SBM Labs

Cyber Security Collaboration Project

p|d - Pass phrase cracking tool
18 Sep 2017

Phrasen|drescher (p|d) is a modular and multi processing pass phrase cracking tool. It comes with a number of plugins but a simple plugin API allows an easy development of new plugins. The main features of p|d are:

- Modular with the use of plugins
- Multi processing Go to phrasendrescher

Crowbar | Brute Forcing Tool
18 Sep 2017

Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. Currently it supports:

- OpenVPN (-b openvpn)
- Remote Desktop Protocol (RDP) with NLA support (-b rdp)
- SSH private key authentication (-b sshkey)
- VNC key authentication (-b vpn) Go to crowbar

Gophish | Open Source Phishing Framework
05 Jul 2017

Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations.

This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish. Go to Gophish

Online Password Hash Crack - MD5 NTLM MySQL Wordpress Joomla WPA
25 May 2017

Send us your hashes here. We support MD5, NTLM, LM, MYSQL, SHA1, PHPass and OSX. See full hash acceptance list here. For other algorithm (VBulletin, Unix, Salted, etc): contact us! Want to know what's next? Go to Online Password Hash Crack

Hash Killer, Over 1.45387 trillion decrypted hashes in total
25 May 2017

HashKiller's purpose is to serve as a meeting place for computer hobbyists, security researchers and penetration testers. It serves as a central location to promote greater security on the internet by demonstrating the weakness of using hash based storage / authentication. Go to Hash Killer

Leak Forums
06 May 2017

LeakForums is a general discussion community where you can participate in active discussions, make new friends, find great leaks, earn awesome awards, win freebies and so much more. Go to Leak Forums

flAWS Challenge
06 May 2017

Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). There are no SQL injection, XSS, buffer overflows, or many of the other vulnerabilities you might have seen before. As much as possible, these are AWS specific issues. Go to flAWS Challenge

Siege | HTTP Load Testing
18 Apr 2017

Siege is an http load testing and benchmarking utility. It was designed to let web developers measure their code under duress, to see how it will stand up to load on the internet. Siege supports basic authentication, cookies, HTTP, HTTPS and FTP protocols. It lets its user hit a server with a configurable number of simulated clients. Those clients place the server “under siege.” Go to Siege

Vulners | Vulnerability Database
27 Mar 2017 is the security database containing descriptions for large amount of software vulnerabilities in machine-readable format. Cross-references between bulletins and continuously updating of database keeps you abreast of the latest information security threats. Go to Vulners

Have I been pwned?
27 Mar 2017

I'm Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.

I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. Go to haveibeenpwned

MsgViewer | Email-viewer utility
21 Mar 2017

MsgViewer is email-viewer utility for .msg e-mail messages, implemented in pure Java. MsgViewer works on Windows/Linux/Mac Platforms. Also provides a java api to read mail messges (msg files) programmatically. Go to MsgViewer

10 Mar 2017

WikiLeaks is a multi-national media organization and associated library. It was founded by its publisher Julian Assange in 2006.

WikiLeaks specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses. Go to WikiLeaks

Google Safe Browsing | Lookup API (v4)
07 Feb 2017

The Safe Browsing APIs (v4) let your client applications check URLs against Google's constantly updated lists of unsafe web resources. Examples of unsafe web resources are social engineering sites (phishing and deceptive sites) and sites that host malware or unwanted software. Any URL found on a Safe Browsing list is considered unsafe. Go to Google Safe Browsing Lookup API

Moocher | Reputation API and Anti-Abuse Service for Developers
07 Feb 2017

Check multiple lists of IP addresses, domains and emails from a single pane of glass either from the web or our REST API.

Integrate our API in your applications and microservices. Our response times are measured in milliseconds, serving thousands of requests per second in different geographical areas. Go to Moocher Reputation API

Cymon | Open Threat Intelligence
07 Feb 2017

Cymon is the largest tracker and aggregator of security reports. It ingests events about malware, botnets, phishing, spam and other malicious activities from almost 200 sources daily. On average, more than 15,000 unique IPs and 50,000 events are processed each day. Go to Cymon API

NoDistribute | Online Virus Scanner Without Result Distribution
06 Jan 2017

Why would I care whether the results are distributed or not?
For your own privacy and the privacy of your files, you may not want to share the contents of your files with the antivirus companies.

How does it work?
We use an API from a reliable provider (Scan4You) which has been around for years. If you are interested in their services, then you can find them at Go to NoDistribute

PowerShell Empire | Building an Empire with PowerShell
05 Jan 2017

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. Go to PowerShell Empire

FakeFileMaker | Right to Left Override (RTLO) Technique
22 Dec 2016

Using FakeFileMaker tool you can do right-to-left override “RTLO” in the filename section and perform social engineering attack. Go to FakeFileMaker

IOC Editor | Indicators of Compromise Editor
14 Dec 2016

The FireEye Indicators of Compromise (IOC) Editor is a free tool that provides an interface for managing data and manipulating the logical structures of IOCs. IOCs are XML documents that help incident responders capture diverse information about threats, including attributes of malicious files, characteristics of registry changes and artifacts in memory. Go to IOC Editor

SPID | Statistical Protocol IDentification
07 Dec 2016

A proof-of-concept application of the Statistical Protocol IDentification (SPID) algorithm. SPID can detect the application layer protocol (layer 7) by analysing flow (packet sizes etc.) and payload statistics (byte values etc.) from pcap files. Go to SPID

Network Miner | Network forensics tool for analyzing network traffic
07 Dec 2016

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. Go to NetworkMiner

Masker | Hide files and folders, encrypt and protect
05 Dec 2016

Masker is a program that encrypts your files so that a password is needed to open them, and then it hides files and folders inside of carrier files, such as image files, video, program or sound files. The strong encryption up to 448-bit and password protection makes the hidden data inaccessible for unauthorized users! Only you using your password are able to open and extract your hidden files. You can hide any files, and even whole folders with sub-folders! The carrier file will remain fully functional! Images can be viewed, sounds can be played and videos can be displayed on the monitor. Go to Masker

Zone-H | Defacements
03 Dec 2016

A defacement is considered in all countries an unauthorized computer access, a denial of service action therefore a CRIME under all means, even if you don't think so. The activity of defacing to warn the administrator of a bugged server about its vulnerable status is considered a crime too and a questionable ethical conduct. Zone-H accepts your notifications but doesn't support, condone, justify at all any defacing activity. Instead, we welcome you to stop such activity or else you might face the same destiny of some notorious defacers who got arrested and jailed. Go to Zone-H

OSForensics | Forensics Solution
02 Dec 2016

OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.

It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively. Go to OSForensics

WinHex | Computer Forensics & Data Recovery Software
02 Dec 2016

WinHex is a universal hex editor, particularly helpful in the realm of computer forensics, data recovery, low-level data editing.

The disk editor specially supports the following file systems: FAT12, FAT16, FAT32, NTFS. Useful to inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. This hex editor opens files larger than 4 GB in a second. Very fast in general. Easy to use. Go to WinHex

XXD | Make a hexdump or do the reverse
01 Dec 2016

XXD creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form. Like uuencode(1) and uudecode(1) it allows the transmission of binary data in a `mail-safe' ASCII representation, but has the advantage of decoding to stan‐dard output. Moreover, it can be used to perform binary file patching. Go to XXD

Shodan | Search engine for Internet-connected devices
15 Jun 2016

Shodan is a search engine that lets the user find specific types of computers (routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are meta-data the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server. Go to

Netcraft | Internet Research, Anti-Phishing and PCI Security Services
21 May 2016

Netcraft provide internet security services including anti-fraud and anti-phishing services, application testing and PCI scanning. We also analyse many aspects of the internet, including the market share of web servers, operating systems, hosting providers and SSL certificate authorities. Go to