OpenBSD, FreeBSD, Solaris, and/or other Unix variants


HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

x Multiples modules to execute.
x Save the output to an specify directory.
x HTML Reporting.
x Use multiples wordlist to probe against htaccess bypassing.
x Mode verbose for a full detailed information.
x Recursive crawling engine.

$ python htexploit

H H TT E l ii t
HHHH TT EEE x x ppp l ooo ttt
H H TT E x p p l o o ii t
H H TT EEEE x x ppp l ooo ii tt
p v0.77

Usage: htexploit -u [URL] [options]

-h, --help show this help message and exit
-u URL, --url=URL **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
Specify the output directory (Default: Random)
-w WORDLIST, --wordlist=WORDLIST
Specify the wordlist to use (Default: 'res/FullList')
-v, --verbose Verbosity level (Default: 0)

Example Usage:
python htexploit -u somesite.com -w somewordlist_not_included -o folder_to_output


Collection of single use scripts written for windows forensics


Ruby-Nessus is a ruby interface for the popular Nessus vulnerability scanner. Ruby-Nessus aims to deliver an easy yet powerful interface for interacting and manipulating Nessus scan results and configurations. Ruby-Nessus currently supports both version 1.0 and 2.0 of the .nessus file format.


Auto_Exploit is a replacement plugin for Metasploit's missing db_autopwn module written by Dark Operator.


JSwat is a graphical Java debugger front-end, written to use the Java Platform Debugger Architecture and based on the NetBeans Platform. JSwat is open-source software and is freely available in both binary and source code form. Its features include sophisticated breakpoints; colorized source code display with code navigator; movable display panels showing threads, call stack, visible variables, and loaded classes; command interface for more advanced features; and Java-like expression evaluation, including method invocation.


A tool for parsing MS-CHAPv2 handshakes, which can then be submitted to CloudCracker for cracking.


knockknock is a simple, secure, and stealthy port knocking implementation that does not use libpcap or bind to a socket interface.


tortunnel is a partial Onion Proxy implementation designed for building single-hop circuits through Tor exit nodes.


An Android application and corresponding PAM module that provide SecureID style two-factor authentication without the use of specialized hardware or the hassle of setting up special authentication services.


A small Linux app that, when run, makes your machine appear to be anywhere you specify on the internet.

Syndicate content