Think, Talk, Hack

Browsing category

Exploitation Tools

Firebase Exploiting Tool – Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databases Prerequisites Non-standard python modules: dnsdumpster bs4 requests Installation If the following commands run successfully, you are ready to use the script: git clone https://github.com/Turr0n/firebase.git cd firebase pip install -r requirements.txt Usage python3 firebase.py [-h] [–dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4] Arguments: -h Show the help message […]

root

LNK-Kisser – PowerShell Link Payload Generator

Making FUD Shortcut (.lnk) payloads with LNK-KISSER to remote execute malicious code.   Shortcut-Payload-Generator Exploiting Powershell to make ShortCut Payloads [fud]. There is too much of awsome tricks there , u can make it better ^_^. For Ex : Killing tcpview , taskmanager ..etc while downloading. Set hidden attribs to the malware after downloading….etc G00d […]

root

Metateta – Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit

Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit For faster pen testing for large networks What You Can Do Scanning with all metasploit modules for specific network Protocol like smb,smtp,snmp Run all Auxiliary modules against specific network Protocol Run all Possible Metasploit Exploits for specific network Protocol That’s is not recommended for […]

root

SubOver v1.1.1 – A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it’s redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very […]

root

Terminator – Metasploit Payload Generator

Terminator Metasploit Payload Generator. Payload List : Binaries Payloads 1) Android 2) Windows 3) Linux 4) Mac OS Scripting Payloads 1) Python 2) Perl 3) Bash Web Payloads 1) ASP 2) JSP 3) War Encrypters 1) APK Encrypter 2) Python Encrypter The author does not hold any responsibility for the bad use of this tool, […]

root

ShellPop – Pop Shells Like A Master

Pop shells like a master Shell pop is all about popping shells. With this tool you can generate easy and sofisticated reverse or bind shell commands to help you during penetration tests. Don’t waste more time with .txt files storing your Reverse shells! Installation Python 2.x is required. 3.0+ version will not work.Required Dependencies Install […]

root

p0wnedShell- PowerShell Runspace Post Exploitation Toolkit

p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an “all […]

root

Arpag – Automatic Exploit Tool

arpa?: In Turkish mythology magical word means. The tool name arpag has been selected because it has made the exploit process automatic. Installation: git clone https://github.com/anilbaranyelken/arpag.git cd tulpar pip install -r requests Usage: arpag.py [-h] IP_address Exploit_status Port_baslangic Port_bitis Example Usage 1: python arpag.py 192.168.1.24 False 20 30 192.168.1.24 , The IP address is scanned […]

root

Parat – Python Based Remote Administration Tool (RAT)

Parat is a simple remote administration tool (RAT) written in python. Also you can read wiki! Change log: Compatible with both python 2 and 3 versions(dont forget that may causes some error.so please share us any error(s)) Do you want to try? Copy and paste on your terminal:git clone https://github.com/micle-fm/Parat && cd Parat && python […]

root

VENOM 1.0.15 – Metasploit Shellcode Generator/Compiler/Listener

The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ) injects the shellcode generated into one template (example: python) “the python funtion will execute the shellcode into ram” and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller […]

root

roxysploit – Penetration Testing Suite

roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field. Some containing Plugins in roxysploit Scan is a automated Information gathering plugin it gives the user the ability to have a rest while the best Information gathering plugin can be executed. Jailpwn is a useful plugin for […]

root

Meterpreter Paranoid Mode – Meterpreter over SSL/TLS connections

Meterpreter_Paranoid_Mode.sh allows users to secure your staged/stageless connection for Meterpreter by having it check the certificate of the handler it is connecting to. We start by generating a certificate in PEM format, once the certs have been created we can create a HTTP or HTTPS or EXE payload for it and give it the path […]

root

Evilgrade – Modular Framework To Take Advantage Of Poor Upgrade Implementations By Injecting Fake Updates

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents […]

root

SocialFish – Ultimate phishing tool with Ngrok integrated

Ultimate phishing tool with Ngrok integrated. PREREQUISITES Python 2.7 Wget from Python PHP TESTED ONKali Linux – ROLLING EDITION CLONE git clone https://github.com/UndeadSec/SocialFish.git RUNNING cd SocialFish sudo pip install -r requirements.txt python SocialFish.py AVAILABLE PAGES+ Facebook: Traditional Facebook login page. Advanced login with Facebook. + Google: Traditional Google login page. Advanced login with Facebook. + […]

root