Browsing tag
Use regular expressions to get sensitive information from a given repository (GitHub, pip or npm). Dependencies You only need to have python 3.6 or higher installed to launch this script. In addition you must have installed in the system git, pip and npm. How to use It’s very easy to use, just run the […]
Stardox is an advanced github stargazers information gathering tool. It scraps Github for information and display them in list tree view. It can be used for collecting information of your’s/someones repository stargazers details. What data it fetchs : Total repsitories Total stars Total Followers Total Following Stargazer’s Email P.S: Many new things will be […]
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post. We […]
Ubuntu stealer, steal ubuntu information in local pc (nice with usb key) Require G++sudo apt-get install g++ libsqlite3sudo apt-get install libsqlite3-dev Compilation Go in Ustealer/ folder and run makefilemake Use./ustealer Download Ustealer Free Download WordPress Themes Download Nulled WordPress Themes Download Best WordPress Themes Free Download Download Best WordPress Themes Free Download ZG93bmxvYWQgbHluZGEgY291cnNlIGZyZWU= download […]
Even the Tor browser can be monitored with this malicious code Specialists in digital forensics and information security have revealed a new side channel attack technique that bypasses the privacy defenses of any browser, according to them; even the Tor browser is vulnerable to this attack vector. As a result, malicious JavaScript in a […]
The $1 trillion company is unaware about the causes of the incident Amazon has suffered a security incident in its data management system, according to specialists in digital forensics from the International Institute of Cyber Security, it is unknown if the company has already notified to the authorities about the situation; in addition, the […]
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements “virtual commands” […]
Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information. https://www.reddit.com/r/django/comments/87qcf4/28165_thousand_django_running_servers_are_exposed/ https://twitter.com/6ix7ine/status/978598496658960384?lang=en Usage Usage: python3 djangohunter.py –key {shodan} Dorks: ‘DisallowedHost’, ‘KeyError’, ‘OperationalError’, ‘Page not found at /’ Requirements Shodan Pyfiglet Requests BeautifulSoup pip -r install requirements Demo Disclaimer Code samples are provided for educational purposes. Adequate defenses can only be built […]
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. How to build git clone https://github.com/gmdutra/docker-inurlbr.git cd docker-inurlbr docker build -t gmdutra/inurlbr . Run docker run –name inurlbr -it -d gmdutra/inurlbr -h –help Alternative long length […]
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner Why KillShot ? You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also […]
Telebix is an application that communicates with a Bot on the Telegram to receive commands and send information from an infrastructure monitored by Zabbix, which also sends messages in real time if any problems occur in the infrastructure, it is totally written in Python with Shell Script and has a graphical interface to help the […]
Quasar Is An Information Gathering Framework For Penetration Testers Coded By Belahsan Ouerghi: Website Informations E-mail Address Checker Phone Number Information Credit Card Bin Checker Ip Locator Port Scanner Installation sudo apt-get install git git clone https://github.com/TunisianEagles/quasar.git cd quasar chmod +x install.sh chmod +x quasar.sh sudo ./install.sh sudo ./quasar.sh Screenshots Tested On : Backbox […]
RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator’s we need to compromise a host, just so we can keylog or screenshot (or some other miniscule task) against a person/host of interest. Why should you have to push over beacon, empire, […]
Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy. Seeker Hosts a fake website on Apache Server and uses Ngrok to generate a SSL link which asks for Location Permission and if the user allows it, we can get : Longitude Latitude Accuracy Altitude – Not always available […]
Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online. What does the tool to? Look, a list! Search Brute force SSID and WPAPSK Password Disclosure E-mail, FTP, DNS, MSN Password Disclosure Exploit […]
Striker is an offensive information and vulnerability scanner. Features Just supply a domain name to Striker and it will automatically do the following for you: Check and Bypass Cloudflare Retrieve Server and Powered by Headers Fingerprint the operating system of Web Server Detect CMS (197+ CMSs are supported) Launch WPScan if target is using WordPress […]
Recently WhatsApp community announced that they are providing end-to-end encryption for all of their users. This feature makes your WhatsApp conversations even more secure when chatting with your friends and family. Apart from end-to-end encryption, there are lot more features to increase security to your WhatsApp account. Go to your WhatsApp account and click the […]
From the following steps SubDomain-Analyzer gets data from a domain: Get the zone transfer file Gathers all the information from DNS records Analyzing DNS records Tests sub domains by dictionary attack sudo apt-get install python-dev python-pip sudo pip install -r requirements.txt easy_install prettytable Install Xcode Command Line Tool (From AppStore) sudo easy_install pip, prettytable sudo […]