- DeadTrap - Mobile Number OSINT.
- GitSearch - Tool to search git from CLI and clone (if required)
- Mosint - MOSINT is an OSINT Tool for emails. It helps you gather information about the target email.
- Snaffler - Gather targets from Active Directories, searches out file shares, and whether they're readable.
- WeblogicScanner - Weblogic Vulnerability Scanning Tool
- Responder - LLMNR, NBT-NS and MDNS poisoner.
- Vailyn - Multi-phased vulnerability analysis and LFI exploitation tool
- Mitre-Attack Website - Provides basic navigation and annotation of ATT&CK matrices
- DroneSploit (Optional) - Hacking techniques and exploits especially focused on drone hacking.
- Typing info into any menu will bring up the Module Information Screen.
- Typing session into any menu will start a new Sifter session to run concurrently.
- All Results can now be exported to Desktop and a backup zip package is created and time stamped.
- G - Sifter's g extention gives a GUI overlay
'--> Built on top of eDEX-UI
- F - Sifter's f plugin provides the DanderFuzz Exploitation Framework
'--> Framework created by the EquationGroup courtesy of The Shadow Brokers
- M - The m extention provides Malware Analysis tools to Sifter
- C - Sifter's c extention is just a small script allowing CobaltStrike to be added to exploitation frameworks.
(A copy of CobaltStrike will NOT be provided, You must provide your own)
- EvilReg - added for payload persistence.
- WBruter - Bruteforce Android Lock pin (USB Debugging must be enable but root is not needed)
- GetDroid - Android payload creation.
- apkinfector - infect legitimate apks with meterpreter shells.
- PhishMailer - Email Spamming for different services.
- Mouse - Mac & iOS Post Exploitation Tool.
- LockPhish - This tool is designed to grab Windows credentials, Android PIN and iPhone
Passcode using a https link.
- WhatPhish - Tool for whatsapp phishing with OTP options provided
- GoSmish - SMS Payload delivery using GoPhish framework & campaign data (Through Twilio)
'--> Warning: Twilio may block the account for malicious usage.
TigerShark is a bilingual PhishingKit that incorporates various different phishing tools, domain generation and gathering tools and mail spammers in order to launch a fully customizable phishing page/server in whatever scripting language needed. This campaign can be launched against a small group or as a mass campaign.
MkCheck is used to check MikroTik Routers for:- winbox_auth_bypass_creds_disclosure
A stealthy Python based backdoor that uses Gmail as a command and control server
This mitigates the new for things like port forwarding, proxies or the need for public hosting.
For this to work you need:
- A Gmail account (Use a dedicated account! Do not use your personal one!)
- Turn on "Allow less secure apps" under the security settings of the account
- You may also have to enable IMAP in the account settings
Dark-Star is a small script, written in python2.
This tool is used for DDoS attack emulation.
$ python darkstar.py
- This repo can be found here