Hacking Tools

SmuggleFuzz is a tool designed for rapid and customizable scanning of HTTP downgrade smuggling vulnerabilities. It provides users with the ability to define their own gadget lists, allowing for deeper insights into the reasons behind failed smuggling attacks.

go-dork is a powerful and efficient command-line tool written in the Go programming language. It is designed to be the fastest dork scanner available, streamlining the process of conducting advanced Google dork queries. The tool supports various search engines, including Google, Shodan, Bing, DuckDuckGo, and Yahoo. It also provides an array of flags and options for customization, allowing users to tailor their searches based on specific criteria. This makes it an indispensable asset for security researchers, bug bounty hunters, and penetration testers.

Bob the Smuggler is a tool that leverages the HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypts the archive and then hides it inside PNG/GIF image file format (Image Polyglots). The JavaScript embedded within the HTML will download the PNG/GIF file and store it in the cache. Following this, the JavaScript will extract the data embedded in the PNG/GIF, assemble it, perform XOR decryption, and then store it as an in-memory blob.

apk2url is a tool that easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints associated with an application.

msoffcrypto-tool is a Python tool and library for decrypting encrypted MS Office files with password, intermediate key, or private key which generated its escrow key. It supports various MS Office file formats, including Word (MS-DOCX), Excel (MS-XLSX), and PowerPoint (MS-PPTX).

SessionProbe is a multi-threaded tool designed for pentesting and bug bounty hunting. It evaluates user privileges in web apps by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.

Troll-A is a command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files. Troll-A is an easy-to-use, comprehensive, and fast solution for finding secrets in web archives.

sn0int is a semi-automatic OSINT framework and package manager designed for IT security professionals, bug bounty hunters, law enforcement agencies, and individuals seeking to gather intelligence about a target or themselves.

PassDetective is a command-line tool that scans your shell command history for mistakenly written passwords, API keys, and secrets. It uses regular expressions to identify potential sensitive information and helps you avoid accidentally exposing sensitive data in your command history.