Browsing category
PytheM – Penetration Testing Framework v0.6.6 Credits: m4n3dw0lf Download PytheM PytheM is a python multi-purpose pentest framework. It has been developed in the hope that it will be useful and I don’t take responsibility for any misapplication of it. Only runs on GNU/Linux OS. Examples ARP spoofing – Man-in-the-middle pythem> set interface [+] Enter the […]
smith Credits: jidir (Leave him a star on Github) Download Smith A client/server style agent meant for testing connectivity to and from a machine on a network. Installation python setup.py install or pip install . should install smith. Note: If you want to use the tcp/udp protocol options, you’ll need to install scapy and it’s […]
DAVScan Credits: Graph-X Download Davscan DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities. The scanner attempts to fingerprint the target server and then […]
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities Download Java-Deserialization-Scanner Credits: federicodotta Java Deserialization Scanner Java Deserialization Scanner is a Burp Suite plugin aimed at detect and exploit Java deserialization vulnerabilities. It was written by Federico Dotta, a Security Expert at @ Mediaservice.net. The plugin is made up […]
In this tutorial I will show you how to use TheFatRat to generate a Undetectable payload (FUD) to gain remote access to a Windows Operating System. What is TheFatRat ?. TheFatRat is a easy tool to generate backdoor’s with msfvenom (a part from metasploit framework) and easy post exploitation attack. This tool compiles a malware […]
Wireless Networks can leak a treasure trove of information. In this tutorial we will use Snoopy to find various Wireless Access Points and Access points a device is probing for this can help us determine the name to call our malicious SSID for a evil twin network. When a device is probing for Wireless Access […]
Macchanger is a tool that is used for manipulating the mac address of a wireless or wired network interface. Today I will show you show to spoof you mac address. Changing your mac address helps hide the identity of your hardwares network address and helps overcome limitations such as mac address filtering by routers […]
Social Engineering relies heavily on human interaction and deception, trickery you get the picture it is a specialist way of extracting data from somebody or a third party. Today i will show you how to harvest credentials in other words obtaining usernames and passwords or other data credentials that are entered. Almost every vulnerability is […]
In this article we will learn how to brute force a WPS key using Airodump-ng, Reaver with Pixie Dust addon if your running an older version of reaver update before starting this tutorial. WPA/WPA2 (Wi-Fi Protected Setup) is impelled by most manufactures to secure routers & other wireless devices. A Wireless Interface in Modern Terms is […]
Portspoof Effective defense against port scanners Short description: Art of Annoyance The Portspoof program primary goal is to enhance OS security through a set of few techniques: 1. All TCP ports are always open Instead of informing an attacker that a particular port is CLOSED or FILTERED a system with Portspoof will return SYN+ACK for […]
Embed a Metasploit Payload in an original Android Apk. Welcome back in the last part of the Android Hacking Series we discussed how to create a malicious payload to Hack Android Phones. Today you will learn how to make your malicious Android APK more convincing by injecting a hook of our payload into an original […]
Beelogger allows you to generate a keylogger in a document format which can be executed via emails Features Send logs each 120 seconds. Send logs when chars > 50. Send logs with gmail. Some Phishing methods are included. Multiple Session disabled. Bypass UAC. Prerequisites apt wine wget Linux sudo python2.7 python 2.7 on Wine Machine […]
A client/server style agent meant for testing connectivity to and from a machine on a network. Installation python setup.py install or pip install . should install smith. Note: If you want to use the tcp/udp protocol options, you’ll need to install scapy and it’s dependencies. Ubuntu has ‘apt-get install python-scapy’. You can also pip install […]
A website launched recently called FSEC or Futursec aiming to be a library for Hackers and computer enthusiasts. You will be greeted with a slider which has several well known individuals. Each slide represent a message or a quote of how they perceive the industry as screenshot below. In overall the website was well […]
TCHunt-ng attempts to reveal encrypted files stored on a filesystem. The program is successful in finding TrueCrypt, VeraCrypt, CipherShed containers, EncFS encrypted files, PGP/GPG encrypted messages, OpenSSH and PEM private keys, password databases, and files made up of random data. TCHunt-ng is a free software licensed under GPLv3. Methodology TCHunt-ng performs following tests against […]
Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Included In p0wnedShell – https://github.com/Cn33liz/p0wnedShell PowerShell Empire – https://github.com/PowerShellEmpire/Empire PS>Attack – https://github.com/jaredhaight/psattack How it works Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS […]
AN EXPLOIT taking advantage of a Windows Server zero-day security vulnerability has been released into the wild after Microsoft failed to issue a patch, despite having been warned of the problem three months ago. The proof-of-concept exploit, dubbed Win10.py, was released on Github last week by security researcher Laurent Gaffie. According to US CERT, the […]
autovpn is a tool to automatically connect you to a random VPN in a country of your choice. It uses openvpn to connect you to a server obtained from VPN Gate. Compiling First clone the repo and cd into the directory: $ git clone https://github.com/adtac/autovpn $ cd autovpn Then run this to generate the executable: […]
This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1) To use a module, run the command “use [module_call]”, e.g. “use apsniff”, to activate the module. 2) The modules options can be […]
Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. Kodachi is very easy to use all you have to do is boot […]
With the dynamics of persuasion that prove effective in a pentest, several painstaking means of making a payload has emerged, Insanity Framework provides speed and effectiveness in a single tool. Note: Insanity Payloads can delay 1 minute to connect, this is necessary for bypass more avs and sandboxes. DISCLAIMER: “DISCLAIMED. IN NO EVENT SHALL THE […]