AI Summary: ADB-Toolkit is a comprehensive toolkit designed for testing and auditing Android Debug Bridge (ADB) configurations and vulnerabilities. Its primary use case lies in enhancing the security of Android devices by providing features such as device enumeration, file management, and installation of applications via ADB commands. Notable features include a user-friendly interface and extensive enhancements for common tasks associated with ADB, making it suitable for both developers and security researchers.

AI Summary: AdminHack is a script designed to identify admin login pages and assess potential EAR vulnerabilities across web applications by utilizing multi-threading and an extensive wordlist. It supports various web technologies, including PHP, ASP, and HTML, and includes features such as web crawling, custom path support, and results exportation to files. This tool is particularly useful for penetration testing and security assessments of web environments.

README

• License • Issues • Developer • Wikipedia •

AI Summary: ALHacking is a versatile ethical hacking toolkit designed for conducting various cybersecurity activities, including social media and phone attacks, user discovery, and webcam hacks. Notably, it features a powerful DDoS attack tool and is compatible with Android (via Termux), Linux, and Unix operating systems. Users can easily install the toolkit by cloning the repository and running the installation script from the terminal.

README

Author: 4lbH4cker

Version 4

(

AI Summary: AllHackingTools is a penetration testing toolkit designed for Termux that automates the installation and management of various hacking tools. Its primary use case is to facilitate the setup and customization of a hacking environment on Termux, allowing users to quickly download and run tools directly from the interface. Notable features include an updated installer with enhanced design elements, streamlined updating capabilities, and improved system stability.

README

• License • Issues • Project • Wikipedia •

AI Summary: Android-PIN-Bruteforce is a tool that allows users to unlock Android devices by executing a brute-force attack on the lockscreen PIN. Utilizing a rooted Kali Nethunter phone connected via USB OTG, it emulates keyboard input to automatically input and retry PIN combinations, supporting lengths from 1 to 10 digits and providing features such as configurable delays, optimized PIN lists, and the ability to bypass phone pop-ups. The tool does not require the locked device to be rooted and works across various Android versions.

AI Summary: apk.sh is a Bash script designed to streamline the reverse engineering of Android applications by automating tasks such as pulling, decoding, rebuilding, and patching APK files. It incorporates apktool for disassembling and reassembling resources, supports direct bytecode manipulation to prevent decompilation errors, and facilitates the integration of the frida-gadget for dynamic analysis without requiring a rooted device. Notable features include support for app bundles, multi-architecture compatibility, and code signing.

AI Summary: The ASN Lookup Tool and Traceroute Server is a command line utility designed for network analysis, facilitating OSINT investigations through various capabilities including ASN lookup, RPKI validity checks, and geolocation of IP addresses. Key features include JSON output for API integration, support for querying multiple simultaneous targets, and integration with Shodan for reconnaissance without direct interaction with the target systems. This tool is particularly useful in incident response scenarios, providing comprehensive network data insights while maintaining stealth.

AI Summary: Awesome Hacker Search Engines is a curated repository of search engines specifically designed for penetration testing, vulnerability assessments, and red/blue team operations. It categorizes various resources including general search engines, servers, vulnerabilities, exploits, and more, providing tools for effective reconnaissance and threat intelligence gathering. Notable features include links to specialized engines like Shodan and the NIST NVD, enabling streamlined access to critical information for security professionals.

README

Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

AI Summary: Awesome OSINT For Everything is a comprehensive repository of OSINT tools and websites aimed at penetration testing, red teaming, information gathering, and bug bounty initiatives. It organizes a wide array of resources categorized by specific use cases such as recon, threat intelligence, social media analysis, and more, making it a valuable tool for cybersecurity professionals seeking to enhance their investigative capabilities. Notable features include a detailed index of tools across various domains, including geo-location, cryptocurrency, and privacy/security resources, providing users with extensive options for OSINT-related tasks.

AI Summary: Bashark 2.0 is a post-exploitation toolkit designed for penetration testers and security researchers to facilitate operations during the post-exploitation phase of security audits. It offers a simple command-line interface, where users can source the bashark.sh script to access various functions and commands, streamlining the process of managing compromised hosts. Key features include ease of use through a help menu and support for Bash scripting, making it a practical tool for enhancing post-exploitation activities.

AI Summary: BlackArch Linux is a penetration testing distribution based on Arch Linux, providing a repository of over 2,800 security tools organized by category. It offers flexible installation options, compatibility with existing Arch setups, and features a Live ISO for immediate testing. The toolset is aimed at penetration testers and security researchers for tasks such as forensics, reverse engineering, and network analysis.

README

Table of Contents

• Description
• Overview
• Download and Installation
• Key Features
• Installation Instruction
• Usage
• Get Involved
• Contributing
• Contact
• License
• Disclaimer
• Conclusion

Description

BlackArch Linux is an Arch Linux–based penetration testing distribution for penetration testers and security researchers. The repository contains 2850 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installations. For more information, see the installation instructions.

AI Summary: The “Bypass firewalls by abusing DNS history” tool automates the process of discovering direct IP addresses of servers behind web application firewalls (WAFs) by leveraging historical DNS records. Its primary use case is for security professionals, including bug bounty hunters, aiming to uncover misconfigured servers or outdated versions of websites that may be vulnerable to exploits. Notable features include the ability to output confidence levels based on HTML response similarities and support for fetching IPs of subdomains to enhance bypass attempts.

AI Summary: Caido is a web application auditing tool designed for security professionals and enthusiasts, facilitating efficient and user-friendly assessments of web application security. It features regular software updates, a comprehensive dashboard for managing audits, and a community platform for user support and engagement.

README

Website   •   Dashboard   •   Docs   •   Roadmap   •   Branding   •   Discord

---

👋 Welcome

Welcome to Caido!

Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease.

AI Summary: ComplianceAsCode/content is a framework designed to facilitate the creation and maintenance of security policy content for various platforms, including Linux distributions and applications like Firefox. It generates SCAP content, Ansible playbooks, and Bash scripts from easily editable YAML rule files, allowing organizations to automate compliance checks and remediations. Notable features include a powerful build system that reduces redundancy, multi-format outputs tailored to different organizational needs, and comprehensive documentation resources for users.

AI Summary: Cloud Security Suite (cs-suite) is a command-line tool designed for conducting security audits on various cloud environments, including AWS, GCP, Azure, and DigitalOcean. Its primary use case revolves around gathering data for Lynis audits, allowing users to specify environments, IP addresses, and user credentials while generating audit logs in JSON format for integration with SIEM tools. Notable features include the ability to handle user authentication, option to wipe previous audit reports, and flexible configurations for different cloud platforms.

AI Summary: DDexec is a sophisticated tool designed for executing binaries by manipulating existing processes on Linux systems, utilizing memory hijacking techniques. Its notable features include the ability to run machine code directly, support for various shells, and the option to replace traditional file access methods with alternative seeking tools, which can obfuscate executable detection. The utility’s architecture minimizes dependencies, enhancing performance and potentially expanding compatibility to platforms like Android.

AI Summary: DeepCE is a lightweight tool designed for Docker container enumeration, privilege escalation, and container escapes, written in pure shell script to maximize compatibility. It performs a variety of enumerations, including container-specific data collection and host system scanning, and offers multiple exploits such as Docker group privilege escalation and command execution in privileged mode. Notably, DeepCE minimizes disk writes during enumeration, making it suitable for stealthy assessments in containerized environments.

AI Summary: The Dictionary-Of-Pentesting is a comprehensive collection of dictionaries designed for penetration testing, vulnerability discovery, brute force attacks, and fuzzing. It categorizes resources such as authentication, file paths, ports, domains, and various default credentials, and continuously expands its listings to include regex patterns, user credentials, and application-specific payloads. Notable features include a broad range of default password lists, HTTP parameter enumeration, and the inclusion of specific patterns for cloud services and common vulnerabilities.

AI Summary: Discover is a customizable suite of bash scripts designed to automate various tasks in penetration testing, including recon, scanning, enumeration, and malicious payload creation with Metasploit, ideal for use on Kali Linux or Ubuntu systems. Notable features include multiple reconnaissance options for domains and persons, automated scanning tools that utilize Nmap and other utilities, and web application testing facilities incorporating tools like Nikto and SSL analysers. The tool simplifies complex penetration testing workflows through an organized menu structure, enabling swift task execution.

AI Summary: droidReverse is a comprehensive toolkit for Android reverse engineering, integrating multiple tools for decompiling APK files and analyzing bytecode. Its primary use case is facilitating the examination and modification of Android applications by converting APKs to readable formats and supporting various analysis capabilities, including malware detection. Notable features include support for multiple decompilation techniques, a graphical user interface for various tools, and capabilities for dynamic editing and package management.

AI Summary: f8x is an automated deployment tool focused on Infrastructure as Code (IaC) that leverages Terraform and Wails to facilitate multi-cloud deployment and project orchestration. Its primary use case includes setting up various environments for Red/Blue team operations, providing options for batch installations of essential tools, and deploying specific environments such as CTFs and middleware with minimal dependencies. Notable features include a variety of installation options for development and pentesting environments, and full compatibility with multiple Linux distributions.

AI Summary: Garud is an automation tool designed for reconnaissance, specifically targeting sub-domain enumeration and vulnerability scanning for injection points such as XSS, SSRF, and SSTI. It integrates multiple popular bug bounty tools, including Assetfinder, Subfinder, and Nuclei, to streamline the scanning process, outputting results systematically while notifying the user upon completion. Notable features include the ability to filter and identify low-hanging vulnerabilities, along with systematic data collection and reporting functionalities.

AI Summary: GH05T-INSTA is a cybersecurity tool designed for brute-force password recovery on Instagram accounts, suitable for both rooted and non-rooted Android devices. It features automatic IP address anonymization, error detection and resolution, and allows users to create custom password lists for enhanced effectiveness. While marketed as a hacking tool, the developers emphasize the legal implications and responsibility of ethical usage.

README

The best way to hack Instagram

New Working Tool Link : Click

Installation {Kali}

BruteForce (GH05T-INSTA)

apt install git

git clone https://github.com/GH05T-HUNTER5/GH05T-INSTA

cd GH05T-INSTA

sudo bash setup.sh

Configuring Tor server to open control port

AI Summary: GooHak is an automated tool designed for launching Google hacking queries against specified target domains to uncover vulnerabilities and facilitate enumeration. Its primary use case is to streamline the process of gathering information through tailored search queries, leveraging Google’s search capabilities. Notable features include straightforward command-line usage and dependencies tailored for Linux environments.

README

GooHak

ABOUT:

Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

AI Summary: Hardening Ubuntu. Systemd edition.

Hardening Ubuntu. Systemd edition.

AI Summary: htrace.sh is a shell script designed for troubleshooting and profiling HTTP/HTTPS communications, serving as a wrapper for various open-source security tools. Its primary use case includes diagnosing web application vulnerabilities, analyzing SSL configurations, and extracting response headers and body content through an array of customizable parameters and options. Notable features include the ability to integrate with tools such as testssl, Mozilla’s Observatory, and Nmap’s NSE for comprehensive security assessments.

AI Summary: HTSHELLS is a toolkit that facilitates the deployment of self-contained web shells and various web-based attack vectors by utilizing .htaccess files. Its primary use case is for penetration testing and exploitation, allowing users to execute commands remotely and conduct denial-of-service, information disclosure, directory traversal, and other attacks through a structured directory of attack modules. Notable features include the ability to generate custom .htaccess files for specific attack types and execute commands via query parameters, enhancing flexibility for security assessments.

AI Summary: I-See-You is a Bash and JavaScript tool designed for identifying the precise geographical location of users during social engineering or phishing attempts by utilizing their location coordinates. The tool allows attackers to gather crucial reconnaissance data, facilitating targeted attacks, and functions without requiring any additional software for phishing operations. Users can easily execute the tool by running a script and can modify the appearance of the phishing page to enhance deception.

AI Summary: Ighack is a Bash-based tool designed for testing the password strength of Instagram accounts through brute-force attacks, compatible with both rooted and non-rooted Android devices using Termux. It offers features such as a stable Instagram API, support for Tor to enhance anonymity during attacks, and both auto and manual attack options for user flexibility. The tool is maintained and provides a beginner-friendly interface, allowing easy installation and usage.

AI Summary: Insta-hack is a comprehensive tool designed for Instagram account compromise, featuring capabilities for information gathering, brute force attacks, and automated reporting. It operates on both Termux and Kali Linux without the need for root access and includes essential functionalities such as script updates and removals. The tool is intended strictly for educational use, with a clear emphasis on responsible usage.

README

About tool

All in one Instagram hacking tool available (Insta information gathering, Insta brute force, Insta account auto repoter)

AI Summary: Instahack is a robust brute-force framework designed for testing Instagram accounts, utilizing Bash and Python for efficient password testing. It features multi-threading, Tor integration for anonymity, and customizable attack options, enabling users to conduct ethical penetration testing and OSINT gathering. The tool supports auto-resume capabilities and is optimized for high-volume password attempts.

README

🚀 Instahack - Advanced Instagram Brute Force Framework

🔍 About Instahack

Instahack is a high-performance Instagram brute-force tool crafted in Bash and Python, capable of testing millions of passwords efficiently. It uses Tor routing, Instagram Android app signatures, and customizable attack logic for stealthy, anonymous operations.

AI Summary: Inventory is a tool designed for attack surface management of public bug bounty programs, aggregating DNS and web server data from over 800 organizations. Its primary use case is to assist bug bounty hunters in efficiently identifying and monitoring new assets while providing security teams with enhanced visibility into their assets. Notable features include automated data collection and transformation from multiple sources, duplicate program merging, and both passive and active enumeration workflows for comprehensive reconnaissance.

AI Summary: IpHack is a Python-based tool designed for tracking IP locations and performing network testing. Its primary use case includes determining the geographical location of IP addresses, checking proxy status, and gathering detailed device information based on IP, with notable features such as an enhanced design, the ability to search for IPs behind Cloudflare, and various inquiry methods for making requests. The tool can be easily installed via pip and offers functionalities to track both direct IP addresses and domains, as well as to verify proxies.

AI Summary: IPRanges is a tool that compiles and lists the IP address ranges for various cloud services and platforms, including Google, Amazon, Microsoft, and others. It provides separate text files for IPv4 and IPv6 addresses, categorized into unmerged and merged formats for efficiency. The dataset is updated daily and sourced from publicly available information, making it useful for network management and security configurations.

README

IPRanges

List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), DigitalOcean, GitHub, Facebook (Meta), Twitter, Linode, Telegram, OpenAI (GPTBot), CloudFlare, Vultr, Apple (Private Relay) and ProtonVPN with daily updates.

AI Summary: Karma v2 is a passive open-source intelligence (OSINT) automated reconnaissance framework designed for information security researchers, penetration testers, and bug hunters to gather extensive details about target systems. It integrates with the Shodan Premium API to perform a variety of scans including SSL certificate verification, vulnerability detection, and asset discovery, and it features capabilities like fetching IP banners and interesting leaks across numerous protocols and services. The tool’s output can be displayed in the terminal and saved to files for further analysis.

AI Summary: Keychain is a tool designed to manage SSH and GPG keys efficiently by serving as a persistent frontend to ssh-agent and gpg-agent, allowing a single long-running instance per system. Its primary use case is to minimize the frequency of passphrase entries to once per reboot, enhancing security and convenience, especially for remote cron jobs. Notable features include seamless integration with key management, bash completion support for various command-line options, and user-friendly installation procedures.

AI Summary: libc-database is a tool for building and querying a database of libc offsets, primarily used for security research and exploitation analysis. It offers features such as identifying libraries via hashes, downloading and extracting libc libraries, and a web interface for user interaction. Users can also add custom libc versions and retrieve relevant offsets for specific symbols, enhancing their ability to work with different environments in cybersecurity applications.

README

Web interface

libc-database now has a web service and frontend. Visit https://libc.rip/ to try it out! Read https://github.com/niklasb/libc-database/tree/master/searchengine if you are interested in the API.

AI Summary: The Linux Exploit Suggester (LES) is a tool for auditing Linux systems to identify potential privilege escalation vulnerabilities, assessing the system’s exposure to known exploits by utilizing heuristic methods. It calculates the likelihood of exploitation for each vulnerability and verifies kernel hardening configurations, offering a comprehensive analysis of both compile-time and run-time security settings. Notable features include detailed exploit documentation, exposure assessment ratings, and integration with kernel hardening verification, making it a valuable resource for security assessments on Linux-based environments.

AI Summary: Linux Smart Enumeration (LSE) is a shell script designed for penetration testing and Capture The Flag (CTF) challenges, aimed at gathering security-relevant information to assist in privilege escalation on Linux systems. Notable features include customizable verbosity levels, targeted section execution, process monitoring, and the ability to serve the script over the network for remote retrieval. The tool is intended to expose vulnerabilities gradually, prioritizing information based on its significance for privilege escalation.

AI Summary: linWinPwn is a comprehensive bash script designed for Active Directory penetration testing on Linux, integrating various tools for enumeration, vulnerability checks, modifications, and password dumping. It features both an interactive mode for manual checks and an automated mode for streamlined enumeration, allowing users to perform a wide array of security assessments including LDAP, Kerberos, and MSSQL interactions. Notably, it supports a range of authentication methods and can execute critical checks for known vulnerabilities such as NoPac and ZeroLogon, making it an essential tool for security professionals.

AI Summary: CISA’s Logging Made Easy (LME) is an open-source log management platform designed for small to medium-sized organizations to centralize log collection, enhance threat detection, and enable real-time alerting for improved security. Key features include integration with open-source tools for enhanced detection, automated deployment via Ansible scripts, and customizable dashboards with Kibana, making it a scalable solution for securing infrastructure without the need for an existing Security Operations Center (SOC) or extensive resources.

AI Summary: Lynis is a security auditing and hardening tool designed for UNIX-based systems, including Linux, macOS, and BSD. It conducts comprehensive security scans to evaluate system defenses, identify vulnerabilities, and suggest improvements for hardening systems against potential threats. Notable features include automated compliance testing, vulnerability detection, configuration management assistance, and adaptability for use by system administrators, auditors, and penetration testers.

README

Documentation

Do you like this software? Star the project and become a stargazer.

AI Summary: My Arsenal of AWS Security Tools is a curated collection of open-source tools designed to enhance security in AWS environments through various functionalities, including defensive hardening, offensive testing, and security auditing. Notable features include comprehensive coverage of cloud security best practices and continuous monitoring capabilities, facilitating improved incident response and compliance with standards such as CIS and GDPR. This repository serves as a resource for security practitioners aiming to bolster their AWS security posture.

AI Summary: Open Semantic Search is an integrated search server and ETL framework designed for comprehensive document processing, including crawling, text extraction, text analysis, and named entity recognition—fully supporting various search functionalities such as fulltext, faceted, exploratory, and knowledge graph searches. Notable features include Docker container support, the ability to generate search user interfaces, and extensive automated testing capabilities, enabling seamless integration and deployment. This tool is particularly valuable for organizations needing robust, customizable search solutions across diverse data types and sources.

AI Summary: Pi-PwnBox is a headless Raspberry Pi-based Rogue Access Point (RogueAP) designed for conducting Red Team engagements and WiFi security assessments. It leverages Alfa WiFi USB adapters for a variety of WiFi attacks and includes features such as remote access, a comprehensive setup process, and associated WiFi hacking resources. This tool is particularly suited for on-site testing and learning environments focused on WiFi security.

README

Pi-PwnBox :rocket: -RogueAP :satellite:

Homemade (headless) PwnBox / RogueAP based on Raspberry Pi & Alfa WiFi USB Adapters.

AI Summary: Pwncat is a powerful networking tool that enhances the capabilities of traditional netcat by incorporating advanced features such as evasion techniques for firewalls and intrusion detection/prevention systems, along with support for both bind and reverse shells. Its self-injecting shell functionality and extensive scripting support using Python make it particularly effective for penetration testing and exploitation scenarios. Notably, it facilitates seamless port forwarding and maintains a user-friendly interface for enhanced usability in complex network environments.

AI Summary: RamiGPT is an AI-driven offensive security tool that facilitates privilege escalation to root accounts using OpenAI’s technology and PwnTools. Its primary use case involves quickly exploiting vulnerabilities across various systems, achieving root access in under a minute, as demonstrated by its performance on multiple VulnHub scenarios. The tool features a user-friendly GUI and seamless integration with Docker for easy deployment and configuration, leveraging tools like BeRoot and LinPEAS for effective enumeration.

AI Summary: Randar is a Minecraft exploit targeting versions Beta 1.8 to 1.12.2 that uses LLL lattice reduction to manipulate the game’s random number generator, java.util.Random, allowing attackers to derive the precise coordinates of other players’ locations based on item drop positions from mined blocks. The exploit hinges on a vulnerability in the game’s code, where improper reuse of RNG instances can be exploited to track players across vast distances, making it particularly significant on anarchic servers like 2b2t, where player anonymity and location security are critical. Notable features include the ability to reverse-engineer the RNG state to pinpoint player coordinates efficiently and the reliance on advanced mathematical techniques to achieve this.

AI Summary: The Ransomware collection repository provides a suite of ransomware scripts designed for educational and testing purposes. Users are cautioned against executing these scripts on their devices due to their malicious nature. Key features include compatibility with multiple operating systems such as Termux, Kali Linux, Ubuntu, and others, thereby making it a versatile tool for research and development in cybersecurity contexts.

README

☣️ Ransomwares Collection ☣️

- Don't Run Them on Your Device.
- Handle with caution 

💿 Installation 💿

git clone https://github.com/Err0r-ICA/Ransomware
cd Ransomware
python3 Ransomware

AI Summary: ReconPi is a lightweight reconnaissance tool designed for extensive domain analysis and asset discovery using a Raspberry Pi or a VPS. Its primary functionality includes resolving domain names, subdomain enumeration, vulnerability scanning using Nmap, and integrating tools like Nuclei for template-based security assessments. Notable features include automated reporting, Slack notifications, and easy installation through a straightforward script, making it accessible for cyber reconnaissance tasks.

README

Recon Pi

__________                          __________.__ 
\______   \ ____   ____  ____   ____\______   \__|
 |       _// __ \_/ ___\/  _ \ /    \|     ___/  |
 |    |   \  ___/\  \__(  <_> )   |  \    |   |  |
 |____|_  /\___  >\___  >____/|___|  /____|   |__|
        \/     \/     \/           \/             
                            
			v2.2 - @x1m_martijn 

ReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.

AI Summary: ReverseAPK is a tool designed for the analysis and reverse engineering of Android applications, enabling users to quickly decompile APK files into Java and Smali formats. Its notable features include static source code analysis to identify common vulnerabilities, automatic extraction of files, and comprehensive evaluation of the AndroidManifest.xml for security risks associated with application behavior.

README

ReverseAPK

Credits: @xer0dayz

Website: https://sn1persecurity.com

Version: 1.2

ABOUT:

Quickly analyze and reverse engineer Android applications.

AI Summary: sandmap is a reconnaissance tool that enhances the capabilities of the Nmap engine, providing a simplified command line interface for automating and expediting network and system scanning processes. It offers 31 modules with 459 predefined scan profiles, support for the Nmap Scripting Engine (NSE), and integration with TOR for enhanced privacy during scans, allowing users to execute multiple scans simultaneously.

README

sandmap

Description • How To Use • Command Line • Configuration • Requirements • Other • Contributing • License • Wiki

AI Summary: Security Onion 2.4 is an open-source Linux distribution for intrusion detection, network monitoring, and log management. Its primary use case is to provide security operations teams with tools to detect and respond to threats through features such as alert management, detailed dashboards, and packet capture (PCAP) capabilities. Notable functionalities include a hunting interface, customizable detection rules, and comprehensive configuration options, facilitating a proactive approach to cybersecurity.

README

Security Onion 2.4

Security Onion 2.4 is here!

AI Summary: The Shark Jack Payload Library provides a collection of community-driven payloads and extensions specifically designed for the Hak5 Shark Jack device, utilizing DuckyScript™ and Bash. Its primary use case is to enrich the functionality of the Shark Jack with customizable scripts for cybersecurity tasks, while also encouraging developer contributions for new payloads. Notable features include a platform for community collaboration and integration with Payload Studio for seamless payload creation.

AI Summary: Sn1per is an automated penetration testing and attack surface management tool that enhances vulnerability scanning by integrating both commercial and open-source scanners to identify hidden assets and vulnerabilities within an organization’s environment. It streamlines the security assessment process through automation, providing deep and continuous security insights suitable for organizations of all sizes. Notable features include its capability to discover and prioritize risks, saving time and resources in the vulnerability management lifecycle.

AI Summary: SocialBox-Termux is a brute-force attack framework designed for social media platforms such as Facebook, Gmail, Instagram, and Twitter. It facilitates penetration testing by automating the login attempts using various credentials, making it useful for security professionals. Notable features include compatibility with Termux on Android, easy installation via a shell script, and the ability to run under a VPN for enhanced privacy.

README

SocialBox-Termux

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh

AI Summary: Stego-Toolkit is a Docker image designed for tackling steganography challenges frequently encountered in CTF platforms. It comes pre-loaded with a variety of popular tools and screening scripts that facilitate the analysis of images and audio files for hidden data, allowing users to effortlessly run command-line and GUI applications within a containerized environment. Notable features include automation scripts for file screening and support for both Linux and Windows tools via Wine, ensuring a comprehensive toolkit for steganography analysis.

AI Summary: SUDO_KILLER is a cybersecurity tool designed for professionals such as pentesters and security auditors, focusing on privilege escalation vulnerabilities in Linux systems related to SUDO configuration and usage. It manually identifies issues such as misconfigurations, risky binaries, and version-based vulnerabilities (CVEs), enabling users to exploit these weaknesses for gaining root-level privileges. The tool provides a detailed checklist of potential local exploits and requires users to perform the exploitation process manually, ensuring a controlled approach to privilege escalation testing.

AI Summary: Sudomy is a subdomain enumeration and analysis tool designed for advanced automated reconnaissance and OSINT activities. It features both active and passive enumeration methods, utilizing efficient techniques such as DNS brute-forcing via Gobuster and data collection from 22 curated third-party sources. Additional capabilities include subdomain testing, virtual host classification, port scanning, and technology identification, making it a comprehensive solution for penetration testing and bug bounty applications.

README

Sudomy

AI Summary: T-load is a bash-based script designed for customizing the Termux terminal interface on both rooted and non-rooted Android devices. Its primary use case is to enhance the user experience by providing an attractive and engaging terminal environment, complete with sound effects and an updated layout. Notable features include an easy installation process, new interface options, and the ability to revert to the default terminal settings.

README

AI Summary: TermuxCyberArmy is a cybersecurity toolkit designed for Termux, primarily facilitating various hacking and scripting tasks. Notable features include compatibility with multiple Linux distributions such as Kali Linux and Parrot OS, as well as ease of installation using basic command-line operations. The tool is particularly suited for security practitioners seeking to enhance their skills in penetration testing and ethical hacking.

README

Update 19/06/2024

Login form has been removed

AI Summary: TOP is a vulnerability cataloging tool designed for bug bounty hunters and penetration testers, focusing on proof-of-concept (PoC) exploits for various Common Vulnerabilities and Exposures (CVEs) from recent years. It compiles a list of notable CVEs along with their respective exploits and corresponding GitHub repositories, thereby facilitating ease of access and research for security professionals. Key features include organized yearly summaries of significant vulnerabilities, making it an essential resource for monitoring and exploiting security weaknesses.

AI Summary: uDork is a Bash script designed for Google hacking, leveraging advanced search techniques to uncover sensitive information and detect web application versions without conducting direct attacks. The tool utilizes predefined dorks sourced from the Google Hacking Database, allowing users to find sensitive files, IoT devices, and security vulnerabilities efficiently. Notable features include speed improvements between requests and Docker support for easy deployment.

README

uDork - Google Hacking Tool

Author: M3n0sD0n4ld

Twitter: @David_Uton

News

11/06/2022

I have some bad news to give, last week Facebook withdrew the service by which the tool made the requests, unfortunately the tool no longer works.

AI Summary: UserFinder is a shell-based tool designed for identifying users across various social media platforms and gathering additional information. It enables users to perform queries and compile data efficiently, featuring an easy installation process and a straightforward command-line interface. Notable features include a user-friendly script execution with minimal setup requirements and a focus on social profiling capabilities.

README

• License • Issues • Developer • Wikipedia •

Find user in social and more informations!

AI Summary: Vegile is a post-exploitation tool designed for maintaining stealthy backdoor/rootkit access on Linux systems. Its primary use case involves establishing persistent access to compromised hosts while enabling features such as process hiding and session unlimited capabilities in Metasploit. Notable functionalities include the ability to automatically restart hidden processes, ensuring persistent access even after termination, and support for various backdoor implementations, including those created with msfvenom.

README

Vegile - Ghost In The Shell

AI Summary: VENOM is a metasploit shellcode generator and compiler that enables users to create and inject shellcode payloads in various formats such as C#, Python, Ruby, and executable formats like ELF and APK. Its primary use case lies in Red Team operations, where it assists in payload delivery through a web server and leverages automation to handle dependencies and remote connections seamlessly. Notable features include support for multiple scripting languages, integration with compilers for building executables, and functionalities similar to other popular evasion tools.

AI Summary: The VPS Security Audit Script is a comprehensive Bash tool designed for auditing the security and performance of Debian/Ubuntu-based virtual private servers. It performs extensive security checks, including SSH configuration, firewall status, and system update status, while also monitoring resource usage such as disk space and CPU. The script not only provides real-time color-coded feedback during execution but also generates a detailed report with improvement recommendations based on the audit findings.

AI Summary: WebCopilot is an automation tool for security assessments that enumerates subdomains of a target domain and scans for vulnerabilities such as XSS, SQLi, and RCE. It employs various open-source tools for subdomain enumeration, active scanning, endpoint crawling, and filtering of vulnerability parameters, ultimately presenting the results in a structured manner. Notable features include comprehensive subdomain enumeration, endpoint crawling, and integration with multiple vulnerability scanning tools.

README

WebCopilot

An automation tool that enumerate subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

AI Summary: The Wireless Carplay Dongle Reverse Engineering tool provides a framework for gaining root access and modifying firmware on various Carlinkit wireless Carplay dongles, primarily aimed at enthusiasts looking to customize their devices. Key features include the ability to switch between firmware versions using both software and hardware methods, alongside insights into hardware components and their specifications. Additionally, the repository documents the challenges faced due to recent updates from Carlinkit that have hardened the firmware against reverse engineering.