Search the Community

ZaiwriteAI is the best AI content-writing script. Using ZaiwriteAI you can easily get more than 70+ premade templates and write content in 30+ languages. ZaiwriteAI is an advanced AI writing tool that can help you create high-quality content quickly and easily. Whether you need to write an article, a report, a blog post, or any other type of written content, ZaiwriteAI can assist you in generating unique and engaging text. [Hidden Content] [hide][Hidden Content]]

A CLI tool (and library) to identify hash types (hash type identifier). Features 519+ hash types detected Modern algorithms supported (SHA3, Keccak, Blake2, etc.) Hashcat and John the Ripper references CLI tool & library Hackable v1.5.0 - Cyberpunk Highlights 🎨 New output colors (Cyberpunk theme) and colorized help message 📈 19 new hash types 🥇 added new samples ☑️ many enhancements (add JtR or HC ref/id, better description, fixes) [hide][Hidden Content]]

CyberTools is a collection of useful tools and utilities that people often search for on the internet. It has a lot of amazing tools that your users can use in their day-to-day tasks we will keep adding new tools in updates. It is built on the Latest Laravel framework which utilizes PHP 8.0+ massive performance boost It is built with a fully responsive design based on Latest Twitter Bootstrap to ensure that your website will look flawless and beautiful on every mobile and desktop device. It also has strong cross-browser support. You can earn by placing Google Adsense Ads or similar Advertising platforms. We are adding subscriptions in the next update to convert it into a SaaS product. You can earn money by offering paid memberships to the users. There is a lot more to discover for you & we have great plans for future updates. [Hidden Content] [hide][Hidden Content]]

YOORI is a complete eCommerce solution for the most common shopping platforms. It has a lot of build-in futures which are actually needed for every shopping site. [Hidden Content] [hide][Hidden Content]]

The Shop is the best ecommerce CMS in terms of speed and fast loading.PWA based e-commerce CMS. Front end on vue.js. Laravel-based admin panel. An efficient and ultra-secure admin panel with the latest technology. [Hidden Content] [hide][Hidden Content]]

Simple forum is the responsive bulletin board and community forum software that can be used to stay in touch with a group of people or can power your entire website. [Hidden Content] [hide][Hidden Content]]

Xcash, a professional Digital Wallet Platform that’s comes with Premium features to take your business to a higher level. It is a complete premium item that comes with all features with a combination of payment processor and Electronics wallet. It comes with an API system that can other websites or merchants able to connect with your wallet easily. it’s something like Paypal, Neteller, or Payoneer. Our RND team prepares this unique business model where you will have an “all in one” system. It’s developed for those people who want to start their Digital wallet business website. there are approximately 170 mobile wallets worldwide. Some of them are well-known such as Apple Pay, Alipay, Wechat, Paypal, Google Pay, Android Pay, while others are small, local, and/or regional, and familiar to almost no one but their users. [Hidden Content] [hide][Hidden Content]]

Today’s world is interconnected and our team is providing you with ease to connect with your family, friends, colleagues, and employees through our app with much efficiency in today’s digital world. VIDXA – Free video call and meeting app are designed simply to provide the user with an easy to operate, as the user is our priority. Complexity is much avoided in designed keeping in mind the demand and work conditions of our territory which makes it user friendly. VIDXA; Web app written in HTML, CSS and jаvascript and the latest material design guidelines are followed. We focus on providing an easier to use the product as well as cost-saving. [Hidden Content] [hide][Hidden Content]]

WebFlix its web application run under flix plateform that used to create you own movies / tv series / tv channels plateform . With powerful features and beautiful and Responsive design and ultimate Admin Panel can manage Movies ,Tv series ,Tv channels ,Genres ,Categories , Subscription ,website settings, mobile application settings and more . This application created by using symfony framwork and Php/MySQL for database. By using this application you can save your money and time in creating application for your own movies plateform(website / mobile application) [Hidden Content] [hide][Hidden Content]]

Fierce is a DNS reconnaissance tool for locating non-contiguous IP space. Useful links: Domain Name System (DNS) Domain Names – Concepts and Facilities Domain Names – Implementation and Specification Threat Analysis of the Domain Name System (DNS) Name Servers (NS) State of Authority Record (SOA) Zone Transfer DNS Zone Transfer Protocol (AXFR) Incremental Zone Transfer in DNS (IXFR) Wildcard DNS Record Overview First, credit, where credit is due, fierce, was originally written by RSnake along with others at [Hidden Content]. This is simply a conversion to Python 3 to simplify and modernize the codebase. The original description was very apt, so I’ll include it here: Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware. Changelog [1.5.0] – 2021-12-05 Added Official Python 3.9 support Official Python 3.10 support Changed Improved various error handling Removed Official Python 3.5 support [hide][Hidden Content]]

Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes. Installing HashDB Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA. (pip install requests) Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes! [hide][Hidden Content]]

APK Lab The ultimate Android RE experience right inside your VS Code. APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer, and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali Decompile the APK to Java source Analyze & Hack effectively with feature-rich VS Code Build an APK from Smali and resources Sign the APK seamlessly during the build Install the APK directly from VS Code Support for Apktool-style projects (apktool.yml) Support for most Apktool CLI arguments Android resource frameworks management (Coming soon!) Support for user-provided keystore for APK signing Download and configure missing dependencies Excellent Smali language support with Smalise Supports Linux, Windows, and Mac Changelog v1.5 Added apktool updated to v2.6.0 apk-mitm updated to v1.1.0 feat: auto update check for tools on startup (dev) use yarn instead of npm (ci) auto publish release on tag (ci) use yarn cache for faster builds (ci) migrate to nodejs v14 Fixed fixed some bug/warning (dev) updated other dependencies [hide][Hidden Content]]

Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.5 GUI Features: QTable Heuristic result view Node limiting Single/All function heuristic search Heuristic result export Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping [hide][Hidden Content]]

Hosting Billing is a client management and invoicing system for web hosting and domain registration resellers. It comes packed with features that are designed to automate your daily tasks, saving you time and money. [Hidden Content] [hide][Hidden Content]]

Main Features .NET - Coded in Visual Basic .NET, requires .NET Framework 4.5 Codedom - No need for external libraries to compile Injection (Silent) - Hide payload behind another process Idle Mining - Can be configured to only mine when the computer isn't in use Stealth - Pauses the miner while Task Manager, Process Explorer or Process Hacker is open Watchdog - Replaces the miner if removed and starts it if closed down Ethash - Supports mining all Ethash coins like Ethereum, Ethereum Classic, Metaverse, Ellaism, QuarkChain and others Remote Configuration - Can get the connection and miner settings remotely from a URL, will get the configuration around every 60-90 minutes Bypass Windows Defender - Adds exclusions into Windows Defender for the general folders the miner uses Online Downloader - Can download the miner binary during runtime (from GitHub) to greatly decrease file size and detections v1.5 is the final update before the new, greatly improved unified miner that I'm working on. Added the Online Downloader option that makes the miner download the miner binary (from GitHub) during runtime to greatly decrease file size (to less then 100kb) and detections - Also added a cache so that it won't have to download the miner on every start Added the Stealth Targets option which allows you to enter which programs the Stealth option should pause for Added new options to 'Remote Configuration' that allows you to change some miner settings Now checks the 'Remote Configuration' settings around every 60-90 minutes Added {COMPUTERNAME}, {USERNAME} and {RANDOM} replacement strings support into 'Remote Configuration' Made the Task Scheduler task start for all users Fixed string that was triggering Windows Defender Improved Watchdog program flow Renamed "Kill" Windows Defender to Bypass Windows Defender to better represent the new functionality Updated miner and made it more stable Improved obfuscation/encryption [hide][Hidden Content]]

ScareCrow ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, utilizing a technique to flush an EDR’s hook out the system DLLs running in the process’s memory. This works because we know the EDR’s hooks are placed when a process is spawned. ScareCrow can target these DLLs and manipulate them in memory by using the API function VirtualProtect, which changes a section of a process’ memory permissions to a different value, specifically from Execute–Read to Read-Write-Execute. When executed, ScareCrow will copy the bytes of the system DLLs stored on disk in C:\Windows\System32\. These DLLs are stored on disk “clean” of EDR hooks because they are used by the system to load an unaltered copy into a new process when it’s spawned. Since EDR’s only hook these processes in memory, they remain unaltered. ScareCrow does not copy the entire DLL file, instead only focuses on the .text section of the DLLs. This section of a DLL contains the executable assembly, and by doing this ScareCrow helps reduce the likelihood of detection as re-reading entire files can cause an EDR to detect that there is a modification to a system resource. The data is then copied into the right region of memory by using each function’s offset. Each function has an offset which denotes the exact number of bytes from the base address where they reside, providing the function’s location on the stack. In order to do this, ScareCrow changes the permissions of the .text region of memory using VirtualProtect. Even though this is a system DLL, since it has been loaded into our process (that we control), we can change the memory permissions without requiring elevated privileges. Once these the hooks are removed, ScareCrow then utilizes custom System Calls to load and run shellcode in memory. ScareCrow does this even after the EDR hooks are removed to help avoid being detected by non-userland hooked-based telemetry gathering tools such as Event Tracing for Windows (ETW) or other event logging mechanisms. These custom system calls are also used to perform the VirtualProtect call to remove the hooks placed by EDRs, described above, to avoid being detected an any EDR’s anti-tamper controls. This is done by calling a custom version of the VirtualProtect syscall, NtProtectVirtualMemory. ScareCrow utilizes Golang to generate these loaders and then assembly for these custom syscall functions. ScareCrow loads the shellcode into memory by first decrypting the shellcode, which is encrypted by default using AES encryption with a decryption and initialisation vector key. Once decrypted and loaded, the shellcode is then executed. Depending on the loader options specified ScareCrow will set up different export functions for the DLL. The loaded DLL also does not contain the standard DLLmain function which all DLLs typically need to operate. The DLL will still execute without an issue because the process we load into will look for those export functions and not worry about DLLMain being there. During the creation process of the loader, ScareCrow utilizes a library for blending into the background after a beacon calls home. This library does two things: Code signs the Loader: Files that are signed with code signing certificates are often put under less scrutiny, making it easier to be executed without being challenged, as files signed by a trusted name are often less suspicious than others. Most antimalware products don’t have the time to validate and verify these certificates (now some do but typically the common vendor names are included in a whitelist) ScareCrow creates these certificates by using a go package version of the tool limelighter to create a pfx12 file. This package takes an inputted domain name, specified by the user, to create a code signing certificate for that domain. If needed, you can also use your own code signing certificate if you have one, using the valid command-line option. Spoof the attributes of the loader: This is done by using syso files which are a form of embedded resource files that when compiled along with our loader, will modify the attribute portions of our compiled code. Prior to generating a syso file, ScareCrow will generate a random file name (based on the loader type) to use. Once chosen this file name will map to the associated attributes for that file name, ensuring that the right values are assigned. Changelog v1.5 Bug fixes Fixed error with delivery commands ‘htaandbits` that prevented the one-line command from displaying. Added in additional controls to allow certain types of loaders to be used with certain delivery commands (to prevent incompatibilities) Updated help menu & README to indicate which delivery commands work well with what loaders [hide][Hidden Content]]

What is this? Have you ever come across a hash such as 5f4dcc3b5aa765d61d8327deb882cf99 and wondered what type of hash that is? 🤔 Name-that-hash will name that hash type! 🔥 Features 📺 Popularity Ratings – Name that hash will show you the most popular hashes first. In older systems, it would prioritise Skype Hash the same as Active Directory’s NTLM! Which makes as much sense as saying that my GitHub is as popular as VSCode 📈 ✍ Hash Summaries – no more wondering whether it’s MD5 or NTLM. It will summarise the main usage of each hash, allowing you to make an informed & decisive choice ⚡ 🌈 Colour Output – Don’t worry, the colours were hand-selected with a designer to be 100% accessible and gnarly 😎 🤖 JSON output && API – Want to use it in your project? We are API first, CLI second. Use JSON output or import us as a Python module! 💾 👵 Updated! – HashID was last updated in 2015. Hash-Identifier in 2011! It is a 2021 project 🦧 ♿ Accessible – We are 100% committed to making this an accessible hacking tool 🙏 🎫 Extensible – Add new hashes as quickly as you can edit this README. No, seriously — it’s that easy! 🎱 Changelog v1.5 What’s Changed Added 5 new Kerberos hash types (#67) @amadejpapez docs: add amadejpapez as a contributor (#64) @allcontributors [hide][Hidden Content]]

BlueEagle jRAT V1.5 [Windows RAT / Linux RAT / MAC RAT] [Windows RAT] [Linux RAT] [MAC RAT] Ver 1.5 Updated for hacking android , the apk Builder is standlone in zip file provided This is a cross platform RAT tool (java RAT) / (jRAT) which is { [Windows RAT] [Linux RAT] [MAC RAT] } which is fully programmed in java be a user friendly and easy to use and builds out trojans (.jar) and controls the victims running those trojans on same port at same time ,this tool is fully in java (Client & Server in java) and this tool is now registerd to be free , and on the user responsibility 🏳 This is For Educational Purposes Only ! and User is responsible for his usage of this Tool 🔞 For Example : Parental Control , Track what your children are doing. Business Administration , Monitor what employees are doing. School/Institutions , for students Personal Control and File Backup , Make sure no one is using your computer when you are away. Other Noble Purposes Default logins : admin , admin [hide][Hidden Content]]

Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]

Start your own website like OnlyFans.com or Patreon.com and grow like mad. It’s like a social network but allows content creators to directly earn MONEY from their FANS for their PREMIUM content. [Hidden Content] [hide][Hidden Content]]

Introduction SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine and many features for penetration testers. SQLMap is capable of databases fingerprinting, fetching data from the databases, accessing the database file systems, running different commands on the target server, etc. SQLmap: Automatic SQL Injection Tool This very powerful exploitation tool is developed in Python an it’s FREE to use. It requires Python version 2.6.x or 2.7.x. and comes preinstalled on Kali Linux, but can be run on any platform. Features SQLmap have many features divided into 3 groups: GENERIC FEATURES FINGERPRINT AND ENUMERATION FEATURES TAKEOVER FEATURES We’ll list some of them here: Full support for:MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band. Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass. Capable to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Ability to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command. [hide][Hidden Content]]

SmartPost is a social marketing tool which helps you to easily schedule and auto post to your favourite social network platforms. SmartPost comes with 9 social networking platform which includes Facebook, Twitter, VK, Youtube, Google Business, LinkedIn, Tumblr and Instagram. It will increase your Traffic. [Hidden Content] [hide][Hidden Content]]

HawkScan Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains. This script uses “waybacktool” to check in waybackmachine. Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak, index.php~ …) Check header information Check DNS information Check whois information User-agent random or personal Extract files Keep a trace of the scan Check @mail in the website and check if @mails leaked CMS detection + version and vulns Subdomain Checker Backup system (if the script stopped, it take again in the same place) WAF detection Add personal prefix Auto-update script Auto or personal output of scan (scan.txt) Check Github Recursive dir/file Scan with an authentication cookie Option –profil to pass profil page during the scan HTML report Work it with py2 and py3 Add option rate-limit if the app is unstable (–timesleep) Check-in waybackmachine Response error to WAF Check if DataBase firebaseio exist and accessible Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30 Search S3 buckets in source code page Testing bypass of waf if detected Testing if it’s possible scanning with “localhost” host Changelog v1.5 Auto activate JS during scan if the webite is full JS (website 2.0) [hide][Hidden Content]]

[Hidden Content] [Hidden Content]

massExploitConsole a collection of tools with a cli ui disclaimer Please use this tool only on authorized systems, I’m not responsible for any damage caused by users who ignore my warning I do not own the code of adapted exploits or tools exploits are adapted from other sources, please refer to their author info Please note, due to my limited programming experience (it’s my first Python project), you can expect some silly bugs Feature an easy-to-use cli ui execute any adpated exploits with process-level concurrency some built-in exploits (automated) hide your ip addr using proxychains4 and ss-proxy (built-in) zoomeye host scan (10 threads) google page crawler with gecko and Firefox (not fully working) a simple Baidu crawler (multi-threaded) censys host scan Changelog v1.5 fix zoomeye code refactoring fix the zombie process better multiprocessing [HIDE][Hidden Content]]