AI Summary: WhiteWinterWolf’s PHP web shell is a lightweight tool designed for reliable remote server access, focusing on compatibility with both UNIX-like and Windows systems without requiring modifications. It addresses common limitations in existing web shells, such as incorrect assumptions about URLs, and supports clean PHP output execution while providing features like password protection, working directory setting, and dual file upload methods. The tool adheres to the KISS principle, making it straightforward to integrate with various exploitation techniques.

AI Summary: X-osint is an open-source OSINT tool designed for gathering credible information related to phone numbers, email addresses, and IP addresses, with additional features planned for future updates. Notably, it includes functionalities for IP and email information gathering, metadata extraction from images and files, subdomain enumeration, and DNS lookups, among others. The tool is built using Python and Bash and is maintained actively, ensuring regular updates and enhancements.

README

X-osint

This is an osint tool which gathers useful and yet credible valid information about a phone number, user’s email address and ip address and more to come in future updates

AI Summary: xAnalyzer is a plugin for the x64dbg debugger designed to enhance static code analysis of debugged applications. It leverages extensive API function call detection and provides detailed function definitions, argument types, and additional debugging information, greatly improving the user’s comprehension before commencing debugging tasks. Notable features include automatic loop detection, user-maintained definition files, and support for over 13,000 API definitions from approximately 200 DLLs.

README

AI Summary: XAttacker is a comprehensive exploitation tool designed for scanning and auto-exploiting vulnerabilities in web applications, particularly those using popular Content Management Systems (CMS). It identifies the target website’s architecture, detects vulnerabilities, generates exploits, and provides the user with the relevant exploit link. Notable features include a vulnerability scanner, auto-exploiting capabilities, and support for multiple CMS platforms, along with dork search functionality across various search engines.

README

XAttacker V2.5 Tool FREE

XATTACKER A Massive Exploiting Tool capable of scanning and auto-exploiting vulnerabilities in web applications, By providing a target website to the tool, it auto detects its’ architecture if using a Content Management Service (CMS) and tries to find vulnerabilities based on the detected CMS, After finding the vulnerabilities the tool will generate an exploit for the website and send the user the link of the exploit.

AI Summary: XELFViewer is a cross-platform ELF file viewer and editor designed for Windows, Linux, and MacOS environments. Its primary use case includes analyzing and modifying ELF (Executable and Linkable Format) files, which are commonly used in Unix-based operating systems. Notable features include a user-friendly interface for navigation, functionality for both viewing and editing file contents, and support for community translations.

README

ELF file viewer/editor for Windows, Linux and MacOS.

AI Summary: Xencrypt is a PowerShell-based crypter designed to compress and encrypt PowerShell scripts while bypassing AMSI and modern antivirus solutions. Its notable features include variable name randomization, support for recursive layering of encrypted scripts, and a minimal overhead due to compression. This open-source tool serves as a demonstration for users looking to develop their own crypters, offering flexibility for customization and ease of use.

README

Xencrypt

PowerShell crypter v 1.0

Authors

Xentropy ( @SamuelAnttila )
SecForce ( @SECFORCE_LTD )

AI Summary: xeuledoc is a Python tool designed for retrieving metadata and information from various types of public Google documents, including Google Drive files, Google Docs, Sheets, Slides, Drawings, My Maps, Apps Script, and Jamboard. Notable features include ease of installation via PyPI and GitHub, and the ability to handle multiple Google document formats, making it a versatile solution for information extraction from Google’s platform.

README

xeuledoc

AI Summary: XHUNTER is an advanced Android Remote Access Tool (RAT) designed for penetration testing and ethical hacking purposes. It simplifies the connection process between the attacker and victim by eliminating the need for complex port forwarding, offering a user-friendly interface for controlling a victim’s Android device. Notable features include the capability to build and bind payloads to legitimate applications and an intuitive setup process for immediate usability.

README

AI Summary: XMachOViewer is a cross-platform Mach-O file analysis tool designed for Windows, Linux, and macOS. Its primary use case involves examining Mach-O binaries through features such as heuristic scanning, string and hex viewing, disassembly, entropy analysis, and dynamic library linking, enabling users to uncover characteristics, anomalies, and cryptographic signatures within the files. Notable features include support for multiple architectures, automatic file format detection, and a detailed symbol table viewer.

AI Summary: XMiR-Patcher is a firmware patching tool specifically designed for Xiaomi routers, facilitating the modification of router firmware for enhanced functionality. It supports both Windows and Linux/Mac operating systems, requiring Python 3.8+ and OpenSSL for operation. Notable features include straightforward execution through batch and shell scripts, making it accessible for users across different platforms.

README

XMiR-Patcher

Firmware patcher for Xiaomi routers

Usage

Windows

• Run run.bat

Linux / Mac OS

• Install python 3.8+ and openssl
• Run run.sh

Donations

AI Summary: xoreos is an open-source reimplementation of BioWare’s Aurora engine, targeting classic games like Neverwinter Nights and Dragon Age II to provide portable access across platforms. The tool currently supports basic graphics rendering and sound playback, with partial in-game graphics and a starting point for a scripting system, though no full gameplay mechanics are implemented yet. Its modular design allows for contributions from the community, fostering ongoing development and enhancement of supported titles.

AI Summary: XPEViewer is a cross-platform PE file viewer and editor designed for Windows, Linux, and macOS environments. Its primary use case is to facilitate the analysis and modification of Portable Executable (PE) files, making it a valuable tool for reverse engineers and software developers. Notable features include functionality for viewing various PE file sections, editing capabilities, and support for community contributions through translation.

README

AI Summary: XSSer is an automated framework designed for the detection, exploitation, and reporting of Cross-Site Scripting (XSS) vulnerabilities in web applications. It features over 1300 pre-installed XSS attack vectors, sophisticated techniques for bypassing various web application firewalls (WAFs) and browsers, and is capable of operating on multiple platforms with dependencies on Python and essential libraries such as Selenium and BeautifulSoup.

README

• Web: https://xsser.03c8.net

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

AI Summary: XSS’OR is a versatile tool designed for exploiting cross-site scripting (XSS) vulnerabilities through JavaScript-based payloads. Its primary use case involves encoding, decoding, and probing potential attack vectors, making it applicable for security testing and penetration testing scenarios. Notable features include a web interface for payload manipulation, compatibility with both Python 2 and 3, and robust support for Docker deployment.

README

XSS’OR

XSS’OR - Hack with JavaScript.

ONLINE

You can have a try:

AI Summary: Xteam is a multifunctional tool designed for information gathering and security testing, primarily targeting Instagram data extraction, Android lockscreen cracking, and phishing methods. It includes features for wireless attacks and provides an update script to enhance its capabilities. The tool operates on Termux and Kali Linux, requiring no root access for installation.

README

Xteam tool

## Screenshot:

Features:

• Insta information gathering
• Crack android lockscreen interfaces
• Phishing Hacks
• Wireless attacks added
• Update script
• Remove script
• more coming…

Requirements

• Data connection

AI Summary: Yakit is an interactive application security testing platform that integrates the CyberSecurity Domain Specific Language (CDSL) for enhanced security operations. Its primary use case is to provide a comprehensive GUI for manipulating security testing capacities via a gRPC server, fully replacing tools like BurpSuite and offering unique features such as a visual web fuzzing tool and a plugin store for customizable security scripts. Additionally, Yakit allows non-coders to harness advanced security capabilities without programming knowledge, facilitating both local and remote deployment.

AI Summary: yarGen is a YARA rule generator designed to create rules based on strings extracted from malware files while filtering out strings common to goodware, thereby enhancing detection capabilities. Notable features include the integration of a naive-Bayes classifier for improved string selection, opcode processing from PE files, and support for additional conditions using the pe module. The tool also allows for output tailored for AI processing by appending instructions to generated rules when using the --ai flag.

AI Summary: Yark is a YouTube archiving tool designed to simplify the process of downloading and managing video content and metadata from YouTube channels. Its primary use case is to create and maintain local archives of videos, allowing users to refresh and view their collections offline, complete with timeline reports and commenting features. Notable features include an easy-to-use command line interface, support for rich history and stats visualization, and a robust directory-based archive structure that preserves deleted or private videos.

AI Summary: Yes, it’s me! is a Python-based Open Source Intelligence (OSINT) tool designed to locate Instagram profiles via name, email, or phone number. It effectively utilizes indexing from dumpor.com to fetch usernames associated with a specified name and compares them against provided obfuscated contact details, enabling streamlined online investigations. Notable features include multi-level match scoring, customizable request timeouts, and support for partial inputs to enhance user anonymity.

README

AI Summary: ysoserial is a proof-of-concept tool designed to generate payloads for exploiting vulnerabilities related to unsafe Java object deserialization. It includes a collection of property-oriented programming “gadget chains” for various Java libraries, allowing users to execute arbitrary commands on an application host when deserialization occurs under vulnerable conditions. Notable features include support for multiple payload types and compatibility with various Java libraries, making it a versatile tool for security researchers focusing on Java application vulnerabilities.

AI Summary: Zehef is an OSINT tool designed to gather public information on targeted email addresses. Its primary use case includes checking if an email is associated with any data breaches, pastes on platforms like Pastebin, and identifying linked social media accounts across various services. Notable features include email combination generation and integration with breach detection services like HudsonRock.

README

Z e h e f

Zehef is an osint tool who studies the emails 📩

😇 Abouts zehef

Zehef v2 is a tool focused on finding public information on a targeted email.

AI Summary: Zero Attacker is a suite of ethical hacking tools designed for penetration testing and includes both free and paid advanced tools. It offers a user-friendly interface for quick setup and execution via Python, with additional features available upon request through their Discord server. The tool emphasizes community engagement and support, aiming to facilitate a comprehensive hacking experience for users.

README

Zero Attacker

launching new version beta testing is here add me on discord .asjad asap

AI Summary: ZeusCloud is an open-source cloud security platform designed to discover, prioritize, and remediate security risks across AWS environments. Its notable features include asset inventory creation, attack path discovery, graphical visualization of risks, customizable security controls, and comprehensive remediation guides, all aligned with compliance standards such as PCI DSS and CIS benchmarks. This tool addresses the complexities and challenges of securing expanding cloud workloads with user-friendly and actionable insights.

AI Summary: zizmor is a static analysis tool designed specifically for GitHub Actions, aimed at identifying common security vulnerabilities within CI/CD workflows. It detects issues such as template injection vulnerabilities, accidental credential leakage, excessive permission grants, and misleading git references, among others. The tool’s primary use case is to enhance the security posture of automated workflows by providing insights and recommendations for remediation.

README

🌈 zizmor

zizmor is a static analysis tool for GitHub Actions.

AI Summary: Zygisk-Il2CppDumper is a tool designed for dumping IL2CPP data at runtime while leveraging Zygisk to effectively bypass various protections, encryptions, and obfuscations. Its primary use case is for developers and security researchers needing to extract and analyze IL2CPP binaries from Android applications. Notable features include its compatibility with Magisk, flexible installation methods, and the ability to automate the dumping process through GitHub Actions or Android Studio.

README

Zygisk-Il2CppDumper

Il2CppDumper with Zygisk, dump il2cpp data at runtime, can bypass protection, encryption and obfuscation.