Browsing tag
Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks. Use: Search available username: ./namechk.sh <username> -au Search available username on specifics websites: ./namechk.sh <username> -au -co Search available username list: ./namechk.sh -l -au Search used username: ./namechk.sh <username> -fu Search used username on […]
Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced “rastreador” – hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and […]
Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That’s because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you ready for the mayhem? Official Site: http://www.pwnadventure.com/ YouTube […]
Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it […]
Looking for a free VPN service? Look no further, believe it or not, Pornhub has got your back. In the world of online censorship, it is difficult to get your hands on a reliable free VPN service without compromising your privacy or getting your data sold to third-party advertisers. But now, there is a solution from a […]
Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system (CMS) for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a minimum of technical skills. It enables users to edit site content […]
XVNA is an extreme vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it’s not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and sharpening your application security skills with any tools of your own […]
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities. INSTALL git clone […]
Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on […]
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the […]
iTunes will stop working on millions of devices as of May 25, 2018. This Monday, 26 February, Apple announced that it will terminate music store support for Windows XP and Vista computers. Another product that will be discontinued is the first generation of Apple TV. Starting in May, users won’t be able to buy or […]
LuLu is the free open-source macOS firewall that aims to block unauthorized (outgoing) network traffic, unless explicitly approved by the user: Full details and usage instructions can be found here. It’s also important to understand LuLu’s limitations! Some of these will be addressed as the software matures, while others are design decisions (mostly with the […]
A multi-platform APT CrossRAT Malware discovered with sophisticated surveillance operation that targeting Windows, OSX, and Linux computer globally both individuals and organizations. It performed by Large-scale Dark Caracal cyber-espionage campaign and conducting advanced spying operation globally. There are thousand of Victims has been infected and hundreds of gigabytes of data have been stolen from more than […]
gOSINT is a small OSINT framework in golang, it’s actually in development and still not ready for production if you want, feel free to contribute! What gOSINT can do Find mails from git repository Find Dumps for mail address Search for mail address linked to domain/mail address in PGP keyring Retrive Info from domain whois (waiting to […]
The general perception about Apple devices is that they are protected from malware and other hacking attacks. But since hackers are getting smarter and more sophisticated in their attacks things are changing for bad. Now, a Malwarebytes forum user has discovered a dangerous malware targeting macOS – Its in-depth analysis has been conducted by an independent security […]
In 2017 we reported about a notorious malware that was capable of spying upon people through capturing screenshots and webcam footages. Dubbed as Fruitfly or Quimitchin, the malware was identified by chief research officer at Digita Security, Patrick Wardle, and was found in at least 400 computer devices across the United States while it affected Windows, […]
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web […]
shimit is a python tool that implements the Golden SAML attack. python .shimit.py -h usage: shimit.py [-h] -pk KEY [-c CERT] [-sp SP] -idp IDP -u USER [-reg REGION] [–SessionValidity SESSION_VALIDITY] [–SamlValidity SAML_VALIDITY] -n SESSION_NAME -r ROLES -id ARN [-o OUT_FILE] [-l LOAD_FILE] [-t TIME] ██╗ ███████╗██╗ ██╗██╗███╗ ███╗██╗████████╗ ██╗ ██╗ ██╔╝ ██╔════╝██║ ██║██║████╗ ████║██║╚══██╔══╝ ██╔╝ […]
Meltdown and Spectre vulnerabilities haunting users and Tech Giants worldwide – Now the Giants have addressed the issue. Recently, we reported about the security flaws that render the inner workings of multiple generations of Intel CPUs vulnerable to exploitation. Now there are new details available about the flaws. These flaws were identified by Google’s Project Zero […]
An IT security researcher has leaked details on an unpatched Apple’s macOS bug which lets attackers gain root access and take complete control of a targeted device. After a disastrous 2017, where Apple faced all sorts of security-related issues and complaints, the company is in trouble again right from the first day of the New Year! On […]
Catching phishing by observing certificate transparency logs. This tool is based on regex with effective standards for detecting phishing sites in real time using certstream. Installation $ cd /opt/ $ git clone https://github.com/6IX7ine/certstreamcatcher.git $ cd certstreamcatcher $ npm install npm package To install certstreamcatcher using npm run: npm install –save certstreamcatcher Try on npm […]