Browsing category
A tool to hunt for credentials in the GitHub wild AKA git*hunt Getting started Install the tool Configure your GitHub token Search for credentials See results cat results.json | jq Installation requirements: virtualenv, python3 git clone https://github.com/d1vious/git-wild-hunt && cd git-wild-hunt clone project and cd into the project dir pip install virtualenv && virtualenv -p […]
Customized Password/Passphrase List inputting Target Info Installation git clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.py Usage usage: longtongue.py [-h] [-p | -c | -v] [-l | -L] [-y] [-n] Customized Password/Passphrase List inputting Target Info optional arguments: -h, –help show this help message and exit -p, –person Set the target to be a person -c, […]
Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/ Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI. ============================================ | Collecting RabbitMQ Erlang Cookie | Erlang Cookie: abcdefg12456789abcde ============================================ | Collecting SolarWinds Certificate | SolarWinds Orion Certificate Found! | Subject Name: CN=SolarWinds-Orion | Thumbprint : BE85C6C3AACA8840E166187B6AB8C6BA9DA8DE80 | Password : alcvabkajp4 | […]
What is this? Certain characters in passwords (‘O’ and ‘0’, ‘I’ and ‘l’, etc.) can be hard to identify when you need to type them in (and copy-paste is unavailable). Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Features […]
Automatically brute force all services running on a target Open ports Usernames Passwords INSTALL: ./install.sh USAGE: brutex target <port> DOCKER: docker build -t brutex . docker run -it brutex target <port> DEMO VIDEO: Download BruteX Download WordPress Themes Free Premium WordPress Themes Download Download WordPress Themes Free Premium WordPress Themes Download online free course download […]
w3brute is an open source penetration testing tool that automates attacks directly to the website’s login page. w3brute is also supported for carrying out brute force attacks on all websites. Features Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process. this is a list of available scanners: automatically detects target […]
The Best Way To Scan For Weak Ssh Passwords On Your Network Features ssh-auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known host whose ssh version or […]
This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. Screenshot Above image search the credentials for uber.com and have found […]
Python script for trying default passwords for some TP-Link Hotspots Inspired by Usage usage: scan.py [-h] [-p] Python script for trying default passwords for some TP-Link Hotspots optional arguments: -h, –help show this help message and exit -p, –print-all print all found ssid’s FOR EDUCATIONAL USE ONLY Config timeout stop sniffing after a given time […]
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. These tools are designed to help pentesters/redteamers doing OSINT, credentials gathering and credentials stuffing attacks. Installation First things first : have a working mongodb server. Then : git clone -b mongodb https://github.com/Acceis/leakScraper cd leakScraper sudo ./leakScraper/install.sh It will install […]
SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Requirements metasploit snmpwalk snmpstat john the ripper Usage python snmp-brute.py -t [IP] Options–help, -h show this help message and exit–file=DICTIONARY, -f DICTIONARY Dictionary file–target=IP, -t IP Host IP–port=PORT, -p PORT […]
State-of-the-art password guessing tools, such as HashCat and John the Ripper (JTR), enable users to check billions of passwords per second against password hashes. In addition to straightforward dictionary attacks, these tools can expand dictionaries using password generation rules. Although these rules perform well on current password datasets, creating new rules that are optimized for […]
Red Login: SSH Brute-force Tools. Features: High speed and precision CLI ( Console based ) Run the arbitrary command after the attack is successful ( Default ‘Uname -a’ ) Telegram messanger support for sending reports via bot API Usage: Redlogin.exe (Optional) -telegram ==> List of targets ip list ==> List of usernames want to test ==> List of […]
WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms. WildFly is free and open-source software, subject to the requirements of the GNU Lesser […]
Your best friend in credential reuse attacks. Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) : Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API). Now you give it this email’s old or […]
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper. Screenshot: Install from Source Prerequisites Linux (APT package manager) Check if Python 3 is installed by running python3 –version If it […]