Microsoft Windows


Flamingo is an open-source utility that spawns a number of network daemons, waits for inbound credentials, and reports them through a variety of means.

Flamingo is written in Go and captures inbound credentials for SSH, HTTP, LDAP, FTP, and SNMP, as well as log inbound DNS (and mDNS) queries. On the output side, Flamingo can log to a file, standard output, deliver to a webhook, write to a remote syslog server, or all of those at once. As a Go binary, everything is baked into a single executable, and it cross-compiles to almost every supported Go platform and architecture.


This is a javascript binding for libquiet, a library for sending and receiving data via sound card. It can function either via speaker or cable (e.g., 3.5mm). Quiet comes included with a few transmissions profiles which configure quiet's transmitter and receiver. For speaker transmission, there is a profile which transmits around the 19kHz range, which is essentially imperceptible to people (nearly ultrasonic). For transmission via cable, quiet.js has profiles which offer speeds of at least 40 kbps. There is also a live example you can use at


Beamgun is an open-source Windows application that mitigates against rogue USB devices. Beamgun runs in the background of your Windows PC and listens for USB device insertions. When a USB keyboard device is plugged in, Beamgun blocks all keystrokes until it is reset. If a USB Lan adapter is plugged in, it is disabled. It also has an option to disable USB Mass Storage devices.

Beamgun was designed specifically with Rubber Duckies, LAN Turtles, and PoisonTaps in mind.

Evil foca

Evil Foca is a tool for security pen testers and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
The tool is capable of carrying out various attacks such as:

MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.
MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.
DoS (Denial of Service) on IPv4 networks with ARP Spoofing.
DoS (Denial of Service) on IPv6 networks with SLAAC DoS.
DNS Hijacking.
The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the physical addresses through a convenient and intuitive interface.


FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.

It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files, for instance.

These documents are searched for using three possible search engines: Google, Bing, and Exalead. The sum of the results from the three engines amounts to a lot of documents. It is also possible to add local files to extract the EXIF information from graphic files, and a complete analysis of the information discovered through the URL is conducted even before downloading the file.

With all data extracted from all files, FOCA matches information in an attempt to identify which documents have been created by the same team and what servers and clients may be inferred from them.


SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.

There are three main areas where SpiderFoot can be useful:

If you are a pen-tester, SpiderFoot will automate the reconnaissance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.

Understand what your network/organization is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.

SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.

Dumproc 0.2

A quick tool for dumping memory from a process or writing data into it.


Nice tool for checking all the URLs in an input text file and scanning them sequentially. Its primary purpose is to verify if the username and password for a website are valid but can also check if pages exist or not.

Lame Patcher 0.4.4b

file patcher available with both GUI (on Windows) and command-line mode plus various features. It uses some text files with the lpatch extension for the list of operations to perform on the target file to patch.These text files are trivial to create and edit and allow to specify comments, the default name of the file to patch, an introduction to display before apply the patch, MD5 hash verification, the modification of a byte at a specific offset, the substitution of a sequence of bytes or a string, wildcards and more.Exists also an older version of "patch files" used for substituting bytes at fixed offsets and are identified by the lpatch.dat name.On Windows the tool can also be used to patch a running process and launching+patching it.
this patcher and its patch files are the only that I use for my patches.

ICMPInfo 0.2

A tool that uses ICMP type 13 (timestamp RFC792) and 17 (netmask RFC950) for retrieving the current time and the net-mask of a remote host.

Syndicate content