Browsing category
The framework consists of a huge collection of tools sorted in terms of purpose, in categories from Information gathering to post exploitation. You can find the Github Repo HERE git clone https://github.com/Manisso/fsociety.git [email protected]:~/fsociety# chmod +x install.sh [email protected]:~# fsociety Password Attacks For password attacks, the package consists of Cupp – To generate password list, Ncrack – […]
Trape is a tool written in python that can aid in tracking a client after utilising a phishing attack. When a victim clicks on the phishing url, the tool captures the client victim ip address, location, and sessions of the some popular web services. Some well-known supported web services Amazon, Dropbox, Facebook, Instagram, Gmail, Tumblr, […]
Social Mapper is an open source tool that searches for profile information from social media sites, such as Facebook, Instagram, LinkedIn, Google+, Vkontakte and microblogging websites like Weibo and Douban. The tool uses names and photos as input to scan social media profiles of the people on mass. Target names and photos can be provided […]
Cr3dOv3r is an open source tool that helps in finding credentials reuse attack for any specific email address. The tool makes use of the ‘haveibeenpwned’ API to find the possible leaks for the provided email address. The tools also searches for the plaintext password against the provided email address. Cr3dOv3r also tests the provided credentials’ […]
Reconnaissance is one of the first steps to conduct within a pen test engagement. During this stage, information is gathered using different tools and sources. Some web applications may hide web resources from public, there is however a way to discover the hidden content. Cansina is one such open source tool that helps aid in […]
Evilginx is framework that is able to steal user credentials through a man in the middle attack. Evilginx uses the Ngnix HTTP proxy module (proxy_pass) to pass client requests to the desired server for the intercepted client-server traffic, in order to block the user from redirecting to the actual website, Evilginx uses another module called […]
Routersploit is an open source framework used for exploiting vulnerabilities in embedded devices like routers. Routersploit is loaded with various modules that help the tool perform its functionality. These modules can be divided into the following categories. (a) Scanner Modules: Scanner modules are responsible for finding the vulnerabilities in the routers or embedded devices. (a) […]
Thinking someone is spying on you is one of the most unsettling feelings ever, I must say. While the victim may hate this, there are indeed people out there who gain pleasure in spying and tracking, whether for nefarious purposes or just for the fun of it. Put your mind at ease by getting the […]
Zarp is a powerful tool used for scanning and attacking networks. The tool is capable of launching the denial of service attacks, poisoning the network, sniffing different systems, scanning for running services, managing sessions, and dumping information. Installing Zarp Zarp can be installed on the system by cloning the GIT repository. git clone https://github.com/hatRiot/zarp.git Although […]
So what is this phishing tool all about? Blackeye is tool scripted in shell to perform phishing attack inside and outside LAN combined with ngrok. It can be used for social engineering related pen testing jobs, it may also come in handy for red teaming when trying to gather passwords that could be used elsewhere. […]
Sqlmap is an open source tool used to test the SQL injection vulnerabilities within web applications. The tool requires Python 2.6.x and 2.7.x. The tool is capable of databases fingerprinting, fetching data from the databases, accessing the database file systems, and running different commands on the target server. The tool can be installed by cloning […]
Webpwn3r is a powerful scanning tool, written in Python, to detect remote command execution vulnerabilities, cross site scripting attacks, and database weaknesses in the web applications. The current version of the tool has the ability to scan a single url or list of urls provided in a text file. The tool is able to provide […]
So what is this Osueta script all about? Osueta is a powerful python script used for exploiting the OpenSSH vulnerabilities through User-Enumeration Time based attack methodology. With a User-Enumerated Time based attack, the attacker searches for usernames on a target server. The attack is unique in the sense it makes the brute force attack more effective […]
So what is this tool all about? Golismero is an open source framework, used for mapping web applications and finding vulnerabilities. The tool is designed to be used by penetration testers and red teamers to aid in finding web application flaws by bringing together a number of other pen testing tools. The tool is a […]
What is this dumpster diving tool you speak of? The creator of this tool has given us an exclusive insight. LHN have drawn the conclusion that despite many cyber security professionals cringing at the American name ‘DumpsterDiver’ this tool is actually pretty nifty. One of the defining features is that it uses Shannon Entropy (complex […]
Commix is a command injection exploitation tool used for testing command injection vulnerabilities in web applications. Command injection, also known as shell injection is achieved through vulnerable applications. For the attack to be successful, the application must pass unsecure user supplied data to the system shell. The tool is written in Python language. Who can […]
So what is this Lynis tool all about? Lynis is a security tool used for auditing Unix based systems it’s main aims are to achieve automated security auditing, compliance testing for standards such as ISO27001, PCI-DSS and HIPAA. It also offers vulnerability detection for areas of the system that could be vulnerable to issues such […]
Phishing is a classic favorite attack of hackers. Not only that it provides easy access to victims’ accounts by merely tricking them to key in their credentials, the setup is also pretty easy to do. This article will feature one of the tools that we found on GitHub – SocialFish. It has always been a […]
Today LHN have been looking at Airgeddon, on initial inspection it seems to be a multi purpose all-in-one Swiss army knife tool for hacking WiFi, the tool is pretty extensive, with over 11 thousand lines of bash goodness. This tool is free to download from GitHub and supports multiple Linux based platforms. So what does […]