Browsing category
WebRTC (Web Real-Time Communication) is a collection of communications protocols and application programming interfaces that enable real-time communication over peer-to-peer connections. This allows web browsers to not only request resources from backend servers, but also real-time information from browsers of other users.This enables applications such as video conferencing, file transfer, chat, or desktop sharing […]
Brute-force (dictionary attack, jk) attack that supports multiple protocols and services http://ex0dus-0x.github.io Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and services (including Twitter, Facebook, […]
This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements. Wifi-Dumper This is an open source tool to dump the […]
Man in the middle Proxy is An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers http://mitmproxy.org. Documentation & Help: General information, tutorials, and precompiled binaries can be found on the mitmproxy and pathod websites. http://mitmproxy.org DOWNLOAD MITMPROXY Credits: mitmproxy.org
OWASP Passfault evaluates passwords and enforces password policy in a completely different way. https://passfault-hrd.appspot.com Running the Command-line Interface: install java 8 jdk cd core ../gradlew installDist run build/install/core/bin/core Running the jsonWebService: cd jsonService ../gradlew build jettyRunWar browse to localhost:8080/jsonService Note the war will be located in jsonService/build/lib/passfault-jsonService-[version].war Running in Docker: Pull the Passfault image: docker […]
iptodomain This tool was created by Juan Esteban Valencia Pantoja it extracts domains information from IP address based in the information saved in virustotal. Description: This tool allows you to extract domains from a IP range, using the historic information archived in Virustotal(using API key). It is usefull if you want to know what domains are […]
HatCloud, built with Ruby. A simple tool to bypass CloudFlare to discover the real IP. This can be useful if you need to test your server and websites. Testing your protection against Ddos (Denial of Service) or Dos. CloudFlare is a service for distributed domain name servers, sitting between the visitor and the Cloudflare user’s […]
Umbrella is a file dropper dedicated to pentesting, it downloads a file on target system and then executes without the need of double execution. To compromise the same target again, you need to delete the following folder on target system : – C:UsersPublicLibrariesIntel Features Download executable on target system. Silent execution. If the exe already […]
Insanity-Framework to Generate Payloads and Control Remote Machines. Insanity-Framework ** VERSION 1.6 RELEASED !!! ** * Copyright 2017 Insanity Framework (IF) Written by: * Alisson Moretto – 4w4k3 Special Thanks to Thomas Perkins – Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has […]
Fluxion is a easy to use wifi cracker, to test your own network. Fluxion is the future of MITM WPA attacks Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). Latest builds (stable) and (beta) can be found here here. […]
Puppy Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from […]
WPS-SLAUGHTER is a tool that helps to automate the process of testing router WPS vulnerability to flood attacks using multiple* wireless adapters to see if it will reboot and UNLOCK. DOWNLOAD WPS-SLAUGHTER Credits to tool author: Trietptm-on-Security
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. https://www.trustedsec.com Welcome back today we will talk about Powershell downgrade attacks using uniscan and inject shellcode […]
Useful Msfvenom and Metasploit Commands The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Metasploit Framework, is a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is well known for its anti-forensic and evasion […]
SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands […]
Welcome back today we will talk about Man-in-the-middle attacks. In computer security, a man-in-the-middle attack (often abbreviated mitm, or the same using all capital letters) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. In this guide we will be […]
Slow Loris is Layer 7 Application (Protocol Attack) it was developed by Robert “RSnake” Hansen don’t be fooled by its power even a single computer could have the ability to take down a full web server single handedly Slowloris is a simple and powerful /DDOS attack it is also known as a low-and-slow Slowloirs is […]
Dr0p1t-Framework Dr0p1t-Framework A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks ? Credits: D4Vinci – https://github.com/D4Vinci/ Installation & run server On Linux and Windows it’s the same after installing Dr0p1t by doing the steps mentioned above, install modules in server_requirements.txt by using pip like : python -m pip […]
ABOUT Download Facebrok Credits: PowerScript facebrok is a social tool for exploiting social network accounts facebook, this platform brings together various Templates explotacion credentials for specific objectives. SF: http://sourceforge.net/projects/facebrok/ http://cave-rt.blogspot.co.uk/2015/06/como-instalar-y-usar-facebrok-project.html REQUIREMENTS PHP MYSQL INSTALLATION Extract the facebrok[Vs{LastVersion}].rar Upload files to server Install. Features tIME lINE |————————————————————->End-Time |-> News Vs 1.9 – 2016-10-12 |-> * New […]
wifijammer Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting. Requires: python 2.7, python-scapy, a wireless card […]
In this tutorial you will learn how to Hack any Android mobile phone using MSFVenom. Requirements Linux Based Operating System (In this tutorial we are using Kali Linux 2017.2) Metasploit Framework MSFVenom is a hacking tool that targets the Android operating system. The tool is a combination of MSFEncode & MSFPayload. Ok now lets get […]