AI Summary: FilelessPELoader is a tool designed to load and execute AES-encrypted Portable Executable (PE) files directly into memory, bypassing the need for traditional file storage. Its primary use case is to facilitate stealthy execution of payloads in memory, enhancing evasion techniques commonly utilized in cybersecurity attacks. Notable features include the ability to decrypt the PE file in-memory and execute it without leaving traces on disk.

README

FilelessPELoader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

AI Summary: FinalRecon is an automated web reconnaissance tool designed to efficiently gather comprehensive information about a target in a short time, maintaining high accuracy without the overhead of multiple dependencies. Notable features include detailed data collection on headers, WHOIS, SSL certificate information, DNS enumeration, subdomain and directory enumeration, web crawling, and a port scanning functionality, all in one compact solution. This tool is especially useful for OSINT practitioners seeking quick and reliable data during the reconnaissance phase of security assessments.

AI Summary: Findomain is a comprehensive domain recognition tool designed for efficient subdomain enumeration and monitoring. It utilizes Certificate Transparency Logs and various APIs to discover subdomains without brute-force methods, supports multi-threading for quick searches, and offers integration with notification services such as Discord and Slack. Notable features include DNS over TLS support, parallel resolution capabilities, and extensive configuration options across multiple formats.

README

AI Summary: Firecrack is a multi-functional penetration testing tool designed for exploiting vulnerabilities in websites and Facebook accounts. Its primary use cases include executing brute force attacks on Facebook accounts, finding administrative panels, performing Bing dorking for domain collection, and facilitating website defacement using the file upload method. Notable features include the ability to conduct random attacks on multiple Facebook accounts and an integrated admin finder tool.

README

Firecrack :fire:

What is firecrack tools ? Firecrack tools are tools for testing and testing on websites or Facebook accounts, conducting
testing on hundreds of Facebook accounts with random accounts and random wordlist, and there are
for testing websites, such as admin finder and deface with file upload method, and Bing dorking
to collect Many domains, Bing Dorking is useful if you are collecting a lot of domains.
more tools: :point_down:

firecrack fiture:

AI Summary: FISSURE is an open-source RF framework designed for signal understanding and reverse engineering, catering to both operational and educational needs. It enables users to detect, classify, and manipulate RF signals, perform automated vulnerability testing, and integrate with TAK for real-time situational awareness. Key features include support for various deployment options, from desktop GUIs to headless nodes, and a robust plugin ecosystem for enhanced functionality.

README

FISSURE - The RF Framework

Frequency Independent SDR-based Signal Understanding and Reverse Engineering

AI Summary: flare-emu is an advanced emulation tool that integrates with binary analysis frameworks such as IDA Pro or Radare2, leveraging the Unicorn emulation framework to facilitate flexible and efficient code analysis. It offers multiple interfaces for emulating instruction ranges, iterating through function paths, and handling complex emulation scenarios, making it suitable for deep analysis of executable binaries across various architectures including x86, ARM, and their 64-bit counterparts. Notably, it provides functionalities for user-defined hooks, direct memory manipulation, and dynamic code discovery, enhancing the analyst’s ability to probe and understand obfuscated or complex binaries.

AI Summary: Flask Session Cookie Manager is a Python tool that encodes and decodes Flask session cookies, facilitating easier management of session data. It offers commands for encoding session information into a cookie format and decoding existing cookies back into a readable structure, with support for both Python 2 and 3. Notable features include optional secret key usage for secure operations and clear command-line arguments for encoding and decoding tasks.

AI Summary: FLIRTDB is a repository for storing and sharing signature files generated using the Fast Library Identification and Recognition Technology (FLIRT) used by IDA for identifying and renaming known library subroutines in disassembled binaries. Its primary use case is to alleviate the challenges faced by reverse engineers who require signature files for various library versions that may not be provided by Hex-Rays, allowing for easier analysis of symbol-stripped binaries. Notable features include community contributions for generating and organizing signatures, support for conflict management, and adherence to ethical submission guidelines.

AI Summary: Flowsint is an open-source OSINT graph exploration tool designed to facilitate ethical investigations by visualizing relationships between entities in a graph format. Its primary use case is in reconnaissance tasks, providing a suite of automated enrichers for domains, IPs, social media, organizations, and more, thus allowing users to gather comprehensive intelligence efficiently while ensuring data privacy by storing everything locally. Notable features include advanced enrichers for domain and IP investigations, as well as integrations for broader workflow connectivity.

AI Summary: Fofa Viewer is a user-friendly FOFA client developed in JavaFX, designed for cybersecurity professionals to efficiently search for vulnerabilities on target websites using the FOFA search engine. Key features include multi-tab query result display, Excel export capabilities, intelligent input suggestions, and advanced functionalities such as certificate conversion and exclusion of honeypots for premium members. This tool streamlines the information gathering process for penetration testers with its robust API integration and customizable configurations.

AI Summary: Forensia is an anti-forensics tool designed for red teamers to eliminate traces during the post-exploitation phase. Its primary use case is to enhance evasion by supporting various functionalities such as unloading Sysmon drivers, employing the Gutmann method for file shredding, and disabling multiple logging mechanisms. Notable features include log erasure, file melting capabilities, and the ability to clear recent user activity and cache, thereby reducing the likelihood of detection by incident response teams.

AI Summary: Free-Auto-GPT is an open-source implementation of autonomous AI agents like Auto-GPT and BabyAGI, designed to operate without paid APIs, thus enabling users to leverage advanced AI capabilities at no cost. Its notable features include easy integration with the Hugging Face and ChatGPT ecosystems, allowing users to access a variety of AI models without significant hardware requirements or financial constraints. This democratizes AI technology, making it accessible for small businesses and individuals seeking to innovate without hefty investments.

AI Summary: free-one-api is a flexible API tool that allows users to access various large language model (LLM) reverse engineering libraries via a standard OpenAI API format. Its primary use case is facilitating seamless interactions with multiple LLMs while providing notable features such as automatic load balancing, web UI support, streaming mode, and a heartbeat detection mechanism to ensure reliability. Additionally, it enables contributors to expand its functionality by testing and integrating new adapters.

AI Summary: frida-ios-dump is a tool designed for extracting decrypted IPA files from jailbroken iOS devices. The primary use case involves leveraging Frida to automate the process of dumping application binaries, making it particularly useful for security researchers and developers analyzing iOS applications. Notable features include support for both Python 2.x and 3.x, as well as a straightforward command-line interface for initiating the dump process with either the display name or bundle identifier of the target app.

AI Summary: Frida iOS Hook is a Python-based tool designed for dynamic analysis and function hooking of iOS applications through Frida. Its primary use case involves tracing classes and functions, modifying method return values, and providing a suite of commands for process manipulation, memory dumping, and API interception. Notable features include support for both spawn and attach modes, an interactive CLI, and extensive options for script execution and device management.

AI Summary: Frida-Labs is a repository designed to facilitate learning Frida for Android through a series of structured challenges, ranging from basic setup to intermediate-level tasks. The primary use case is to help users grasp the fundamentals of using Frida by engaging with practical scenarios that involve hooking methods, changing variable values, and native function invocation. Notable features include a variety of challenges, organized solutions, and an emphasis on understanding Frida scripts, making it an ideal starting point for beginners.

AI Summary: The frida-scripts repository provides a collection of instrumentation scripts designed for reverse engineering applications on iOS, Android, and Linux platforms using the Frida tool. Key features include full-featured tracers and enumerators for Objective-C, Java, and Linux binaries, enabling deep analysis and manipulation of app behaviors. The scripts may require customization and are suitable for advanced users involved in mobile and software security research.

README

frida-scripts

A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps and more.

AI Summary: Fridare is an automation tool for modifying the Frida server on iOS, Android, Linux, and Windows platforms, designed to enhance security and flexibility by allowing users to change server names and ports while bypassing jailbreak detection. The tool features a dual-mode interface, offering both a robust command line and a modern graphical user interface (GUI) based on the Fyne framework, facilitating intuitive server modifications and visual feedback. Notable functionalities include cross-platform support, binary replacement, custom packaging, and dependency management, making it a comprehensive solution for Frida users across different environments.

AI Summary: Fscan is a comprehensive internal network scanning tool designed for automated vulnerability assessment and information gathering. Its primary use case encompasses host discovery, port scanning, credential brute-forcing across various protocols, system vulnerability detection, and web application scanning, including comprehensive support for various databases and frameworks. Notable features include the ability to exploit vulnerabilities such as MS17-010, SSH remote command execution, and the storage of scan results for further analysis.

AI Summary: fsociety is a modular penetration testing framework designed to assist cybersecurity professionals in conducting security assessments. Notable features include a command-line interface with options for retrieving information and suggesting tools, as well as support for installation via pip and Docker. The framework’s modular approach allows users to integrate various tools for comprehensive security testing.

README

fsociety

AI Summary: Fsociety is a comprehensive penetration testing framework designed to provide a wide array of hacking tools utilized in the Mr. Robot series. It features modules for information gathering, password attacks, wireless testing, exploitation, web hacking, and post-exploitation, all implemented in Python 2, with detailed installation instructions for various platforms, including Docker support. Notable tools included are Nmap, sqlmap, WPScan, and several others tailored for diverse security testing scenarios.

AI Summary: Fuxploider is an open-source penetration testing tool designed to automate the detection and exploitation of vulnerabilities in file upload forms. Its primary use case is to identify permissible file types and effectively upload web shells or malicious files to targeted web servers using optimized techniques. Notable features include support for Python 3.6 and the ability to utilize Docker for installation, providing flexibility across different environments.

README

fuxploider

AI Summary: fuzzDicts is a comprehensive web penetration testing dictionary tool designed for security professionals to enhance fuzzing and brute-force attacks. It features an extensive collection of payloads, username lists, and weak password dictionaries, regularly updated to include specific vulnerabilities across different systems, including Unix and Windows. Notable features include categorized dictionaries for remote code execution, XSS attacks, and various common website directories, making it a valuable resource for security testing and exploitation.

AI Summary: FuzzForge AI is an open-source orchestration platform that leverages AI agents to automate security research workflows via the Model Context Protocol (MCP). It enables seamless interaction with containerized security tools, allowing AI agents to discover, chain, and execute tasks for vulnerability assessment and analysis autonomously. Notable features include a hub architecture for tool discovery, support for AI-native workflows, and the capability to create automated pipelines tailored for specific use cases such as firmware vulnerability research or Rust fuzzing.

AI Summary: Galaxy Bugbounty Checklist is a comprehensive tool designed to aid bug bounty hunters by providing an organized and detailed checklist of security assessment techniques. It includes specific references for various testing methodologies such as Account Takeover, CSRF Bypass, and OSINT, making it an essential resource for systematic vulnerability evaluation. Notable features include its structured format and accessibility for users to seek assistance directly through the provided contact.

README

Notes

• Try to make best Bug Bounty Checklist.
• All checklists come with references.
• Feel free to contact me maximus0xday [at] gmail if you have any question.

To do list: