Browsing tag
This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run (apt, rpm, pacman compatible) git clone https://github.com/six2dez/reconftw cd reconftw chmod +x *.sh ./install.sh ./reconftw.sh -d target.com -a Features Tools checker Google Dorks (based on deggogle_hunter) Subdomain enumeration (passive, resolution, […]
A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don’t. Microsoft does not consider “email enumeration” a vulnerability, so this is taking advantage of a “feature”. […]
Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb. Here you can see it in action: How to use it The application is self-documenting, launching dirstalk -h will return all the available commands with a short […]
Gobuster is a tool used to brute-force: URIs (directories and files) in web sites. DNS subdomains (with wildcard support). Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: … something that didn’t have a fat Java GUI (console FTW). … to build something that just worked on the command […]
Automatically brute force all services running on a target Open ports Usernames Passwords INSTALL: ./install.sh USAGE: brutex target <port> DOCKER: docker build -t brutex . docker run -it brutex target <port> DEMO VIDEO: Download BruteX Download WordPress Themes Free Premium WordPress Themes Download Download WordPress Themes Free Premium WordPress Themes Download online free course download […]
DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots UsageBasic: python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt Force extension for every wordlist entry (support one extension): python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php […]
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. SN1PER PROFESSIONAL FEATURES: Professional reporting interface Slideshow […]
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits – modules that take advantage of identified vulnerabilities creds – modules designed to test credentials against network services scanners – modules that check if a target is vulnerable to any exploit payloads […]
SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Requirements metasploit snmpwalk snmpstat john the ripper Usage python snmp-brute.py -t [IP] Options–help, -h show this help message and exit–file=DICTIONARY, -f DICTIONARY Dictionary file–target=IP, -t IP Host IP–port=PORT, -p PORT […]
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more information, read the license. Only […]
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Features Multiple Injection points capability with multiple dictionaries Recursion (When doing directory bruteforce) […]
FTP MySQL MSSQ MongoDB Redis Telnet Elasticsearch PostgreSQL. Compatible Operating system: OSX Linux Windows Python 2.6+ How to run the command: python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10] -h Supports ip(192.168.1.1), ip range (192.168.1) (192.168.1.1-192.168.1.254), ip list (ip.ini) , maximum 65535 ips per scan. -p Ports you want to scan, use comma […]
Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Install: ./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0 Initialized… […]