Tools black

A single file bruteforcer supports multi-protocol. OSINT tool to replace facebook graph search. A facebook profile and reconnaissance system.

Social Engineering Tool Oriented to facebook. This script tries to guess passwords for a given facebook account using a list of passwords dictionary. Black Alchemy's Fake AP generates thousands of counterfeit Hide in plain sight amongst Fake AP's cacophony of beacon frames. Fake mail server that captures e-mails as files for acceptance testing.

Weaponizing favicon. An accurate facebook account information gathering. Show info about the author by facebook photo url. A fast, simple, recursive content discovery tool written in Rust. A hacking harness that you can use during the post-exploitation phase of a red-teaming engagement.

This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. A binary file fuzzer for Windows with several options. A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it. A modular Python application to pull intelligence about malicious files.

A Egress filter mapping application with additional functionality. A little tool for local and remote file inclusion auditing and exploitation. A tool that scans networks looking for DNS servers. High-precision indoor positioning framework. Crack different types of hashes using free online services.

Locates all devices associated with an iCloud account. The fastest and cross-platform subdomain enumerator, do not waste your time. Find exploits in local and online databases instantly. A penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network. A tool that transforms Firefox browsers into a penetration testing suite. An active reconnaissance network security tool.

Script for searching the extracted firmware file system for goodies. A Collection of different ways to execute code outside of the expected entry points. A tool to handle Firebird database management. Flare processes an SWF and extracts all scripts from it. Obfuscated String Solver - Automatically extract obfuscated strings from malware. Searches through source code for potential security flaws. A Vulnerability Scanner for Wordpress and Moodle. A security auditing and social-engineering research tool.

Block-based software vulnerability fuzzing framework. Multithreaded threat Intelligence gathering utilizing. A console program to recover files based on their headers, footers, and internal data structures. A tool for predicting the output of random number generators. Simple and fast forking port scanner written in perl. Can only scan on host at a time, the forking is done on the specified port range. Or on the default range of 1.

Helper script for working with format string bugs. Program that remotely determines DNS server versions. Identify unknown open ports and their associated applications. This is a utility to parse a F-Prot Anti Virus log file, in order to sort them into a malware archive for easier maintanence of your collection. IPMI remote console and system management software.

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Wrapper tool to identify the remote device and push device specific frida-server binary.

Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules also called "payload modules" or "paymods". A low-level filesystem sandbox for Linux using syscall intercepts. Automates file system mirroring through remote file disclosure vulnerabilities on Linux machines. The master of all master fuzzing scripts specifically targeted towards FTP server software.

FTP investigation tool - Scans ftp server for the following: reveal entire directory tree structures, detect anonymous access, detect directories with write permissions, find user specified data within repository. Scans remote FTP servers to identify what software and what versions they are running. A Python library used to write fuzzing programs. Tool that automates the process of detecting and exploiting file upload forms flaws. A python script for obfuscating wireless networks.

It sends a bunch of more or less bogus packets to the host of your choice. A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes.

An XML driven fuzz testing framework that emphasizes easy extensibility and reusability. A byte code analyzer for finding deserialization gadget chains in Java applications.

NET serialized gadgets that can trigger. Examine the contents of the IE's cookie files for forensic purposes. Network auditing and analysis tool developed in Python. A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

Simple, secure and performance file encryption tool written in C. This little tools is designed to get geolocalization information of a host, it get the information from two sources maxmind and geoiptool. GeoIPgen is a country to IP addresses generator. A graphical user interface for aircrack-ng and pyrit. Finding Ethereum nodes which are vulnerable to RPC-attacks. Command line utility for searching and downloading exploits. The application was created to allow anyone to easily download profile pictures from GG.

A Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. GUI suite for phishing and penetration attacks. Python script to generate obfuscated. Train a model and detect gibberish strings with it. Automatically spawn a reverse shell fully interactive for Linux or Windows victim.

A program to visually represent the Kismet data in a flexible manner. Dump the contents of a remote git repository without directory listing enabled. A tool to dump a git repository from a website. A batch-catching, pattern-matching, patch-attacking secret snatcher.

Python program to scrape secrets from GitHub through usage of a large repository of dorks. A pentesting tool that dumps the source code from. Monitor GitHub to search and find sensitive data in real time for different online services.

Collection of github dorks and helper tool to automate the process of checking dorks. A script that clones Github repositories of users and organizations automatically. An information gathering tool to collect git commit emails in version control host services. Tool for advanced mining for content on Github. Reconnaissance tool for GitHub organizations. A repository with 3 tools for pwn'ing websites with. A tool that Reads any gMSA password blobs the user can access and parses the values.

With drivers for usrp and fcd. A library which provides a secure layer over a reliable transport layer Version 2. A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. Google mass exploit robot - Make a google search, and parse the results for a especific exploit you define. A python script to find domains by using google dorks. A tool that automates queries against Google search appliances, but with a twist.

Extract strings from a Go binary using radare2. A golang, web screenshot utility using Chrome Headless. Lists information about the applied Group Policies. A real-time satellite tracking and orbit prediction application. Interactive SDR receiver waterfall for many devices. Gnuradio blocks and tools for receiving GSM transmissions.

A web application scanner. Basically it detects some kind of vulnerabilities in your website. Performs traffic redirection by sending spoofed ARP replies.

A tool to generate obfuscated one liners to aid in penetration testing. Tool that lists the different ways of reaching a given type in a GraphQL schema.

Scripting engine to interact with a graphql endpoint for pentesting purposes. Simple script for parsing web logs for RFIs and Webshells v1. A vulnerability scanner for container images and filesystems. Google Talk decoder tool that demonstrates recovering passwords from accounts. Search gtfobins and lolbas files from your terminal.

A simple program that checks if a host in an ethernet network is a gateway to Internet. Scans a website and suggests security headers to apply. A shell for with Pythonect-like syntax, including wrappers for commonly used security tools. A simple tool to scan and exploit redis servers.

A CLI tool to identify the hash type of a given hash. Simple framework that has been made for penetration testing tools. Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. Small, fast tool for performing reverse DNS lookups en masse.

Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.

A repository crawler that runs checksums for static files found within a given git repository. An small application designed to analyze your system searching for global objects related to running process and display information for every found object, like tokens, semaphores, ports, files,..

CLI tool for open source and threat intelligence. A python script which scraps online hash crackers to find cleartext of a hash. Software to identify the different types of hashes used to encrypt data and especially passwords. Multithreaded advanced password recovery utility.

Set of small utilities that are useful in advanced password cracking. Capture handshakes of nearby WiFi networks automatically. Search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. A tool that allows you to quickly hash plaintext strings, or compare hashed values with a plaintext locally.

A tool to search files for matching password hash types and other interesting data. Software to identify the different types of hashes used to encrypt data. A tool to exploit the hash length extension attack in various hashing algorithms.

A python script written to parse and identify password hashes. A tool for automating cracking methodologies through Hashcat. A Python framework for finding C structures from process memory - heap analysis - Memory structures forensics.

This tool allows you to test clients on the heartbleed bug. Small tool to capture packets from wlan devices. Set of tools to generate plainmasterkeys rainbowtables and hashes for hashcat and John the Ripper.

Portable solution for capturing wlan traffic and conversion to hashcat and John the Ripper formats. Generate HDCP source and sink keys from the leaked master key. Script that listens on TCP port and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's. Scans for systems vulnerable to the heartbleed bug, and then download them.

A simple and easy to use spear phishing helper. A special payload generator that can bypass all antivirus software. HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Converts Motorola and Intel hex files to binary. A very versatile packet injector and sniffer that provides a command-line framework for raw network access.

A database application designed for administering and auditing multiple database servers simultaneously from a centralized location.

This tool can perform man-in-the-middle and switch flooding attacks. It has 4 major functions, 3 of which attempt to man-in-the-middle one or more computers on a network with a passive method or flood type method. Modern phishing tool with advanced functionality.

A simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3. A general-use fuzzer that can be configured to use known-good input and delimiters in order to fuzz specific locations. A tool for Efficiently finding registered accounts from emails. Scans all running processes. Network credential injection to detect responder and other network poisoners.

A small daemon that creates virtual hosts on a network. A general-purpose fuzzer with simple, command-line interface. A high-interaction Honey Pot solution designed to log all SSH communications between a client and server.

A hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Integrated web scraper and email account data breach comparison tool. Reverse engineering tool that lets you disassemble, decompile and debug your applications.

A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. Modified hostapd to facilitate AP impersonation attacks. Hot patches executables on Linux using. Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names.

Count the number of people around you by monitoring wifi signals. Honeynet Project generic authenticated datafeed protocol. A security scanner for HTTP response headers. A web application analysis tool for detecting communications between javascript and the server. A Python script that exploits a weakness in the way that. Active HTTP server fingerprinting and recon tool. Self contained web shells and other attacks via. A tool to enumerate the enabled HTTP methods supported on a webserver.

A slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites.

An accompanying Python library is available for extensions. Tool for web server fingerprinting, also known as http fingerprinting. A web server fingerprinting tool Windows binaries.

A specialized packet sniffer designed for displaying and logging HTTP traffic. A tool for grabbing screenshots and HTML of large numbers of websites. A tool to test the strength of a SSL web server. Creates a bidirectional virtual data connection tunnelled in HTTP requests. A fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library. Intercepts data, does something with it, stores it. Collection of packet crafting and wireless network flooding tools.

Just another tool in C to do DDoS with spoofing. Very fast network logon cracker which support many different services. Flexible platform independent packet generator. A runtime encrypter for bit and bit portable executables. An AppleID password bruteforce tool. Send and receive ICMP queries for address mask and current time. A tool to simplify some common tasks for iOS pentesting and research. A collection of tools that allows to test network intrusion detection systems.

A network interface promiscuous mode detection tool. A tool for bruteforcing encoded strings within a boundary defined by a regular expression. It will bruteforce the key value range of 0x1 through 0x HTTP authentication cracker. It's a tool that launchs an online dictionary attack to test for weak or simple passwords against protected areas on an IIS Web server. Tool crafting IKE initiator packets and allowing many options to be manually set. Useful to find overflows, error conditions and identifiyng vendors.

An interception phone system for VoIP network. Small tool to package javascript into a valid image file. Command line utility and Python package to ease the un mounting of forensic disk images. Collection of classes for working with network protocols. A software suite for simulating common internet services in a lab environment, e.

Automated security testing tool for networks. A python script that checks output from netstat against RBLs from Spamhaus. Tool for gathering e-mail accounts information from different public sources search engines, pgp key servers.

A free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

Generate Payloads and Control Remote Machines. Multi-threaded Instagram Brute Forcer without password limit. A tool for collecting and processing security feeds using a message queuing protocol. Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support. The ergonomically designed handle makes this tool comfortable to hold for hours, meaning less hand fatigue and pain.

The brushless motor offers more power, runtime, and efficiency than brushed motors. Plus, the handy kickstand lets the user rest the planer on a work surface without damaging the material. When you need more power and precision, go for this DeWalt benchtop planer.

It has one of the best finishes of any small table saw with 96 cuts per inch, thanks to the three-knife cutter head with a 10, RPM speed. And with the turret depth stop, users can easily return to their most frequently used depths. This cordless circular saw makes easy work out of tough cuts, thanks to the 5, RPM motor that provides more power and speed than other models. The magnesium shoe ensures that this saw is durable, meaning that it will stay accurate for years to come.

This combo kit is a great option for anyone looking to build out their tool collection. These tools are ideal for the job site or the at-home DIY project. Miter saws are the easiest way to make various cuts from different angles with precision and accuracy, and this is one of the best DeWalt DWS Black Friday deals this year. The CUTLINE blade-positioning system offers a more accurate and visible cutline for the miter saw blade, while the powerful 15 amp motor provides more durability and power.

This saw can miter 60 degrees to the right and 50 to the left for an upgraded range of motion and capacity. This is a great feature on something like a miter saw where you need plenty of power but want the potential to move this saw where you need it to be stationed without relying on the AC power source. This job site table saw is on a rolling stand, so you can move it to where you need to go without compromising power and stability.

The rack-and-pinion fence system allows for fast and accurate adjustments. This compact table saw is full of features: It has onboard storage for blade guard assembly, anti-kickback pawls, a non-through cut riving knife, blade change wrenches, a miter gauge, and a push stick. The 15 amp, 5, RPM motor powers through materials with ease.

Testing expert Jim Hazen mentioned in his Automation Guild session on Model-Based Testing that a model is a physical representation of a thing or system for emulation and visualization. Systems modeling is the use of a model or models to conceptualize a business system or something else in the development itself.

Most companies have their own custom-developed front end, which uses behind-the-scenes, off-the-shelf backends, and databases. So, using web-based Selenium functional tests will not get you the coverage you need.

For example, with a model-based approach, you have one section of the model that focuses purely on the browser, which is one tech stack and how the user can interact with it. The second a user enters an order from the browser UI, the test can jump straight into your Salesforce environment. This allows you, for example, to verify that a purchase order just entered by the browser is the correct one. And the data entered matches the actual items added. So you would do a business logic validation there.

You would typically do other validations as well, ensuring that the currency is correct, the actual numbers are correct, and the order actually gets fulfilled. Using model-based approaches will find the integration issues across different environments while avoiding the data issue we talked about earlier.

It also helps test the critical boundary values of your application. Especially with what has traditionally been called non-functional testing. Many automation solutions rely on being able to see and interact with the elements under test, so they tend not to be great choices for package-based, black-box test automation. So if you can get a user to connect to the systems, you can go from a browser perspective on the actual website straight to your Salesforce , using the exact same test that can run the queries via the database tooling.

After speaking with Ethan on my podcast I decided to give it a look. Eggplant uses DAI, which stands for Digital Automation Intelligence, and it's a combination of artificial intelligence, machine learning as well as their automation platform that performs complex, E2E, black-box testing.

The first thing I noticed was that all the types of testing activities can be performed and viewed in one dashboard location. As I mentioned earlier, Ethan recommended a model-based technique for automation, and Eggplant follows this approach.

It also gives you the capability of building a model of exactly what you want it to be; you can scale a model according to your development team's specific needs. You can do it however you wish. The first concept is the gray boxes that Eggplant refers to as actions. Actions are what a user would typically interact with, like a sign-in, submit, password, and so forth.

The second concept is known as states. You can think of them as pages if you like. States encompass your actions, i.