Browsing category
HRShell: An advanced HTTP(S) Reverse Shell built with Flask HRShell is an HTTPS/HTTP reverse shell built with flask. It’s compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS, Kali Linux 2019.3 macOS Mojave Windows 7/10 Features It’s stealthy TLS support Either using on-the-fly certificates or By specifying a cert/key […]
Clone me! Clone or download the project: git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound cd SecurityNotFound “Installation” The src/404.php file should be located on the target server. That server must have the ability to execute .php files. Here is an example of some of the most common routes on which servers are located: # Windows (Xampp) C:Xampphtdocs […]
Rebel framework is an advanced and easy to use penetration testing framework.You can use it to automate the automation itself. START git clone https://github.com/rebellionil/rebel-framework.git cd rebel-framework bash setup.sh bash rebel.sh MODULES SCREENSHOTS DEMOS SUPPORTED DISTRIBUTIONS Distribution Version Check supported dependencies already installed status Kali Linux 4.4.0 yes yes working Parrot OS […]
A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. FDsploit menu: $ python fdsploit.py -h _____ ____ _ _ _ | __| ___ ___| |___|_| |_ | __| | |_ -| . | | . | | _| |__| |____/|___| _|_|___|_|_| |_|…ver. 1.2 Author: Christoforos Petrou (game0ver) ! usage: fdsploit.py [-u | -f […]
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITYSYSTEM SummaryRottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on 127.0.0.1:6666 and when you have SeImpersonate or SeAssignPrimaryToken privileges. During a Windows […]
BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when certain tools or […]
Set of tools for creating/injecting payload into images. Useful references for better understanding of pixload and its use-cases: Bypassing CSP using polyglot JPEGs Hacking group using Polyglot images to hide malvertising attacks Encoding Web Shells in PNG IDAT chunks An XSS on Facebook via PNGs & Wonky Content Types Revisiting XSS payloads in PNG IDAT chunks […]
Standalone python script for generating reverse shells easily and automating the boring stuff like URL encoding the command and setting up a listener. Download git clone https://github.com/t0thkr1s/revshellgen Install The script has 2 dependencies: pyperclip colorama You can install these by typing: python3 setup.py install Disclaimer This tool is only for testing and academic purposes […]
POC tools accompanying the blog Abusing Exchange: One API call away from Domain Admin. Requirements These tools require impacket. You can install it from pip with pip install impacket, but it is recommended to use the latest version from GitHub. privexchange.py This tool simply logs in on Exchange Web Services to subscribe to push notifications. […]
Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preference(e.g: Find that 100hp is too easy, try playing a game with a max of 1 HP), but also contains other usefull tools to help […]
A low interaction honeypot with the capability to be more of a medium interaction honeypot. HoneyPy is written in Python2 and is intended to be easy to: install and deploy extend with plugins and loggers run with custom configurations Feel free to follow the QuickStart Guide to dive in directly. The main documentation can be […]
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe […]
Ubuntu stealer, steal ubuntu information in local pc (nice with usb key) Require G++sudo apt-get install g++ libsqlite3sudo apt-get install libsqlite3-dev Compilation Go in Ustealer/ folder and run makefilemake Use./ustealer Download Ustealer Free Download WordPress Themes Download Nulled WordPress Themes Download Best WordPress Themes Free Download Download Best WordPress Themes Free Download ZG93bmxvYWQgbHluZGEgY291cnNlIGZyZWU= download […]
IP Obfuscator is a simple tool written in python to convert an IP into different obfuscated forms. This tool will help you to obfuscate host addresses into integer, hexadecimal or octal form. What is Obfuscation? “In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans to […]
An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect which device model is streaming Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp) Launch automated dictionary attacks to get the username and password of the cameras Retrieve a […]
Androspy is Backdoor Crypter & Creator with Automatic IP Poisener Coded By Belahsan Ouerghi Dependencies keytool jarsigner Apache2 Metasploit-Framework xterm Installation sudo apt-get install git git clone https://github.com/TunisianEagles/Androspy.git cd Androspy chmod +x setup.sh sudo ./setup.sh chmod +x androspy.sh sudo ./androspy.sh Tested on : BackBox Linux Kali linux Parrot os Contact Contact – Tunisian Eagles […]
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps. This software was created by Natsasit Jirathammanuwat during […]
Tested on Kali Linux. Should work with all Debian based distros (and other ones if you have the right packages installed) BabySploit is a penetration testing framework aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit. With a very easy to use UI and toolkit, anybody from any […]
AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide. […]
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of […]
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements “virtual commands” […]