The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content...
The post DVAC: An intentionally vulnerable Android Application appeared first on Penetration Testing Tools.
ELFEN: Linux Malware Analysis Sandbox ELFEN is a dockerized sandbox for analyzing Linux (file type: ELF) malware. It leverages an array of open-source technologies to perform both static and dynamic analysis. Results are available...
The post ELFEN: Automated Linux Malware Analysis Sandbox appeared first on Penetration Testing Tools.
VIPER is a powerful and flexible red team platform. It integrates the core tools and functionalities required for adversary simulation and red team operations, assisting you in efficiently completing cybersecurity assessment tasks. User-Friendly Interface Provides...
The post Viper: A Unified Platform for Adversary Emulation and Red Team Operations appeared first on Penetration Testing Tools.
Qu1cksc0pe This tool allows statically analysis Windows, Linux, osx, executables, and also APK files. You can get: What DLL files are used. Functions and API. Sections and segments. URLs, IP addresses, and emails. Android...
The post Qu1cksc0pe: All-in-One static malware analysis tool appeared first on Penetration Testing Tools.
Emora Emora allows you to search for accounts by username across social networks. Inspired by tools like Sherlock, Emora provides a user-friendly graphical interface to ease the usage and navigation through the results. Features Intuitive...
The post Emora: GUI OSINT tool to search accounts by username across social networks appeared first on Penetration Testing Tools.
CF-Hero is a comprehensive reconnaissance tool developed to discover the real IP addresses of web applications protected by Cloudflare. It performs multi-source intelligence gathering through various methods. Historical DNS records services try to discover...
The post CF-Hero: discover the real IP addresses of web applications protected by Cloudflare appeared first on Penetration Testing Tools.
DarkWidow This is a Dropper/Post Exploitation Tool (or can be used in both situations) targeting Windows. Capabilities: Indirect Dynamic Syscall. (MITRE ATT&CK TTP: T1106) SSN + Syscall address sorting via Modified TartarusGate approach Remote Process...
The post DarkWidow: A Customizable Dropper Tool targeting Windows appeared first on Penetration Testing Tools.
Android Disassembler Analyze malicious app on your phone Android Disassembler is an application that is able to analyze several types of files such as APK files, dex files, shared libraries (aka .so files) (NDK,...
The post Android Disassembler: Analyze malicious app on your phone appeared first on Penetration Testing Tools.
APEX – Azure Post Exploitation Framework An attempt to ease up post ex tasks once we have access to some sort of credentials to an Azure related account. To be honest it is nothing...
The post APEX: Azure Post Exploitation Framework appeared first on Penetration Testing Tools.
Arya – The Reverse YARA Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it as a reverse YARA because it does exactly the opposite...
The post arya: produces pseudo-malicious files meant to trigger YARA rules appeared first on Penetration Testing Tools.
pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a file...
The post pphack: The Most Advanced Client-Side Prototype Pollution Scanner appeared first on Penetration Testing Tools.
Weaponized EvilnoVNC: scalable and semi-automated MFA-Phishing via “browser-in-the-middle” Features concurrent EvilnoVNC instances, as many as your server can handle access to EvilnoVNC sessions is limited to generated URLs with random victim-specific identifier in parameter auto block...
The post EvilKnievelnoVNC: Scalable and semi-automated MFA-Phishing appeared first on Penetration Testing Tools.
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the...
The post C2 Cloud: robust web-based C2 framework appeared first on Penetration Testing Tools.
Verdict-as-a-Service Verdict-as-a-Service (VaaS) is a cloud service that provides capabilities to scan files for malware and other threats. It allows you to easily integrate malware detection in your application with a few lines of code....
The post Verdict-as-a-Service: Analyze files for malicious content appeared first on Penetration Testing Tools.
Astral-PE is a low-level mutator (headers obfuscator and patcher) for Windows PE files (.exe, .dll) that rewrites structural metadata after compilation (or postbuild protection) — without breaking execution. It does not pack, encrypt or inject. Instead, it mutates low-hanging...
The post Astral-PE: A low-level mutator (headers obfuscator) for native Windows PE files appeared first on Penetration Testing Tools.
TimeSync Tool to obtain hash using MS-SNTP for user accounts Requirements Python 3.x ldap3 library for LDAP operations Installations Clone the repository: git clone https://github.com/yourusername/timeroast.git cd timeroast Install the required Python packages: pip install ....
The post TimeSync: obtain hash using MS-SNTP for user accounts appeared first on Penetration Testing Tools.
Ligolo-mp Ligolo-mp is a more specialized version of Ligolo-ng, with client-server architecture, enabling pentesters to play with multiple concurrent tunnels collaboratively. Also, with a sprinkle of less important bells and whistles. Features Everything that you...
The post ligolo-mp: Multiplayer pivoting solution appeared first on Penetration Testing Tools.
vmlinux-to-elf This tool allows to obtain a fully analyzable .ELF file from a vmlinux/vmlinuz/bzImage/zImage kernel image (either a raw binary blob or a preexisting but stripped .ELF file), with recovered function and variable symbols....
The post vmlinux-to-elf: recover a fully analyzable .ELF from a raw kernel appeared first on Penetration Testing Tools.
smugglo An easy-to-use script for wrapping files into self-dropping HTML payloads to bypass content filters. Features One-file payload: Wrap any file into a single self-contained HTML file Automatic extraction: The generated HTML auto-extracts and downloads the...
The post Smugglo: Bypass Filters with Self-Dropping HTML appeared first on Penetration Testing Tools.
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows...
The post NoArgs: dynamically spoof and conceal process arguments while staying undetected appeared first on Penetration Testing Tools.
