Browsing tag
If you are using Kaspersky Password Manager (KPM) for creating passwords, you might want to consider regenerating those you created before October 2019. According to Donjon, a security research team at Ledger passwords generated by KPM are so weak that it is easy to brute-force them. Researchers claim that they started analyzing Kaspersky’s password manager […]
A 21-year-old US citizen named John Binns has claimed responsibility for the T-Mobile data breach and labeled the carrier’s “security is awful.” Earlier this month, T-Mobile suffered a data breach in which a hacker claimed to steal the personal data of 100 million customers. Although the company acknowledged the breach yet claimed that the incident […]
According to CISA, it has verified one of the users had their account breached even though they were using “proper multi-factor authentication (MFA).” Last year, it was reported that threat actors have been using legitimate tools to compromise Cloud-based assets. Now, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to alert […]
WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password batches each […]
yet another dirbuster Common Command line options -a <user agent string> – specify a user agent string to send in the request -c <http cookies> – use this to specify any cookies that you might need (simulating auth). header. -f – force processing of a domain with wildcard results. -l – show the length […]
An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt Bugs If you get an xml.etree.ElementTree.ParseError: Did you forget to add ‘xmlrpc’ […]
Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb. Here you can see it in action: How to use it The application is self-documenting, launching dirstalk -h will return all the available commands with a short […]
Gobuster is a tool used to brute-force: URIs (directories and files) in web sites. DNS subdomains (with wildcard support). Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: … something that didn’t have a fat Java GUI (console FTW). … to build something that just worked on the command […]
The flaw allowed anyone with knowledge of brute force attack to hack Instagram accounts without raising any suspicion. How to hack Instagram account? This is something that every Tom, Dick, and Harry wants to know since with over a billion users, Instagram is the world’s largest photo and video-sharing social networking service. While people are […]
Based on security assessment results, penetration testers often recommend hiding an enterprise network’s ports behind a whitelist. However, corporate IT teams don’t always understand the need for such a countermeasure. Even some admins and DevOps specialists with tons of experience wonder why this is necessary. Let’s take a dive into the risks of keeping ports […]
A new bug discovered in IRCTC website allows attackers to gain access to the lakhs of users private information and alter the sensitive data include cancelling the booked ticket. IRCTC (Indian Railway Catering and Tourism Corporation) is a part of Indian Railway and one of the busiest Railway booking system in the world that manages […]
Automatically brute force all services running on a target Open ports Usernames Passwords INSTALL: ./install.sh USAGE: brutex target <port> DOCKER: docker build -t brutex . docker run -it brutex target <port> DEMO VIDEO: Download BruteX Download WordPress Themes Free Premium WordPress Themes Download Download WordPress Themes Free Premium WordPress Themes Download online free course download […]
w3brute is an open source penetration testing tool that automates attacks directly to the website’s login page. w3brute is also supported for carrying out brute force attacks on all websites. Features Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process. this is a list of available scanners: automatically detects target […]
theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. […]
The Best Way To Scan For Weak Ssh Passwords On Your Network Features ssh-auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known host whose ssh version or […]
“HASSH” is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint. What can HASSH help with: Use in highly controlled, well understood environments, where any fingerprints outside of a known good set […]
SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt […]
This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes preinstalled with many popular (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for this JPG file). Usage […]
Over the past years, Apple has been playing cat and mouse with the security researchers and hackers who keep trying to develop new ways to bypass the security of iPhone. Earlier this year, a new challenge came up in the form of an iPhone unlocking device named GrayKey being used by law enforcement agencies. The […]
The new malware campaign, dubbed Operation Prowli, infecting number of industries such as finance, education, and government. The Prowli malware has compromised more than 40,000 machines and 9,000 companies around the world. Prowli malware uses various attack techniques such as brute-forcing, exploits, and weak configurations. It targets CMS hosting servers, backup servers, HP Data Protector, DSL […]
GetAltName it’s a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope. This code is […]