is a comprehensive cheat sheet designed to assist users in navigating the Penetration Testing with Kali Linux (PWK) course and preparing for the Offensive Security Certified Professional (OSCP) exam. It consolidates various penetration testing techniques, such as OS detection, privilege escalation, and exploitation methods, while providing clear examples and references. Notable features include a wide array of topics that cover essential hacking methodologies and tools, making it a valuable resource for both beginners and experienced practitioners in the cybersecurity field.

AI Summary: linWinPwn is a comprehensive bash script designed for Active Directory penetration testing on Linux, integrating various tools for enumeration, vulnerability checks, modifications, and password dumping. It features both an interactive mode for manual checks and an automated mode for streamlined enumeration, allowing users to perform a wide array of security assessments including LDAP, Kerberos, and MSSQL interactions. Notably, it supports a range of authentication methods and can execute critical checks for known vulnerabilities such as NoPac and ZeroLogon, making it an essential tool for security professionals.

AI Summary: CISA’s Logging Made Easy (LME) is an open-source log management platform designed for small to medium-sized organizations to centralize log collection, enhance threat detection, and enable real-time alerting for improved security. Key features include integration with open-source tools for enhanced detection, automated deployment via Ansible scripts, and customizable dashboards with Kibana, making it a scalable solution for securing infrastructure without the need for an existing Security Operations Center (SOC) or extensive resources.

AI Summary: Maigret is a user-centric OSINT tool designed to gather comprehensive profiles based on usernames by scanning over 3000 websites, including Tor and I2P networks. Key features include profile data extraction, recursive search capabilities, and automated handling of censorship and captcha challenges, all without requiring API keys. This tool serves as an effective resource for analysts in social media investigations and identity verification.

README

Maigret

AI Summary: Malcom is a malware communication analyzer that visualizes network traffic to identify interactions with known malware sources, thereby aiding in malware analysis and intelligence gathering. Its primary use case is to detect command and control servers, monitor peer-to-peer networks, and unravel DNS fast-flux infrastructures. Notable features include its ability to convert complex network traffic data into actionable intelligence and a user-friendly graphical interface for rapid analysis.

README

Malcom - Malware Communication Analyzer

Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.

AI Summary: MetaOSINT is an open-source intelligence aggregation tool designed to assist OSINT practitioners in efficiently identifying and accessing relevant publicly available tools and resources. Its primary purpose is to streamline investigations by providing a curated list of top tools, significantly enhancing the speed and effectiveness of research and analysis. Notable features include an intuitive interface for surfacing resources and the ongoing community contribution model that allows users to submit additional tools.

AI Summary: The Mobile Application Penetration Testing Cheat Sheet serves as a comprehensive resource for security professionals, offering a concise compilation of essential information and checklists for mobile app penetration testing, aligned with the OWASP Mobile Risk Top 10. It encompasses detailed methodologies for both Android and iOS applications, covering aspects such as static and dynamic analysis, network security testing, and techniques for bypassing common security measures. Notable features include a section on mobile security testing distributions and frameworks, providing users with tailored tools and environments to facilitate effective security assessments.

AI Summary: Modlishka is an open-source penetration testing tool that operates as a man-in-the-middle proxy, allowing seamless proxying of multi-domain HTTP and HTTPS traffic without requiring client certificate installation. Its primary use case is in security testing, particularly for ethical phishing assessments and 2FA bypass demonstrations, providing features such as pattern-based JavaScript payload injection, user credential harvesting, and extensive support for various 2FA schemes. Additionally, Modlishka’s modular and stateless design enhances scalability, while its cross-platform compatibility ensures usability across major operating systems.

AI Summary: Multi Theft Auto: San Andreas (MTA) is an open-source modification that enables multiplayer gameplay for the single-player version of Grand Theft Auto: San Andreas through an advanced game engine framework. It incorporates networking and GUI rendering capabilities while allowing extensive customization via a Lua scripting language, making it possible to create custom game modes and content for multiple players. Notable features include code injection techniques for game manipulation without altering original files, a robust resource management system for asynchronous content delivery, and a collaborative community for development and support.

AI Summary: MyIP is a multifaceted IP toolbox that enables users to view and analyze their IP addresses, perform network diagnostics, and check website accessibility. Its notable features include detailed IP information retrieval, DNS leak testing, speed testing, and support for multiple languages, along with additional functionalities like proxy rule testing and a cybersecurity checklist. The tool is designed to be user-friendly, featuring dark mode, minimalist mobile optimization, and a Progressive Web App (PWA) support for enhanced accessibility.

AI Summary: Netcat for Windows is a TCP/IP utility designed for network diagnostics and exploration, functioning as a versatile “Swiss Army knife” for admins on the Windows platform. It supports both inbound and outbound connections over TCP or UDP, features built-in port scanning, DNS checks, and allows for custom local network configurations. Notably, this version excludes the potentially insecure -e switch to mitigate false positives from antivirus software, while also resolving issues encountered during telnet sessions.

AI Summary: NetExec is a community-driven network exploitation tool derived from the predecessor CrackMapExec, designed to facilitate network enumeration and execution of various tasks across multiple hosts. It boasts functionalities for maintaining and expanding the original tool’s capabilities, alongside regular updates and community contributions. Notable features include an emphasis on user collaboration, a dedicated Discord channel for support, and extensive documentation in development.

README

🚩 This is the open source repository of NetExec maintained by a community of passionate people

AI Summary: OWASP Nettacker is an automated penetration testing and information-gathering framework designed for cybersecurity professionals to conduct reconnaissance, vulnerability assessments, and network security audits. Key features include a modular architecture for customizable task execution, support for multi-protocol and multithreaded scanning, comprehensive output formats, and a user-friendly interface for managing scans, all of which enhance its efficacy in identifying weaknesses across diverse systems and applications.

README

OWASP Nettacker

AI Summary: Nginx-Lua-Anti-DDoS is a protective tool designed for Nginx web servers, leveraging Lua scripting to mitigate DDoS attacks through a JavaScript-based authentication puzzle inspired by Cloudflare’s “I’m Under Attack” mode. The tool features automatic detection and activation of protection mechanisms against various attack types, extensive IP and User-Agent filtering options, as well as capabilities to inspect and block malicious HTTP requests. With no limitation on attack size and built-in logging for monitoring, it offers customizable error responses and caching optimizations to enhance web server performance during attacks.

AI Summary: The Ullaakut/nmap library offers Go developers a comprehensive interface to leverage the features of the Nmap network scanner within their applications, facilitating the creation of security audit tools. By utilizing the Go language’s capabilities, the library allows for robust network scans, service detection, and easy parsing of XML outputs produced by the Nmap binary. Notable features include support for various scan types and the ability to manage scan timeouts, enhancing both flexibility and performance in penetration testing scenarios.

AI Summary: NodePass is an open-source network tunneling solution that provides enterprise-grade TCP/UDP tunneling with minimal configuration and high performance, designed for managing complex network scenarios. Key features include seamless protocol conversion, a connection pooling architecture for reduced latency, multi-level TLS security mechanisms, and real-time monitoring capabilities. The tool targets DevOps professionals and system administrators, facilitating effortless deployment and control in diverse networking conditions.

README

AI Summary: NoPE Proxy is a Burp Suite extension that facilitates the interception and analysis of TCP and UDP traffic, including non-HTTP protocols. Its notable features include a configurable DNS server that routes traffic to Burp, support for multiple listening ports for man-in-the-middle (MiTM) connections, and the ability to define match and replace rules for traffic manipulation. This tool is especially useful for security testing of mobile applications and thick clients, allowing seamless traffic analysis and modification.

AI Summary: The Open Source Security Guide serves as a comprehensive resource for enhancing the security of systems and networks by providing tutorials, standards, and tools relevant to open-source security practices. It includes sections on security certifications, threat models, and various security frameworks, along with a curated list of tools and resources to improve security operations. Notably, it aims to foster a collaborative environment for sharing best practices and advancing security through community initiatives.

AI Summary: OpenHaystack is a framework designed for tracking personal Bluetooth devices through Apple’s Find My network, enabling users to create custom tracking tags for various physical objects. It utilizes a macOS application and custom firmware for Bluetooth devices, allowing them to be discoverable by nearby iPhones that can report their location without requiring cellular coverage. Notably, OpenHaystack leverages reverse-engineering and security analysis of Apple’s offline finding features, though it remains experimental and untested.

AI Summary: OpenWifiPass is an open-source implementation of the grantor role in Apple’s Wi-Fi Password Sharing protocol, designed for sharing Wi-Fi credentials (SSID and PSK) using Bluetooth Low Energy on Linux systems like the Raspberry Pi. It serves educational and experimental purposes, featuring a simple command-line interface to initiate the sharing process, although it currently lacks identity verification for requestors, posing security risks when handling sensitive credentials. Notably, the project includes a reusable OPACK (de)serializer for handling packet data, emphasizing its experimental nature and community-driven development.

AI Summary: Passhunt is a tool designed to search for default credentials across network devices and web applications from a database of 523 vendors and 2084 default passwords. It facilitates quick access to these credentials through a simple command-line interface, allowing users to select vendors and retrieve associated default passwords efficiently. Notable features include the comprehensive vendor database and the ease of installation and usage with Python.

README

Passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

AI Summary: The Penetration Testing Tools repository is a comprehensive collection of over 160 scripts, utilities, and cheatsheets designed for Penetration Testing and IT security audits. It encompasses a wide range of categories including cloud assessments, network protocols, web security, and red teaming, enabling practitioners to increase efficiency and improve technical assurance in their engagements. Notable features include modular organization by function, a focus on real-world applicability, and the absence of sensitive client-specific information.

AI Summary: Pi-PwnBox is a headless Raspberry Pi-based Rogue Access Point (RogueAP) designed for conducting Red Team engagements and WiFi security assessments. It leverages Alfa WiFi USB adapters for a variety of WiFi attacks and includes features such as remote access, a comprehensive setup process, and associated WiFi hacking resources. This tool is particularly suited for on-site testing and learning environments focused on WiFi security.

README

Pi-PwnBox :rocket: -RogueAP :satellite:

Homemade (headless) PwnBox / RogueAP based on Raspberry Pi & Alfa WiFi USB Adapters.

AI Summary: Pixiewps is a C-based tool that performs offline brute-force attacks on WPS PINs utilizing the “pixie-dust attack,” allowing it to potentially recover vulnerable pins in seconds to minutes, as opposed to hours. Notably, since version 1.4, it can also retrieve WPA-PSK from passive captures and includes support for multi-threading to enhance performance. Designed primarily for educational purposes, Pixiewps requires specific input parameters related to WPS authentication, and offers various operational modes for advanced usage.

AI Summary: pretender is a versatile tool designed for executing man-in-the-middle (MitM) attacks by spoofing local name resolutions and performing DHCPv6 DNS takeover. It specializes in relaying attacks primarily against Windows hosts, leveraging protocols such as mDNS, LLMNR, and NetBIOS-NS spoofing. Notable features include the ability to log network queries in dry run mode, tailored domain responses, and integration with relaying tools like Impacket’s ntlmrelayx.py and krbrelayx.

README

pretender

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover
as well as mDNS, LLMNR and NetBIOS-NS spoofing

AI Summary: Pwnagotchi is a Raspberry Pi-based tool designed for capturing WPA key material from Wi-Fi networks using passive and active techniques, generating PCAP files compatible with hashcat for cracking. Notable features include the ability to perform full and half WPA handshake captures, utilize PMKID attacks, and facilitate communication between multiple Pwnagotchi units through a custom protocol. The tool has removed AI components to enhance stability and battery life during operation.

AI Summary: PyGOD is a Python library designed for graph outlier detection, enabling users to identify anomalies in various structures such as social networks and security systems. It offers over ten detection algorithms, maintains a unified API for ease of use, and supports multiple levels of outlier detection (node, edge, and graph-level) while being compatible with PyTorch Geometric. Key features include scalable design for large graph processing, comprehensive documentation, and streamlined data handling with PyG data objects.

AI Summary: pythem is a versatile penetration testing framework written in Python, designed for use by security researchers and professionals to conduct various security assessments within legal boundaries. Notable features include support for attacks such as ARP spoofing, DNS manipulation, brute force attacks on SSH and web forms, as well as tools for exploit development and packet filtering. The framework can be installed on Debian-based Linux distributions, or run as a Docker container, facilitating accessibility and ease of deployment.

AI Summary: requests-ip-rotator is a Python library designed to leverage AWS API Gateway’s extensive IP pool to generate numerous unique IP addresses for web scraping and brute forcing, enabling users to circumvent IP-based rate limits. The tool automatically randomizes the X-Forwarded-For headers to obscure the client’s true IP while allowing for easy integration with the requests library. Notably, it offers both manual and automatic gateway management methods for user convenience, along with cost-effective usage under AWS’s free tier.

AI Summary: Resolvers is an extensive repository of validated DNS resolvers designed for use in DNS enumeration tasks, catering primarily to security professionals and penetration testers. The tool offers various lists, including a simple resolver list, an extended version with detailed metadata about each resolver, and a selection of trusted resolvers from reputable organizations like Cloudflare and Google. Notably, it employs a robust validation process using multiple instances of dnsvalidator to ensure the reliability of the resolver data, which is continuously updated through community contributions.

AI Summary: Ronin is an open-source Ruby toolkit designed for security research and development, featuring a comprehensive suite of CLI commands and libraries tailored for various security tasks such as data encoding/decoding, vulnerability scanning, fuzzing, and reconnaissance. Notable features include a fully-loaded Ruby REPL, a lightweight web UI for database interaction, and the ability to install and run third-party exploits or payloads. This tool is primarily used by security researchers, bug bounty hunters, and developers for efficient data processing and rapid script prototyping.

AI Summary: Rustcat is a versatile port listener and reverse shell utility compatible with Linux, MacOS, and Windows, designed to simplify remote command execution. Notable features include an interactive mode with command history, tab completion, and CTRL-C blocking, which enhance user experience during shell operations. It provides two primary modes of operation: listening for incoming connections and establishing reverse shells for remote system access.

README

AI Summary: RustHound is a cross-platform BloodHound collector tool developed in Rust, designed to generate data about users, groups, computers, OUs, GPOs, and containers for analysis within BloodHound. It operates silently without detection by antivirus software and is suitable for environments where SharpHound is blocked or incompatible. Notable features include its ability to run on Linux, Windows, and macOS, along with a range of compile options, including Docker support and static binary generation.

AI Summary: RustScan is an advanced port scanner designed for high-speed operation, capable of scanning all 65,000 ports in just 3 seconds. Its notable features include a flexible scripting engine that supports Python, Lua, and Shell for automated processing, as well as adaptive learning capabilities that enhance its performance over time, making it a highly effective tool for network security assessments.

README

AI Summary: Sandman is a backdoor designed for use during red team engagements, specifically tailored to operate on hardened networks by leveraging the NTP protocol to retrieve and execute arbitrary shellcode from a designated server. Notable features include the ability to spoof legitimate IP addresses for NTP, execute as a standalone C# application, and the flexibility to function across various operating systems including Windows and Linux, enhancing its covert capabilities in security assessments.

AI Summary: sandmap is a reconnaissance tool that enhances the capabilities of the Nmap engine, providing a simplified command line interface for automating and expediting network and system scanning processes. It offers 31 modules with 459 predefined scan profiles, support for the Nmap Scripting Engine (NSE), and integration with TOR for enhanced privacy during scans, allowing users to execute multiple scans simultaneously.

README

sandmap

Description • How To Use • Command Line • Configuration • Requirements • Other • Contributing • License • Wiki

AI Summary: Scanners Box is a comprehensive hacker toolkit that consolidates over 335 open-source scanners across various categories, such as subdomain enumeration, SQL injection vulnerability detection, and malware detection. The tool is designed for modular vulnerability assessment and does not include well-known scanning tools like Nmap or Metasploit, focusing instead on specialized scanning capabilities. Notable features include AI-powered autonomous scanners, dynamic and static code analysis, and comprehensive scanning for web applications and IoT devices.

AI Summary: Scapy is a versatile Python-based tool for interactive packet manipulation that allows users to forge, decode, and analyze packets across various network protocols. Its primary use cases include network scanning, tracerouting, and custom packet crafting, enabling complex tasks such as VLAN hopping and ARP cache poisoning. Notable features include extensive protocol support, intuitive shell interaction, and the ability to easily integrate into automated tests and attacks, making it a comprehensive option for cybersecurity professionals.

AI Summary: Scilla is an information gathering tool designed for DNS, subdomains, ports, and directories enumeration. Its primary use case is for penetration testing, providing capabilities for extensive reconnaissance on target domains. Notable features include customizable wordlists for subdomain and directory enumeration, multiple output formats, and ease of installation through various methods such as Homebrew, Snap, and Docker.

README

🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration


_{Coded with 💙 by edoardottt}
Share on Twitter!

AI Summary: Security Onion 2.4 is an open-source Linux distribution for intrusion detection, network monitoring, and log management. Its primary use case is to provide security operations teams with tools to detect and respond to threats through features such as alert management, detailed dashboards, and packet capture (PCAP) capabilities. Notable functionalities include a hunting interface, customizable detection rules, and comprehensive configuration options, facilitating a proactive approach to cybersecurity.

README

Security Onion 2.4

Security Onion 2.4 is here!

AI Summary: The Shark Jack Payload Library provides a collection of community-driven payloads and extensions specifically designed for the Hak5 Shark Jack device, utilizing DuckyScript™ and Bash. Its primary use case is to enrich the functionality of the Shark Jack with customizable scripts for cybersecurity tasks, while also encouraging developer contributions for new payloads. Notable features include a platform for community collaboration and integration with Payload Studio for seamless payload creation.

AI Summary: Silver is a mass vulnerability scanner that integrates with masscan and nmap to provide rapid, comprehensive TCP port scanning and vulnerability assessment. Notable features include resumable scanning, multi-core utilization, caching of vulnerability data, and integration with Shodan, allowing for efficient parallel processing and streamlined notifications through Slack. Its support for various input formats and customizable scanning options enhances its usability for security assessments across different environments.

README

Silver

Mass Vulnerability Scanner

AI Summary: Skanuvaty is a high-performance DNS/network/port scanning tool that allows users to quickly analyze a domain by discovering its subdomains and resolving their corresponding IPs. Notable features include support for concurrent scans, with the ability to test thousands of subdomains within seconds, and the generation of a comprehensive output file in JSON format for further analysis.

README

Skanuvaty

Dangerously fast dns/network/port scanner, all-in-one.

Start with a domain, and we’ll find everything about it.

AI Summary: Social-Media-OSINT is a comprehensive resource tool designed for open-source intelligence (OSINT) gathering on various social media platforms and messenger applications. Its primary use case includes providing links to tools, techniques, and methodologies for effective information extraction and analysis across platforms such as Facebook, Instagram, LinkedIn, and more. Notable features include extensive categorization of social media types and resources for advanced analytics on topics like hate speech and disinformation.

AI Summary: Spoilerwall is a network hardening tool that obscures open ports by serving movie spoilers whenever a scan is performed, effectively misleading potential attackers. Its primary use case is to create a deceptive environment that appears vulnerable but instead provides mundane content, deterring unwanted attention and scans. Notable features include customizable spoiler content, easy server setup, and the ability to redirect all TCP traffic to the Spoilerwall service, enhancing security through obfuscation.

AI Summary: SSH-MITM is a security auditing tool that functions as a man-in-the-middle SSH server, capable of intercepting and analyzing SSH sessions. It supports various authentication methods, including public key and password authentication, along with features like session hijacking, file manipulation during SCP/SFTP transfers, and dynamic port forwarding. Notably, it also includes capabilities for phishing FIDO tokens and auditing clients for known vulnerabilities, making it a versatile solution for security assessments.

AI Summary: SteamKit is a .NET library that facilitates interaction with Valve’s Steam network, providing a flexible and extensible interface for executing various network operations. Its primary use case is enabling developers to create applications that can leverage Steam’s functionalities, such as game management and account handling. Notable features include its distribution as a NuGet package for easy integration, comprehensive XML documentation, and support for .NET 10.0 or higher.

README

SteamKit

AI Summary: THC-Archive is a repository that consolidates all releases from The Hacker’s Choice, a prominent security research group. This collection serves as a backup for their work, ensuring that projects are preserved despite the lack of a full web server. Notable active projects include THC-Hydra, THC-IPv6, and utilities aimed at various hacking and security tasks.

README

THC-Archive

All releases of the security research group (a.k.a. hackers) The Hacker’s Choice

AI Summary: THC-Hydra is a versatile password-cracking tool designed for testing the security of various network services by attempting to gain unauthorized access through brute-force attacks. It supports multiple protocols, including FTP, HTTP, SSH, and many others, enabling security researchers and consultants to evaluate password strength and recognize vulnerabilities across a wide range of applications. Notable features include its ability to conduct parallelized connection attempts and an extensible module engine for easy addition of new protocols.

AI Summary: Tilted Online is a framework designed to facilitate multiplayer gameplay in Bethesda’s Skyrim Special Edition. It provides essential components such as game client sources, an immersive launcher, and server implementations, all structured to enhance the multiplayer experience. Notable features include a modular architecture for client-server interactions and community-driven development, allowing contributors with C++ experience to actively participate.

README

Tilted Online

AI Summary: TorBot is an open-source intelligence tool designed for crawling and gathering data from .onion websites on the dark web. Its primary use case involves extracting page titles, saving links in a database, and visualizing link relationships, facilitating user insights into dark web resources. Notable features include the ability to check link status, customize crawling depth, and output results in various formats such as JSON and HTML.

README

                         ████████╗ ██████╗ ██████╗     ██████╗  ██████╗ ████████╗
                         ╚══██╔══╝██╔═══██╗██╔══██╗    ██╔══██╗██╔═████╗╚══██╔══╝
                            ██║   ██║   ██║██████╔╝    ██████╔╝██║██╔██║   ██║
                            ██║   ██║   ██║██╔══██╗    ██╔══██╗████╔╝██║   ██║
                            ██║   ╚██████╔╝██║  ██║    ██████╔╝╚██████╔╝   ██║
                            ╚═╝    ╚═════╝ ╚═╝  ╚═╝    ╚═════╝  ╚═════╝    ╚═╝

                            Open Source Intelligence Tool for the Dark Web

AI Summary: The TryHackMe Road Map repository provides a comprehensive list of over 350 free TryHackMe rooms categorized by various cybersecurity topics to facilitate learning and practice in ethical hacking. Its primary use case is to help individuals, from beginners to advanced users, streamline their training by accessing a structured pathway through challenges in areas such as Linux fundamentals, web security, and more. Notable features include the organization of topics for a sequential learning approach and the inclusion of various practical scenarios to enhance hands-on experience in cybersecurity.

AI Summary: Wifi-deauth is a cybersecurity tool designed to perform denial-of-service (DoS) attacks by disconnecting all devices from a targeted Wi-Fi network without requiring the network’s password. It operates by sending spoofed deauthentication packets to both the access point and its connected clients, with the capability to operate across multiple channels simultaneously, supporting both 2.4GHz and 5GHz bands. Notable features include the ability to filter attacks by specific SSIDs or BSSIDs, optional usage of multiple interfaces, and tailored channel scanning to enhance attack efficacy.

AI Summary: Wifi-Hacking is a cybersecurity tool designed to penetrate and retrieve Wi-Fi passwords using various methods, including scanning networks, capturing handshakes, and employing WPS attacks. Its notable features include the ability to start and stop monitor mode, create custom wordlists for cracking, and support for multiple Linux-based operating systems, making it versatile for penetration testing and educational purposes. Users are cautioned to utilize this tool responsibly and ethically.

README

AI Summary: The Wireless Carplay Dongle Reverse Engineering tool provides a framework for gaining root access and modifying firmware on various Carlinkit wireless Carplay dongles, primarily aimed at enthusiasts looking to customize their devices. Key features include the ability to switch between firmware versions using both software and hardware methods, alongside insights into hardware components and their specifications. Additionally, the repository documents the challenges faced due to recent updates from Carlinkit that have hardened the firmware against reverse engineering.

AI Summary: Xteam is a multifunctional tool designed for information gathering and security testing, primarily targeting Instagram data extraction, Android lockscreen cracking, and phishing methods. It includes features for wireless attacks and provides an update script to enhance its capabilities. The tool operates on Termux and Kali Linux, requiring no root access for installation.

README

Xteam tool

## Screenshot:

Features:

• Insta information gathering
• Crack android lockscreen interfaces
• Phishing Hacks
• Wireless attacks added
• Update script
• Remove script
• more coming…

Requirements

• Data connection