Browsing tag
FudgeC2 is a campaign orientated Powershell C2 framework built on Python3/Flask – Designed for team collaboration, client interaction, campaign timelining, and usage visibility.Note: FudgeC2 is currently in alpha stage, and should be used with caution in non-test environments. Setup Installation To quickly install & run FudgeC2 on a Linux host run the following: git […]
Thanks to some reports of service failures of the popular streaming platform Netflix, a group of vulnerability testing specialists has detected multiple denial of service (DoS) vulnerabilities in various implementations of the HTTP/2 network protocol, which allows the operation of most of the conventional websites; according to the report, if these flaws were exploited any […]
Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn’t work with python < 3.4 Discover parameters To find GET parameters, you can simply do: python3 arjun.py -u https://api.example.com/endpoint –get Similarly, use –post to find POST parameters. Multi-threading Arjun uses 2 threads by default but […]
testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: It works for Linux, OSX/Darwin, FreeBSD, NetBSD, OpenBSD (needs bash) […]
The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux yaourt httplab Snap FIXME On systems where snap is supported: snap install httplab Binary distribution Each release provides pre-built binaries for different architectures, you can download them here: https://github.com/gchaincl/httplab/releases/latest Help Usage of httplab: […]
Just a simple (poorly written) Python script that aimlessly “browses” the internet by starting at pre-defined rootURLs and randomly “clicking” links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. The only issue is that my simulation environment uses […]
Google is taking the privacy quite seriously, and the new Chrome security update will undoubtedly put a significant toll on all your favorite websites. Google Chrome just launched a security feature with the release of Chrome 68. From now on, Chrome web browser will label all HTTP sites as “not secure.” All the HTTPS websites […]
A Newly discovered sophisticated BackSwap Malware Empty victims bank account using most innovative methods and employes new technique to bypass browser protection. Nowadays banking Trojan attacks evolving with various technique and continuously targeting vicitms bank account and the prevention become more and more complex. BackSwap Malware changing the traditional complex process injection to new innovative methods […]
With this tool you can block HTTP Flood Attacks and analyze them with a honeypot. THE TOOL SEND YOU AN ADVERTISING EMAIL AFTER DETECT A DDOS ATTACK! First start the honeypot server (tools/analyze/logger.py). Then start the detector (tools/detector/detector.sh) in another window. If an attacker attack your server in preconfigured port (80), the detector will redirect […]
mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them […]
Wapiti allows you to audit the security of your websites or web applications. It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and […]
Syhunt ScanTools 6.0 adds advanced fingerprinting capabilities, enhanced spidering, injection and code scan capabilities, and a large number of improved checks. Adds the display of Hybrid, Dynamic and Code detailed scan statistics to the command-line tools. New fingerprinting capabilities – Because of the so many vulnerability checks and mutations added to this version, we developed an advanced […]
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client. Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow […]
Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although originally focused solely on privacy violations, WPM now encompasses measuring security violations on the web as well. […]
SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom encrypter with string obfuscation and run-time code compilation features so you can bypass […]
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index […]
Passive web scanner. EllaScanner is a simple passive web scanner. Using this tool you can simply check your site’s security state. Usage: ./Start.py https:// or http:// Scanning of the site consists several phases: At the first phase, you can get recommendations related to http/https headers. The Second phase depends on information gather in the first […]
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time) […]
How to hijack hundreds of HTTP connections for the modest price of $60 (VPS included) Because not everyone has QUANTUM capabilities, a poor man’s gotta think about ways of getting inside a target network on the cheap, right? Typosquatting has been known and abused since the 90’s, mostly for phishing, but is it still profitable […]
Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go (Golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance. Features Easy […]
httpstat visualizes curl statistics in a way of beauty and clarity. It is a single file Python script that has no dependency and is compatible with Python 3. There are three ways to get httpstat : Step 1: Download the script directly: wget https://raw.githubusercontent.com/reorx/httpstat/master/httpstat.pyStep 2: Through pip: pip install httpstatStep 3: Through homebrew (macOS only): […]