A previously discovered browser hijacker malware dubbed as CeidPageLock has resurfaced again, in a bigger and better avatar, reveal researchers at Check Point security firm. This time around it is loaded with new features and is being distributed through the RIG Exploit kit. Trend Micro states that among all the exploit kits, the RIG is […]
Bashark aids Pentesters and Security Researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to […]
KillerBee framework is a tool for attacking ZigBee and IEEE 802.15.4 networks. KillerBee is designed to simplify the process of sniffing packets from the air interface or a supported packet capture file (libpcap or Daintree SNA), and for injecting arbitrary packets. Helper functions including IEEE 802.15.4, ZigBee NWK and ZigBee APS packet decoders are available […]
DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, “smart” thermostats, and other IoT devices. With this toolkit, a remote attacker can […]
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil twin attacks against a variety of wireless network types. Rogue was originally […]
This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes preinstalled with many popular (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for this JPG file). Usage […]
Toolkit allowing to sniff and display the Wi-Fi probe requests passing near your wireless interface. Probe requests are sent by a station to elicit information about access points, in particular to determine if an access point is present or not in the nearby environment. Some devices (mostly smartphones and tablets) use these requests to determine […]
BackdoorMan BackdoorMan is a toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination. Description A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose […]
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an “all […]
REXT is a toolkit for easy creation and usage of various python scripts that work with embedded devices. Requirements: requests paramiko beautifulsoup4 Installation: Git clone REXT repository (this is the recommended way if you wish for REXT update command to work) $ git clone https://github.com/j91321/rext.git or download REXT $ wget https://github.com/j91321/rext/archive/master.zip $ unzip master.zip Install […]
Mass mailer is commonly used to send a phishing page link to the e-mail ID of the target. The attacker needs to be aware of the e-mail harvester technique to be efficient in this attack. A mass mailer is also used to perform a Distributed Denial of Service (DDoS) attack through the creation of zombie […]
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil twin attacks against a variety of wireless network types. Rogue was originally forked […]
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil twin attacks against a variety of wireless network types. Rogue was originally forked […]
The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to quickly inventory the SQL Servers in their ADS […]
A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during their pentests. AndroTickler also integrates with Frida to provide method […]
Microsoft toolkit is a combination of all activators. Auto KMS and EZ activator modules are built in to provide a perfect activation algorithm. Features of Microsoft toolkit Two in one activation ( windows and office ) Offline and Online activator modules. Lifetime activation 64-bit system support Any windows and MS office version support 100% clean […]
It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate how fast this tool is, here’s an example of how to setup and execute a […]
Habu: Network Hacking Toolkit I’m developing Habu to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the source […]
DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data (say on an assessment) The idea was to create a […]
Habu is to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the source code and learn from that. […]
Gophish: Open-Source Phishing Toolkit Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Current Status Update 2/19/2017 Gophish version 0.2.1 binaries will be released soon! I am just fixing a few final bugs and then […]