Browsing category
Hey Guys, In this video i show you a great Web Application Security Scanner called Spaghetti. Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Spaghetti:https://github.com/m4ll0k/Spaghetti Installation: […]
Hey Guys, In this video i show you a great Security Auditing Tool for Unix/Linux Systems called Lynis. Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more […]
Eternal scanner is an network scanner for Eternal Blue exploit CVE-2017-0144 (Eternal Blue). Eternal Scanner:https://github.com/peterpt/eternal_sc… Requirements: • masscan • metasploit-framework Install Requirements: • apt-get install masscan metasploit-framework How to Install: • git clone https://github.com/peterpt/eternal_sc… • cd eternal_scanner && ./escan • OR ./escan -h (to change scanner speed) Video Tutorial: Download Premium WordPress Themes Free Download […]
Hey Guys, In this video i show you a fast and small SQL Injection Scanner. Damn Small SQLi Scanner (DSSS) is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. Damn Small SQLi Scanner (DSSS):https://github.com/stamparm/DSSS Blog Post:http://pentesttools.net/2017/09/damn… Requirements: Python version 2.6.x or 2.7.x is required […]
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more information, read the license. Only […]
A python program to create a fake AP and sniff data new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Features: SSLstrip2 Driftnet Tshark Full featured access point, with configurable speed limit mitmproxy Wireshark DNS Spoofing Saving results to file Requirements: Kali Linux / Raspbian with root […]
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for penetration testing purposes. It brings various modules together that will help you perform very efficient attacks. You can also use it to perform denial of service attacks and port scanning. Powered by bettercap and nmap. Dependencies nmap hping3 build-essential ruby-dev libpcap-dev […]
Sniffer is a C program that parses and interprets captured Ethernet traffic containing IP datagrams (UDP/TCP), and stores the captured payloads, email messages and HTTP cookies sent into files. General Supply any pcap file, produced by tcpdump, that contains a packet trace for the program to use as input: ./selected_parser [pcap_file] Packet parser […]
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on […]
Zeus is a advanced dork searching tool that is capable of bypassing search engine API calls, search engine captchas, and IP address blocking from sending many requests to the search engine itself. Zeus can use three different search engines to do the search (default is Google). Zeus has a powerful built in engine, automates a […]
Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? We have uncovered the way BITS maintains its jobs queue using a state file on disk, and […]
MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload. Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MSFPC itself). The rest is to make the […]
This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman (secp256k1) is used for key agreement and AES is used for encryption. By delivering the exploit code (and shellcode) to the victim in an encrypted way, the attack can not be replayed. Meanwhile the HTML/JS source is encrypted […]
It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, […]
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Features Multiple Injection points capability with multiple dictionaries Recursion (When doing directory bruteforce) […]
BitCracker is the first open source BitLocker password cracking tool. BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authentication mode of BitLocker (see picture below). Our attack has […]
Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning. Scannerl works on Debian/Ubuntu (but will probably work on other distributions as well). It uses […]
Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. Comprehensive DetectionDetects display, video and in-app based ad fraud, web scraping and other forms of invalid traffic from both mobile […]
BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools. In 2008 Adam Boulton spoke at AppSec USA (YouTube) and released […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb […]
Tinfoleak is a simple Python script that allow to obtain detailed information about a Twitter user activity Detailed information about any Twitter user: basic information about a Twitter user (name, picture, location, followers, etc.) devices and operating systems used by the Twitter user applications and social networks used by the Twitter user place and geolocation […]