Browsing category
Morpheus is an open source framework that can launch multiple attacks on the network using applications, such as ettercap, msgsnarf, tcpkill, and urlsnarf. The tool’s main objective is to manipulate the tcp/udp data using these backend applications. Some major tasks that can be performed using the Morepheus framework include https credentials stealing, web browsers traffic […]
XSStrike is an open source tool that detects Cross Site Scripting vulnerabilities and exploits them. The tool is equipped with a powerful fuzzing engine that increases the accuracy of the tool. The promising features of the tool include the following. XSStrike is equipped with a powerfull fuzzy engine for accurate results. The tool possesses context […]
Leviathan is an open source toolkit that can be used for auditing networks and web applications. The types of audits that can be performed with Leviathan include discovery of services running on machines, identifying SQL injections in web applications, analyzing the possibility of bruteforce attacks on discovered machines, and testing the security of pre-discovered machines […]
CMSeek is a python tool that is used to detect Content Management System (CMS) within a target website, it can extract useful information like CMS version, installed themes, plugins, usernames, CMS files, and looks for possible vulnerabilities for the identified CMS version. CMSeek can detect more than 130 CMS’s. The CMS detection is performed through HTTP […]
Evilgrade is a modular framework that takes over target machines by injecting fake updates in poorly updated systems using a MITM attack strategy. Evilgrade has a WebServer and DSNServer modules to work as part of the MITM attack framework. Evilgrade requires the manipulation of the victim’s DNS traffic to operate. This can be achieved by […]
CrackMapExec(CME) is a post exploitation tool that can be used for tasks like cracking administrative rights and mapping active directory networks. Active directory is a windows OS utility that provides services like protocols to access other directories in the network, security services through SSL and Kerberos authentication, organizational data storage in a centralized location, and […]
Zeus scanner is an open source tool used for reconnaissance and vulnerability assessments of web applications. The tool is equipped with a powerful parsing engine to extract cached web pages from multiple search engines. During parsing, the robots.txt and sitemap.xml files information of target host is saved in a file on the local system. The […]
Vega is a GUID based open source tool used for testing the security of web applications. The tool can be used to test for disclosure of sensitive information, such as SQL injection, blind SQL injection, reflected cross Site scripting, stored cross site scripting, shell injections, and file inclusion vulnerabilities. A complete list of scanning modules […]
Researchers from universities in Sweden and the UK have discovered a new method to turn the built-in speaker and the microphone from a smartphone into a crude sonar system that steals unlock patterns from Android Devices. The method was named SonarSnoop as it uses sound waves to track a user’s finger position across the screen. […]
Droopescan is a python based scanner that is used to scan the web applications that utilise Drupal, SilverStripe, and WordPress. The types of information that can be analyzed with Droopescan are those of plugins, themes, versions, and urls like admin panels. This information is useful in identifying known vulnerabilities associated with specific themes and plugins. […]
ARPwner is a GUI based tool that can perform tasks like ARP and DNS spoofing. Through ARP and DNS spoofing, the attackers can steal sensitive information by eavesdropping on the network. Address Resolution Protocol, simply called ARP, is a communication protocol that is used to map IP addresses to physical addresses, e.g MAC address of […]
TIDoS framework is a python based toolkit that performs a comprehensive audit of the web applications. The toolkit is packed with a number of modules with specific objectives, such as reconnaissance, open source intelligence, scanning + enumeration, and vulnerabilities analysis. TIDoS framework can perform both types of reconnaissance i-e active and passive reconnaissance. In passive […]
Raccoon is an offensive security tool known for reconnaissance and information gathering. The tool can extract useful information about the target host, such as DNS details, DNS mapping, WHOIS record, Port Scanning, TLS data (TLS version, supported ciphers, certificates), URL fuzzing, subdomains enumeration, and Web Application Firewall (WAF) information. Moreover, the tool is capable of […]
Tplmap is a python tool that can find code injection and Server Side Templates Injection (SSTI) vulnerabilities by using sandbox escape techniques. The tool is capable of utilising a SSTI in a number of template engines to gain access to the target file system or operating system. Some of the supported template engines include PHP […]
W3af is a GUI based framework that helps in auditing and identifying vulnerabilities in web applications. The tool is loaded with a number of useful plugins that can scan a website for more than 200 types of vulnerabilities. The currently available plugins include audit, auth, bruteforce, crawl, evasion, grep, infrastructure and mangle. Each plugin has […]
Net Creds is a free tool that sniffs passwords and hashes from a network interface. The tool launches a MITM attack to capture network packets, and ultimately the login credentials. The MITM attack works for the protocols that send credentials in clear text. The example protocols include HTTP, TELNET, POP, SNMP, IMAP, and NNTP. These […]
Security company NCC Group have released an open source tool for penetration testing named Singularity, the tool allows security researchers to test for rebinding attacks. A DNS Rebinding attack allows a website to create a fake DNS name and force visitors to run a client-side script that attacks other hosts on the network. This technique can […]
The Operative Framework tool can be used within a red team/social engineering engagement to collect information regarding websites and enterprises. The tool is capable of finding useful information, such as employees, Linkedin profiles, Emails, subdomains, Whois information, reverse ip lookup information, database file information and much more. Furthermore, one can set a fingerprinting campaign for […]
RapidScan is a python based scanning tool used for analyzing vulnerabilities in web applications. The tool is equipped with scanning utilities, such as Nmap, Golismero, Nikto, Uniscan, and Dnsrecon. The tool runs these utilities to find vulnerabilities in web applications. Some well-known checks performed by the tool include XSS, SQLi, DNS zone transfer, Local File […]
XAttacker is a perl tool capable of scanning and auto-exploiting vulnerabilities in web applications. By providing a target website to the tool, it auto detects its’ architecture if using a Content Management Service (CMS) and tries to find vulnerabilities based on the detected CMS. Currently supported CMS include WordPress, Joomla, Drupal, PrestaShop, and LokoMedia. How […]
Fluxion is a wifi security analysis tool that can simulate wifi attacks using the MITM technique. The tool can create rogue access points and steal wifi credentials through phishing. The tool also tries to obtain WPA/WPA2 encryption hashes through handshake process. Fluxion Installation Run the following command in order to clone the Fluxion from github […]