DARKARMY - Penetration Testing Tools
Last Updated :
08 Jun, 2023
The Darkarmy provides you with a list of tools used for penetration testing all in one place. It saves time for searching for tools under different circumstances. It makes pen testing more straightforward and more user-friendly. It doesn't have built-in tools, but tools will be installed according to user input. The tool is getting more popular day by day and is used by most beginners in cyber security.
What is Darkarmy - Penetration Testing Tool
Darkarmy is an open-source tool written in Python language. It is all a Penetration Testing Tool with different categories for pen testing. It is easier and user-friendly to use for penetration testing as the user doesn't have to search for tools online and install them manually. Darkarmy includes some of the best tools needed for penetration testing. It has 11 different categories, such as Information Gathering, Password Attack, Wireless Testing, Exploitation Tools, etc. All 11 categories include many different tools like wireless testing, including Reaver, pixiewps, Bluetooth Honeypot GUI Framework, and Fluxion. The Darkarmy tool is updated on a regular basis to include more unique tools.
Installation Guide:
Step 1: To install the tool, first move to the directory of Desktop and then install then clone the repository of GitHub using the following commands.
Note: The tool must run as root.
cd Desktop
git clone https://github.com/D4RK-4RMY/DARKARMY.git
Step 2: Now, the tool is cloned to the Desktop Directory. So now we have to move to the tool Directory Darkarmy.
cd DARKARMY
Step 3: After moving to the Tool Directory, list the files inside it by typing the command the following.
ls
Step 4: You can see the install Bash file. It's the main file to install the tool. Give it the Execute permission by typing the below command; execute permission is given to make the file executable.
chmod +x install.sh
Step 5: Now run the install.sh file, which is the main installer file.
sudo bash install.sh
A new window will appear, showing the installation process.
Installation
Installation is being processed; wait for 10 seconds. After that, the installer will be closed automatically, and the terminal will ask for further installation.
Finally, the installation is completed, and all necessary packages are installed accordingly.
After installation of the tool, The main menu will appear, or you can run the tool by just typing Darkarmy. The main menu will show you 13 different options. 11 options are for different categories of pen-testing. You can select any option according to your need, and you will see different tools inside it.
Main Menu
Let's start with some examples.
Information Gathering
Information gathering is the first and most crucial step in penetration testing. It is the process of gathering as much information as possible about the target system or network. This information can be used to identify vulnerabilities and exploit them.
Step 1: Let's select option 1, which is Information Gathering, the most common type of pen-testing. Under option 1, you can see 10 different tools for Information Gathering.
Step 2: Let's again select option 1, which is Nmap.
Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
Step 3: Nmap will be installed soon. It may take up to 3 mins. After installation, you will be returned to the main menu. Now open a new terminal and type the following command to use Nmap for scanning open ports.
sudo nmap -n -PN -sT -sU -p- <ip address/domain>
Breaking down the command:
n - It speeds up the scan by skipping reverse DNS lookup.
PN - It assumes the host is online and doesn't show "host seems down."
sT - It scans for TCP connections.
sU - It scans for UDP connections.
Combining all these, it will scan for all TCP and UDP open ports.
You can see in the above image Nmap gives results of the open ports and services used. Like this, you can install many tools according to your pen-testing needs in the same way.
XSStrike
Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious code into a website. This malicious code can then be executed by the victim's browser when they visit the website. XSS can be used to steal cookies, session tokens, and other sensitive information. It can also be used to hijack accounts, deface websites, and launch denial-of-service attacks.
Step 1: Select option 7 in the information gathering menu. It will install the XSStrike tool.
XSStrike uses a number of techniques to scan websites for XSS vulnerabilities, including:
- Fuzzing: XSStrike sends a variety of malicious inputs to the website to see if it can be exploited to inject malicious code.
- Parsing: XSStrike parses the website's HTML and JavaScript code to look for potential XSS vulnerabilities.
- Scanning: XSStrike scans the website's source code for known XSS vulnerabilities.
Step 2: Enter the following command to view the usage of the tool.
python3 xsstrike.py -h
Step 3: Now, write the following command to find the XSS vulnerability.
python3 xsstrike.py -u <url to test>
Wireless Testing
Wireless testing is the process of evaluating the performance, security, and compliance of wireless devices and networks. It is used to ensure that wireless devices meet regulatory requirements, function as intended, and are not vulnerable to attack.
Step 1: Select option 3 in the main menu of the tool i.e. Wireless Testing..
Step 2: Select option 1 i.e. reaver, and the tool will start installing.
Reaver is a tool that can be used to brute-force the WPS pin of a WiFi router. WPS is a feature that allows users to easily set up a WiFi network by entering a PIN on the router and on the client device. However, WPS has been found to be vulnerable to brute-force attacks, which is where Reaver comes in. Reaver works by sending a series of packets to the router that forces it to try all possible WPS PINs until the correct one is found. This can take a long time, depending on the length of the PIN, but Reaver can be used to crack even the most complex PINs.
Step 3: Open a new terminal and enter the following command to set up the wireless device in monitoring mode.
sudo airmon-ng start wlan0
Here wlan0 is your wireless interface.
The command airmon-ng start wlan0 is used to put the wireless interface wlan0 into monitor mode. Monitor mode is a mode where the wireless interface can capture all packets on the network, even if they are not directed to the interface.
Step 4: Now, enter the following command to list out the information of the wireless networks around you.
sudo airodump-ng wlan0mon
This command is often used to collect information about wireless networks, such as the network name (SSID), the BSSID (MAC address of the access point), the encryption type, and the signal strength. This information can be used to crack the wireless network password or to map out the layout of a wireless network.
Step 5: Now we need to know which wifi device has open WPS. So for this, enter the following command.
sudo wash -i wlan0mon
Step 6: Copy the BSSID of the network you want to connect. Now enter the following command to start the attack.
reaver -i <interface> -b <bssid>
<interface> is the name of the WiFi adapter that you are using to connect to the target network.
<bssid> is the MAC address of the target WiFi router.
Reaver will start trying all possible WPS PINs. This may take a few minutes or even hours, depending on the length of the PIN. Once the correct PIN is found, Reaver will display the WPA/WPA2 PSK of the WiFi network. You can now use the WPA/WPA2 PSK to connect to the WiFi network without knowing the password.
Similar Reads
Penetration Testing Tools
DARKARMY - Penetration Testing ToolsThe Darkarmy provides you with a list of tools used for penetration testing all in one place. It saves time for searching for tools under different circumstances. It makes pen testing more straightforward and more user-friendly. It doesn't have built-in tools, but tools will be installed according t
7 min read
Validating a Vulnerability Metasploit in Kali LinuxMetasploit is a popular open-source platform for developing, testing, and executing exploits and payloads. It is widely used by security professionals and researchers to identify and exploit vulnerabilities in systems and networks. Metasploit consists of a large database of exploits and payloads tha
6 min read
Creating a Persistent Reverse Shell with Metasploit in Kali LinuxA reverse shell is a type of network connection in which a command shell is executed on a remote machine, and the input and output of the shell are transmitted over the network back to the local machine. This allows a user on the local machine to execute commands on the remote machine and receive th
4 min read
Working with Payload Metasploit in Kali LinuxThe Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinel
5 min read
Using Metasploit and Nmap to Scan for Vulnerabilities in Kali LinuxThe Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinel
3 min read
Evil Twin in Kali LinuxEvil Twin Attack is a Wi-Fi hacking technique that tricks the user into connecting to a spoofed targeted network, making it nearly impossible to determine whether the network is real or fake, resulting in the user entering their password in the fake network hosted by the Hacker. How does Evil Twin A
3 min read
How to use a Reverse Shell in Metasploit in Kali LinuxMetasploit is not just a single tool. It is a complete framework. It is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code, it is flexible and extremely robust and has tons of tools to perform various simple and complex tasks. Metasploit Fram
4 min read
Linux - Metasploit CommandMetasploit is an open-source penetration testing framework and a suite of security tools used for a myriad of purposes like information gathering, scanning, pen testing, exploiting, encoding, firewall evasion, and even post-exploitation phase. The framework is constituted of different categories and
5 min read
What is the Metasploit Framework in Linux?A Metasploit framework is a tool that is used by ethical hackers, security researchers, and pentester to testing of the vulnerability. It helps us to find vulnerabilities in networks, systems, and IoT. It's an open-source tool. It can be customized with the operating system. It's a bunch of exploits
4 min read
Footprinting with Nmap in Kali LinuxFootprinting is the technique of gathering information about a targeted network or computer system such as the version of OS the target is using, the kernel version (for Linux-based targets), the version of web hosting software (for server targets), etc. Footprinting could be both active and passive
5 min read
How to use Hydra to Brute-Force SSH Connections?Let's explore using Hydra to brute-force SSH. One of the most popular tools in a hacker's toolbox is Hydra. It is a great tool for brute force attacks, and you can use it both as a blue team to audit and test ssh passwords against popular password lists like rockyou.txt and crack station wordlists a
5 min read
Autopsy - Cyber Forensic Browser in Kali LinuxThe Autopsy is a cyber forensic tool used for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS). It can also be used to recover deleted files and also show various sectors of uploaded images making it easier to make an in-depth analysis of the image. In this article,
2 min read
Xcapy - Tool For XSS Detection Suite for CTFs gamesXcapy is a free and open-source tool available on GitHub that was developed to find cross-site scripting (XSS Vulnerabilities) on web applications and websites. Cross-site scripting is a vulnerability found in the javascript code of web applications and websites. This tool is written in python langu
2 min read
BrokenSMTP – Python Script to look common vulnerabilities on SMTP serverSMTP (Simple Mail Transfer Protocol) is a protocol for email clients to move messages between servers, on the way to the end-users. What if the security is been breached in middle? All the messages will be leaked and there will be privacy issues which can lead to financial and personal losses for en
3 min read
Tool-X - Hacking Tool Installer in Kali LinuxTool-X is a free and open-source tool written in python that is available on GitHub. Tool-X is used by security researchers and pen-testers in the early stages of reconnaissance and pen-testing. It is an installer framework for Kali Linux that has approximately 300 tools available on its menu. It wi
2 min read
Kaboom - Automatic Pentest Bash ScriptKaboom is an automated cyber-security tool developed in the Bash Script which can perform the task of Information Gathering on the target host and also can perform Vulnerability Assessment. Kaboom tool has support to multiple target scanning simultaneously, we can pass the range to target IP address
2 min read
Fast Google Dorks Scan - Automatic Dork Hacking ToolFast Google Dorks Scan also known as Google Dorking, is a hacker technique that employs Google Search and other Google tools to identify security flaws in website setup and computer code. The OSINT project's main goal is to gather all possible Google dorks search combinations and identify informatio
2 min read
How to Install and Use Radio Tray on Linux?Radio Tray is not the traditional software. This is not software that is generally needed by any developer. It is the software that can only fulfill your musical needs. It is online radio-like software. It can be able to play songs online. But there are many other software presents that perform the
5 min read
HackerTarget ToolKit - Tools To Help Organizations With Attack Surface DiscoveryInformation Gathering is an important part of Penetration Testing of web applications or any network application. Collecting more information about the target can help the attacker to easily gain access to the target domain server. HackerTarget is a python-based tool that is fully automated for Info
2 min read
Longtongue - Customized Password/Passphrase List Inputting Target InfoUsernames and Password values are the most commonly used techniques for authentication pursuits in almost every web application or any type of application. When the credentials provided in this type match the values stored at the target domain server, only the user is authenticated to the website fe
3 min read
NXcrypt - Python Backdoor FrameworkNXcrypt is a polymorphic crypter with Python backdoors. The output is completely unnoticeable. NXcrypt uses a multi-threading mechanism to inject a malicious python file into a regular file. Use the superuser's permissions to run it. The output of NXcrypt is completely untraceable and is python base
2 min read
Zydra - Recover Password Protected PDF, ZIP, and RARIf you have lost your password of any zip, pdf, rar file, then here is an interesting tool for recovering passwords of the pdf file, zip, rar files. We use to save our crucial data in PDF, ZIP, RAR files as in encrypted format, but sometimes we forget the password and lost our data. Password encrypt
3 min read
System Monitoring and Management
Networking and Security
OS Detection in Nmap in Kali LinuxNMAP stands for Network Mapper which is an open-source tool used for network exploration and security auditing, in comparison to this, a tool named Nessus is used by industry professionals. These tools are mainly used by cybersecurity experts and hackers. Its main purpose is: Provide the list of the
3 min read
Smap - A Drop-In Replacement For Nmap Powered By Shodan.IoSo we all know about the tool Nmap (Network Mapper) and just like the NMAP tool, Smap is also a network scanner that is used to discover any host and services running on a target system by sending packets and analyzing the responses. Smap is a passive Nmap-like scanner built with shodan.io, it is a
2 min read
Subjs - Fetches javascript file from a list of URLS or subdomainsThe web-based application is the collection of various hosted files like CSS, HTML, JS, etc. JS files are the core or essential files which can contain some secrets of the web application. Undocumented endpoints information is also crucial, and it can be available in the form of JS files. Subjs is a
3 min read
Pathprober - Probe And Discover HTTP PathnamePathprober is an automated tool developed in the Python language which aims to probe and discover HTTP and HTTPS path names by using the technique of brute-forcing and also filters the specific word or can filter more than 2 words. Brute-forcing website directories or HTTP path-name and authenticati
3 min read
Subdomains.Sh - Wrapper Around Tool used to find SubdomainsSubdomains are the part of the main domain that comes before the main domain name and domain extension. The functionality of web applications is been divided into various subdomains. In cyber-security subdomains plays an important role, as the bugs which are not detected in the main domain can be id
2 min read
Pymeta - Search The Web For Files On A Domain To Download And Extract MetadataPyMeta tool is an automated cyber-security tool which is developed in the Python language that has the potential to search for queries, identify and get the following file types (pdf, xls, xlsx, csv, doc, docx, ppt, pptx) from a given target domain using Google and Bing scraping engines. PyMeta tool
2 min read
Dome – Python Script To Obtain Subdomains And Search For Open PortsDome is an automated cyber-security tool developed in the Python language that is used in the process of subdomain enumerations. This subdomain can be tested for getting the bugs out of it. The Dome tool has an active and passive mode for the enumeration process. Dome tool is available on the GitHub
3 min read
GONET-Scanner - Golang Network Scanner With Arp Discovery And Own ParserGONET-Scanner tool is an automated cyber-security tool that is developed in the Golang language and can be used in the process of Network Scanning. GONET-Scanner tool has the potential to find the open ports on the specified IP address range. This tool is available on the GitHub platform for free. I
2 min read
nrich - Tool to Quickly Analyze all IPsNrich tool is a terminal-based cyber security tool that has the potential to quickly analyze all IPs in a file or from direct input and see which ones have open ports/ vulnerabilities. This tool is a completely automated tool that is developed in the Shell Script language. This tool is officially av
2 min read
CyberScan - Network's Forensics ToolKitCyberScan is an open-source penetration testing tool that can analyze packets, decoding, scanning ports, pinging, and geolocation of an IP including (latitude, longitude, region, country.) CyberScan tool is an automated tool developed in Python. CyberScan tool is fully automated and it is available
3 min read
IP Rover - OSINT tool to get information of any IP addressIP Rover is a free and open-source tool available on GitHub. IP Rover is one of the famous tools to find information about an IP address and domain. It is used by security researchers and penetration testers in the early stages of penetration testing and reconnaissance. IP Rover is an (OSINT) which
2 min read
Ipsourcebypass - Python Script To Bypass IP Source Restrictions Using HTTP HeadersIpsourcebypass tool is an automated cyber security tool that can be used in the process of bypassing IP source restrictions using HTTP headers. Ipsourcebypass tool is developed in the Python language and it supports Python3. This tool is also available on the GitHub platform for free. Ipsourcebypass
2 min read
DircoverRB - Passive subdomains and web directories recon using BingGoogle search engine preferably dislikes the scrapers which are used for the information collection or for crawling. So to get the information Bing search engine is been used. DircoverRB is an automated cyber security tool developed in the Ruby language which finds the passive subdomains and also di
2 min read
CloudBuster – A Cloudflare ResolverSecuring Web applications from DOS, DDOS, XSS, SQL Injection attack is very much essential in this digital era. Many web applications use a wall in front of their server to save the server from these types of attacks, and this wall is known as Cloudflare. To detect whether the target application use
2 min read
Astsu - Network Scanner ToolAstsu is a free and open-source tool available on GitHub. Astsu is written in python language. You must have python language installed in your kali Linux operating system in order to use this tool. Astsu works as a scanner on the network. Astsu is used to scan a network using the IP address. Astsu c
3 min read
Crawpy - Yet Another Content Discovery ToolCrawpy is a free and open-source tool available on GitHub. This tool is a free and open-source tool this means you can download and install this tool free of cost. This tool is also called yet another content discovery tool written in python language. Crawpy is developed to work asynchronously this
2 min read
Espionage - Network Packet And Traffic InterceptorEspionage is a free and open-source tool available on GitHub. This is a free tool that can be downloaded and installed free of cost. Espionage is a network sniffer. Espionage performs sniffing on data packets of the network. Espionage is used to intercept data packets at the time when data is passed
2 min read
UDP-Hunter - Network Assessment ToolUDP-Hunter is a free and open-source tool available on GitHub. UDP-Hunter is written in python language. You must have python language installed in your kali Linux operating system in order to use the tool. UDP-Hunter is used for UDP scanning. UDP-Hunter scans all the UDP services on a network. UDP-
2 min read
File and Data Manipulation
Web Application Security and Exploitation
SQLiv – Massive SQL Injection ScannerSQL Injection is one of the trending and high impactful attacks on the web application. We can perform the scanning process of SQL Injection through automated tools like SQLMap etc. But, there is one of the best tools known as SQLiv tool which is a massive SQL Injection Scanner that can also find th
2 min read
XIRA - XSS Vulnerablity ScannerXIRA is a clever XSS detection tool that looks for reflected cross-site scripting (XSS) vulnerabilities using human methodologies. This tool based on python3 is a Python-based automated cyber-security program that can search for queries, and identify XSS vulnerabilities. XIRA Tool, You can use the G
2 min read
WhatWaf - Detect And Bypass Web Application Firewalls And Protection SystemsWhatWaf is a cyber-security tool with an automated approach built to detect the firewall and protection details on the target domain server. This tool can help the tester to understand the security system used by the target server and can prepare the attack plan through these details. WhatWaf tool i
2 min read
PyPhisher - Simple Python Tool for PhishingPhishing is a social-engineering attack in which the attacker targets the victim's brain for getting critical details like usernames, passwords, etc. In Phishing the clone of the genuine page is been created to bluff the victim and capture the credentials. For example, we can create a phishing page
2 min read
Packer-Fuzzer - Fast And Efficient Scanner For Security Detection Of WebsitesPacker-Fuzzer is a scanning tool for fast and efficient security detection of websites constructed by front-end packaging tools such as Webpack. This tool is developed in the Python Language and is available on the GitHub platform for free. It's an open-source tool so you can also contribute to it.
2 min read
Second-Order - Subdomain Takeover ScannerThe Second-Order tool is a cyber security-based tool that is used in the scanning of web applications for crawling the application and collecting the sensitive parameterized URLs and other data which match certain patterns and rules. This tool is developed in the Golang language and is available on
2 min read
Shellfinder - Simple Tool to Find Shells and Endpoints in WebsitesA shell is a malicious PHP file executed by accessing it via a web browser. It is a PHP script allowing the attacker to control the server - essentially a backdoor program, similar in functionality to a Trojan for personal computers. Shellfinder tool finds the route through which this malicious file
2 min read
SpoofThatMail - Check If Domain(s) Can Be Spoofed Based In DMARC RecordsDMARC is a standard email authentication protocol that is designed to assign email domain owners the power to save their respected domains from unauthenticated uses which are also known as spoofing of email. So to check whether the domain is vulnerable to email spoofing we have an automated scanner
2 min read
Tplmap - Tool For Automatic Server Side Template Injection ExploitationServer-side template injection is a security flaw in which the hacker injects malicious input into a template to run commands on the server-side. We can use various automated tools to perform this vulnerability exploitation. Tplmap is an automated cyber security tool that can perform checking and ex
2 min read
Tulpar - Web Vulnerability Scanner ToolTulpar tool is an automated cyber security tool that is used to gather basic information about the target domain along with this. Tulpar tool is also used in the phase of Vulnerability Scanning. This tool can find security flaws like XSS, SQL Injection, Command Injection, and many more. Tulpar tool
2 min read
Altair - Open Source Modular Web Vulnerability ScannerVulnerability Scanning is the methodology to detect the security flaws in the target domain. We can detect these flaws by the manual method in which we can test the HTML elements like buttons, input boxes, and many more. But this approach is a bit lengthy approach, so we can use automated tools. Alt
2 min read
Blazy – Open Source Modern Login Brute-forcerBrute-Forcing is the most lengthy password cracking process, but the Blazy tool is not just a brute-force tool, it can also check for CSRF (Cross-Site Request Forgery), Clickjacking, Cloudflare hosts, and even for WAF Vulnerabilities in the target application. Blazy tool is a multi-threading tool an
2 min read
SQLbit - Automatize Boolean-Based Blind SQL InjectionsSQL Injection or SQLi is the web application security flaw where the hacker or intruder can mislead with the SQL queries that a web application makes to its storage database. This can lead to viewing data, inserting data, manipulating data without having authorized access. The data which is manipula
3 min read
WhatCMS - CMS Detection and Exploit KitWhatcms tool is an automated tool that is capable of detecting the CMS information about the target domain. This tool also gas the exploit kit with multiple sub-tools integrated into it. In the current scenario, the Whatcms tool can detect 33- different CMS applications and services. All the results
2 min read
Smuggler - HTTP Request Smuggling / Desync Testing ToolSmuggler is a free and open-source tool available on GitHub. The smuggler tool is used to perform HTTP request smuggling attacks on a domain. HTTP request smuggling is an attack that is performed when a website is processed from the server to the browser. This vulnerability can be used by hackers fo
2 min read
NTLMRecon - Tool To Enumerate Information From NTLM Authentication Enabled Web EndpointsNTLMRecon is a free and open-source tool available on GitHub. This tool is used for the NTLM reconnaissance tool without the installation of dependencies. This tool is very useful for security researchers while reconnaissance about NTLM endpoints. The tool needs potential IP addresses and domains. T
2 min read
Blackeye Phishing Tool in Kali LinuxBlackeye is a powerful open-source tool Phishing Tool. Blackeye is becoming very popular nowadays that is used to do phishing attacks on Target. Blackeye is an easy Social Engineering Toolkit. Blackeye contains some templates generated by another tool called Blackeye. This tool makes it easy to perf
2 min read
X Attacker Tool - Website Vulnerability Scanner and Auto ExploiterXATTACKER tool is an automated approach tool used for scanning and also exploiting the target web applications. XATTACKER tool is developed in the Perl language and it's faster to use. You need to specify the target domain list and the rest of the work is done by the tool. This tool has the capabili
2 min read
Information Gathering and OSINT
openSquat - Domain Squatting and Phishing WatchdogopenSquat is an Open-source Intelligence (OSINT) cyber-security tool to specify cybersquatting dangers to specific companies or domains, such as Phishing campaigns, Domain squatting, Typosquatting. This tool supports saving the results in the JSON and CSV file format. openSquat tool is developed in
3 min read
Mr.Holmes - Information Gathering OSINT ToolMr.Holmes is a free and open-source tool available on GitHub. Mr.Holmes is used for information gathering. Mr.Holmes is a tool that is used to perform reconnaissance on domains, usernames, and phone numbers. Mr.Holmes works on open-source technology. Mr.Holmes gathers all information that is open so
2 min read
Labsecurity - Framework for ethical hacking and computer securityLabsecurity is a free and open-source tool available on GitHub. Labsecurity Is a framework that is used by security researchers and pen-testers in the early stages of reconnaissance. Labsecurity is used for scanning IP and extracting useful information from the website. Labsecurity is a framework th
2 min read
Onex - Hacking Tools LibraryOnex is a free and open-source tool available on GitHub. Onex is a complete installer library for Kali Linux which has 370 tools. onex allows installing any of these tools or all the tools simultaneously. These tools are very useful to security researchers and penetration testers. Onex gives the fun
2 min read
SourceLeakHacker - Multi Threads Web Application Source Leak ScannerSourceLeakHacker is a multi-thread web directories scanner. This tool is a fully automated cyber security tool that is designed and developed in Python. This tool is freely available on the GitHub platform. You can also contribute to it. This tool can also work with a list of multiple target URLs at
2 min read
ShonyDanza - Tool For Researching, Pen Testing, And Defending With The Power Of ShodanShodan is a special search engine that collects data about the device connected to the internet. It is a beneficial tool for Bug Bounty Hunters, Penetration Testers, Hackers, and many security-related actors. We can use the CLI version of Shodan through the means of an automated tool named ShonyDanz
2 min read
sigurlfind3r - Passive reconnaissance tool for known URLs discoveryURLs can be beneficial to security researchers for getting a valid bug. URLs carry the information from the client to the server. Various parameters are been used in the URL. These parameters can be used to inject XSS malicious code, Open Redirection check, and many more. So to discover these URLs,
2 min read
Snallygaster - Scan For Secret Files On HTTP ServersSome of the files present on the server need to be kept safe from public access, as these can have a bunch of sensitive data like version details, certificates, API keys, and a lot more. So to identify these secret files we have an automated tool names snallygaster. Snallygaster tool is a fully auto
2 min read
Webscreenshot - Simple Script To Screenshot A List Of WebsitesPenetrating a large scope domain can be difficult, as this domain can consist of various subdomains. So to visit each subdomain manually is a very much challenging task, as some of the subdomains may be dead subdomains. So what if we can click a screenshot of all subdomains in a single click. Yes, t
2 min read
Token-Hunter: Collect OSINT for GitLab groups and membersToken-Hunter is a free and open-source tool available on GitHub. This tool is based upon the technology of OSINT. This tool is a free and open-source tool it means you don't have to give any amount to anyone. Download and install this tool free of cost This tool is used as intended to complement dif
2 min read
Maryam v1.4.0 - Open-source Intelligence(OSINT) FrameworkMaryam v1.4.0 is a free and open-source tool available on GitHub. Maryam is based upon Open Source Intelligence (OSINT), the easiest and useful tool for reconnaissance. Maryam interface is very similar to Metasploit 1 and Metasploit 2. Maryam provides a command-line interface that you can run on Kal
2 min read