Browsing tag
Winpayloads is a python based tool which combines some of the Powershell Empire features along with the metasploit framework to create windows payloads. It is simple to use and has some interesting options to choose between. Installing Winpayloads First, let’s clone the repository from Github. git clone https://github.com/nccgroup/Winpayloads.git After that go to the directory and […]
Cmsmap is a python based CMS scanner for automating the process of vulnerability assessment in most popular CMS’s. It can search for interesting files, plugins, directories and known vulnerabilities in WordPress, Joomla or Drupal. Installing CMSmap To install CMSmap you have to clone the repo from github. git clone https://github.com/Dionach/CMSmap.git After that, you need to […]
Many times when you want to perform an exploitation to a windows target, you need a payload that is undetectable to Antivirus Solutions. Msfvenom on its own is not enough. So you need an AV evasion tool to make this easy for you. Avet is a tool for building exe files with shellcode payloads for […]
Brosec is an open source terminal based tool to help all the security professionals generate the right payloads and commands. It can show you all the most popular commands you can use for information gathering, Linux, Windows, web and utilize payloads. Installing Brosec Let’s clone the repository, first. git clone https://github.com/gabemarshall/Brosec.git After that install the […]
Joomscan is a scanner by OWASP, which aims to automate the task for vulnerability assessments for Joomla based sites. Based in perl, this tool can enumerate the version, vulnerabilities, components, firewalls and more, all in one friendly to use interface. Installing Joomscan First, let’s clone the repository to our machine. git clone https://github.com/rezasp/joomscan.git All the […]
PrivilegeEsc-Linux is a simple script which checks the security on a Linux machine. It can run many different options, such as for checking the OS version, the environment , the apps and services, the upload options and more. Mainly focus is to enumerate everything it can in a Linux Machine and with this information you […]
NoSQLMap is an open source python based tool, designed to audit and automate injection attacks on NoSQL databases, such as Mongo DB and Couch DB. It can find and exploit various different vulnerabilities in order to disclose data from a site. Installing NoSQLMap For installing NoSQLMap, you have to clone the repository from Github. git […]
East is a Python based security framework toolkit. It acts as a HTTP server and contains a wide range of different exploits and modules to use. It combines an advanced penetration testing framework with a simple to use interface, which even a beginner can use. Installing EaST Installation is pretty straightforward, clone the github repository. […]
MassExploitConsole is a python based easy-to-use cli tool for executing exploits. It has a collection of exploits to execute, built-in scanner for enumeration, built-in crawler and proxychains to hide your ip address. Installing mEC Clone the repository, go to the folder and run the install script. git clone https://github.com/jm33-m0/mec.git cd mec/ ./install.py Type ‘yes‘ to […]
Brutex is a shell based open source tool to make your work faster. It combines the power of Nmap, Hydra and DNSenum. This tool will automatically run an nmap scan to your target and then it will brute force all the open services for you, such as FTP, SSH and more using Hydra. Installing Brutex […]
Kalitorify is a shell based script for Kali Linux. It uses iptables and TOR to create a transparent proxy. In simple terms, this means that all your network traffic can be redirected through TOR. It is based on Parrot AnonSurf , which is a popular module in Parrot OS to ‘torify’ your traffic. Installing Kalitorify […]
BLACKEYE is a LAN phishing tool that can clone more than 30 networks templates to generate the phishing pages. Some of these networks include Google, Yahoo, Microsoft, Paypal, Shopify, eBay, Cryptocurrency, Twitter, Facebook, Github, Snapchat, and Linkedin. Besides, generating templates of these networks, BLACKEYE also offers a custom template option to generate custom phishing page. […]
Knock is a python based tool for enumerating subdomains on a targeted domain. You can use a custom wordlist and also you can scan a domain for DNS zone transfers. It also supports queries to Virus Total subdomains. Installing Knock First things first, you have to install the dependencies manually. apt-get install python-dnspython After that […]
I know what you are thinking, bruteforce doesn’t work anymore in many cases. However, Blazy is not just another brute-force tool. It can also check for CSRF (Cross Site Request Forgery), Clickjacking, Cloudflare hosts and even for WAF. It’s also multi threading and has very good error detection system. Installing Blazy As always, open up […]
Based on python, the Veil-Framework is one of the most popular tools for Anti-Virus evasion. You can generate many different Metasploit payloads in c, python, ruby, powershell and more. The advantage of this tool is that you can add-up a layer of encryption to your payloads. With the right optimization you can bypass some common […]
The Evil Access Point (AP) attack has been around for a long time. There are several ways to create this attack and mitmAP is a python based tool to make it simple for you. Combining the power of various tools, such as SSLstrip2, Driftnet, tshark, wireshark, mitmproxy and more, you can create a fake AP […]
Galileo is a free web application auditing framework that can perform various penetration testing tasks, such as information gathering, fingerprinting, bruteforcing, injection test, and exploiting vulnerabilities. Galileo uses different modules to perform these tasks. The modules can be divided into following categories. Bruteforce Disclosure Fingerprint Injection Scanner Tools Exploitation Bruteforce modules can be used to […]
Xerosploit is a python-based toolkit for creating efficient Man In The Middle attacks which combines the power of bettercap and nmap. The interface is pretty easy to use. It allows you to scan your network and then generate the right attack for your victim. You can perform a JavaScript injection, sniffing, traffic-redirection, port-scanning, defacement of […]
Red Hawk is an open source tool that is used for information gathering and certain vulnerability scanning. Red Hawk detects Content Management Systems (CMS) in use of a target web application, IP address, web server record, Cloudflare information, and robots.txt data. Red Hawk can detect WordPress, Drupal, Joomla, and Magento CMS. Other scanning features of […]
Recon-ng is a reconnaissance framework that can perform open source web based information gathering for a given target. Recon-ng is loaded with different type of modules, such as reconnaissance, reporting, import, discovery, and exploitation modules. The type of information that can be gathered with these modules include contacts, credentials, social media profiles, and handful of […]
PhishX is a python tool that can capture user credentials using a spear phishing attack. Spear phishing is a targeted form of phishing attack that is launched against specific individuals. Therefore, some information about an individual is required in order to launch such an attack. Since PhishX is used to capture user’s credentials, the tool […]