Search the Community

Showing results for tags 'tool'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 82 results

  1. Black Vision Command line Remote Access tool targeting Windows Systems. Download Maxmind GeoIP2 Database from here ; LINK Extract the file under blackvision/ How to use Install required modules pip3 install -r requirements.txt Run server git clone [Hidden Content] cd blackvision python3 Generate Agent cd blackvision python3 Change Host/Port Open settings.ini. And change host, port. Commands Command Purpose transfer Transfer a NON Binary file. bsendfile Transfer a Binary File. kill Kill the connection info View Information of client. msgbox Send Messageboxes. exec Execute a Command on the remote Machine(s). exec-file Execute a file on the remote Machine(s). wanip View WAN IP of Remote Machine(s). hostname View Hostname of Remote Machine(s). username View Username of Remote Machine(s). monitoroff Turn of monitor of Remote Machine(s). monitoron Turn monitor back on. cdopen Eject CDROM of Remote Machine(s). cdclose Close CDROM of Remote Machine(s). playaudio Play Audio stream on Remote Machine(s). send Send commands to 1 client. (NO broadcast) keydump DUMP Keystroke buffer (Not added yet) Termux Compatibilty This app is compatible with Termux. Run it the same way you run it in Terminal. TODO Rewrite Agent in C. Fix sending file to single client. (Fixed) Fix multiple clients information saving. (Fixed) Add keylogging. Fix that args[3] does not get sent. (Fixed) Fix Broken connection problems. Video Example: [Hidden Content] Download: [Hidden Content]
  2. Introduction Hidden Eye is an all in one tool that can be used to perform a variety of online attacks on user accounts. It’s well loaded, therefore it can be used as keylogger (keystroke logging), phishing tool, information collector, social engineering tool, etc. Hidden Eye Logo Disclaimer: Use this tool for educational purposes only. Hidden Eye: Advanced Phishing Tool [Android-Support-Available] As a modern phishing tool, Hidden Eye is very good at what it does. The perfect combination of all its functional components gives it an upper hand when attacking accounts. By using brute force attacks it can effectively access the user’s personal information. Hidden Eye can easily crack user passwords and can also collect other personal data belonging to the victim. Depending on the attack vector selected you can easily hack user accounts such as Facebook, Twitter, Instagram, Snapchat and many others. It can be used to carry out phishing on 30+ pages. The tool can also run on android devices through the UserLand app or Termux app. Features: Can perform live attacks (IP, geolocation, country, etc.) Captures victim’s keystrokes (using keylogger function) Serveo URL type selection (selects between RANDOM URL and CUSTOM URL) Numerous phishing pages (Facebook, Twitter, Instagram, Dropbox, Reddit, WordPress, Yahoo, and many more) Android support (Termux/UserLand) Supported Platforms: Linux (Tested on: Kali Linux, Parrot OS, Ubuntu, Arch Linux, Black Arch, OS X High Sierra, etc.) Android (Termux/UserLand) Prerequisites: This tool can’t be run effectively is some components are not in place, so make sure that you’ve installed the following: Python 3 sudo Wget from Python PHP [HIDE][Hidden Content]]
  3. is a Windows file enumeration intel gathering tool. View the full article
  4. uProxy v.2.02 [Hidden Content] uProxy is a tool with this tool you can scrap proxies, grab them from a proxy list resource, also you can check your proxies. These proxies are good but not too good so that you can use them in Netflix cracking. These proxies are public proxies so won’t work in Netflix cracking. But you want to use them with other checkers that works fine with public proxies also then this tool is best for you. It has an easy interface so no need much explanation about how to use this tool. I think it’s pretty simple to use this tool. VIRUSTOTAL [Hidden Content] DOWNLOAD [Hidden Content]
  5. WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. It currently provides four independent working modes to deal with the target networks. Two of them are online cracking methods while the other runs in offline mode. The offline mode is provided to crack saved hashes from the first two modes. One is for deauthentication attack on wireless network and can also b e used as a jamming handler. It can be run on a variety of linux platforms and atleast requires WN727N from tp-link to properly operate. [Hidden Content]
  6. Twint is an advanced Twitter scraping tool written in python that allows for scraping Tweets and pictures from Twitter profiles without using Twitter’s API. Twint utilizes Twitter’s search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics, hashtags & trends, or sort out sensitive information from Tweets like e-mail and phone numbers. I find this very useful, and you can get really creative with it too. Twint also makes special queries to Twitter allowing you to also scrape a Twitter user’s followers, Tweets a user has liked, and who they follow without any authentication, API, Selenium, or browser emulation. Benefits Some of the benefits of using Tweep vs Twitter API: Can fetch almost all Tweets (Twitter API limits to last 3200 Tweets only) Fast initial setup Can be used anonymously and without Twitter sign up No rate limitations Changelog v2.1 New features: added user_rt: name of the user at the time which retweeted extended user_rt_id to any retweet and not just specific ones added retweet_id added reply_to: list of {user_id, username} of users which you’d reply to Basic Examples and Combos. python3 -u username – Scrape all the Tweets from user‘s timeline. python3 -u username -s pineapple – Scrape all Tweets from the user‘s timeline containing pineapple. python3 -s pineapple – Collect every Tweet containing pineapple from everyone’s Tweets. python3 -u username --year 2014 – Collect Tweets that were tweeted before 2014. python3 -u username --since 2015-12-20 – Collect Tweets that were tweeted since 2015-12-20. python3 -u username -o file.txt – Scrape Tweets and save to file.txt. python3 -u username -o file.csv --csv – Scrape Tweets and save as a csv file. python3 -u username --fruit – Show Tweets with low-hanging fruit. python3 -s "Donald Trump" --verified --users – List verified users that Tweet about Donald Trump. python3 -g="48.880048,2.385939,1km" -o file.csv --csv – Scrape Tweets from a radius of 1km around a place in Paris and export them to a csv file. python3 -u username -es localhost:9200 – Output Tweets to Elasticsearch python3 -u username -o file.json --json – Scrape Tweets and save as a json file. python3 -u username --database tweets.db – Save Tweets to an SQLite database. python3 -u username --followers – Scrape a Twitter user’s followers. python3 -u username --following – Scrape who a Twitter user follows. python3 -u username --favorites – Collect all the Tweets a user has favorited [HIDE][Hidden Content]]
  7. WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication) WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireless interface on a different channel. That will be done via native linux command iwconfig for which you maybe need sudo privileges. It currently provides four independent working modes to deal with the target networks. Two of them are online cracking methods while the other runs in offline mode. The offline mode is provided to crack saved hashes from the first two modes. One is for deauthentication attack on wireless network and can also b e used as a jamming handler. It can be run on a variety of linux platforms and atleast requires WN727N from tp-link to properly operate. [HIDE][Hidden Content]]
  8. itsMe

    Extension Spoofer - Java Tool

    This is as basic as it can get. This application can spoof the extension of a file to make it look like something else. you can turn s.exe into sexe.jpg and it will still execute? Yes, that's right. Please double click on Extension Spoofer-win\bin\Extension Spoofer.bat [Hidden Content]
  9. XSpear - Powerfull XSS Scanning And Parameter Analysis Tool Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysis Other headers..(Server version, Content-Type, etc...) Scanning from Raw file(Burp suite, ZAP Request) XSpear running on ruby code(with Gem library) Show table base cli-report and filtered rule, testing raw query(url) Testing at selected parameters Support output format cli json cli: summary, filtered rule(params), Raw Query Support Verbose level (quit / nomal / raw data) Support custom callback code to any test various attack vectors [HIDE][Hidden Content]]
  10. ORBIT Blockchain Transactions Investigation Tool Introduction Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections. Usage Let's start by crawling transaction history of a wallet python3 -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F Crawling multiple wallets is no different. python3 -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F,1ETBbsHPvbydW7hGWXXKXZ3pxVh3VFoMaX Orbit fetches last 50 transactions from each wallet by default, but it can be tuned with -l option. python3 -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F -l 100 Orbit's default crawling depth is 3 i.e. it fetches the history of target wallet(s), crawls the newly found wallets and then crawls the wallets in the result again. The crawling depth can be increased or decresead with -d option. python3 -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F -d 2 Wallets that have made just a couple of interactions with our target may not be important, Orbit can be told to crawl top N wallets at each level by using the -t option. python3 -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F -t 20 If you want to view the collected data with a graph viewer of your choice, you can use -o option. python3 -s 1AJbsFZ64EpEfS5UAjAfcUG8pH8Jn3rn1F -o output.graphml Support Formats graphml (Supported by most graph viewers) json (For raw processing) This is your terminal dashboard. Visualization Once the scan is complete, the graph will automatically open in your default browser. If it doesn't open, open quark.html manually. Don't worry if your graph looks messy like the one below or worse. Select the Make Clusters option to form clusters using community detection algorithm. After that, you can use Color Clusters to give different colors to each community and then use Spacify option to fix overlapping nodes & edges. The thickness of edges depends on the frequency of transactions between two wallets while the size of a node depends on both transaction frequency and the number of connections of the node. As Orbit uses to render the graph, more information about the various features and controls is available in Quark's README. Download: [Hidden Content]
  11. Tool to Create a Fake Access Point and Sniff Data mitmAP - Combining the power of various tools, such as SSLstrip2, Driftnet, tshark, wireshark, mitmproxy and more, you can create a fake AP and sniff the data of whoever connects to it. _ _ ___ ______ (_) | / _ \ | ___ \ _ __ ___ _| |_ _ __ ___ / /_\ \| |_/ / | '_ ` _ \| | __| '_ ` _ \| _ || __/ | | | | | | | |_| | | | | | | | || | |_| |_| |_|_|\__|_| |_| |_\_| |_/\_| 2.2 A python program to create a fake AP and sniff data. new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture features: SSLstrip2 Driftnet Tshark Full featured access point, with configurable speed limit mitmproxy Wireshark DNS Spoofing Saving results to file requirements: Kali Linux / Raspbian with root privileges A wireless card and an ethernet adapter / 2 wireless card Python3 (mitmAP will install the dependenices, you don't have to do it) downloading: [Hide]"git clone [Hidden Content]] starting: Kali Linux -> "sudo python3" Raspberry PI -> "sudo python3" Important: At the first run, choose 'y' on installing dependencies and on creating the config files! disclaimer: I'm not responsible for anything you do with this program, so please only use it for good and educational purposes.
  12. dEEpEst

    Davoset DDos Tool

    Davoset DDos Tool Davoset is command line tool for conducting DDoS attacks on the sites via other sites using Abuse of Functionality vulnerabilities at other sites. Video: [Hidden Content] Download: [HIDE][Hidden Content]]
  13. identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. [Hidden Content] AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing. [HIDE][Hidden Content]]
  14. Dark Scrape OSINT Tool to find Media Links in Tor Sites Features Download Media Scrape From Single Url Face Recognition Scraping From Files Txt Csv Excel Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux [HIDE][Hidden Content]]
  15. identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. [Hidden Content] AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing. Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference. Changelog v1.0.118 Adding signatures for new WAF (Wapples) [HIDE][Hidden Content]]
  16. Cat-Nip Automated Basic Pentest Tool this tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic. Pentest Tools Auto Executed With Cat-Nip Whois Lookup DNSmap Nmap Dmitry Theharvester Load Balancing Detector SSLyze Automater Ua Tester Gobuster Grabber Parsero Uniscan And More Tool Soon [HIDE][Hidden Content]]
  17. Penta (PENTest + Automation tool) Penta is a Pentest automation tool using Python3. Main menu Port scanning To check ports for a target. Log output supported. Nmap To check ports by additional means using nmap Check HTTP option methods To check the methods (e.g. GET, POST) for a target. Grab DNS server info To show the info about DNS server. Shodan host search To collect host service info from Shodan. Request Shodan API key to enable the feature. FTP connect with anonymous To check if it has anonymous access activated in port 21. FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it. Anyone can log in to the server if the administrator has allowed an FTP connection with anonymous login. SSH connect with Brute Force To check ssh connection to scan with Brute Force. Dictionary data is in data/dict. [HIDE][Hidden Content]]
  18. Dirble is a website directory scanning tool for Windows and Linux. It’s designed to be fast to run and easy to use. Changelog v1.4 Added Add ability to do scans using HEAD and POST requests Directories which return 401 and 403 codes are no longer scanned by default Not found detection now can detect response lengths that vary by the URL length Added dockerfile to git repository Commit hashes are now displayed with the version number in local builds Changed Wordlist items now have a leading and trailing slash removed Default wordlist location checks have been improved SimpleLog crate now used to print additional scanning information Silent and verbose flags now affect logging level Output for listable directories now has a bold L Wordlist splitting of initial URLs is increased Fixed Disable recursion flag now works as intended Validator always defaulting to 404 [HIDE][Hidden Content]]
  19. Python3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station. Features Generate a dictionary list using Cartesian product method, support custom dictionary list Random UserAgent, XFF, X-Real-IP Customize 404-page recognition, access random pages and then compare the similarities through difflib to identify custom 302 jumps When scanning the directory, first detect the http port and add multiple http ports of one host to the scan target. Filter invalid Content-Type, invalid status? WAF/CDN detection Use the socket to send packets to detect common ports and send different payload detection port service fingerprints. Hosts that encounter full port open (portspoof) automatically skip Call wappalyzer.json and WebEye to determine the website fingerprint It is detected that the CDN or WAF website automatically skips Call nmap to identify the operating system fingerprint Call weak password detection script based on port open (FTP/SSH/TELNET/Mysql/MSSQL…) Call POC scan based on fingerprint identification or port, or click on the open WEB port of IP Analyze sensitive asset information (domain name, mailbox, apikey, password, etc.) in the js file Grab website connections, test SQL injection, LFI, etc. Call some online interfaces to obtain information such as VT, and other websites, determine the real IP through VT pdns, and query the website by and [HIDE][Hidden Content]]
  20. The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules Modules return results via a common interface, which permits consolidated reporting and artefact generation Should be very easy to run regardless of the type of project that you’re scanning How it works Hawkeye is designed to be extensible by adding modules and writers. Add modules in the modules folder. Add writers in the writers folder. Modules Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met. For example: The npm outdated module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning. Generic Modules files-ccnumber: Scans for suspicious file contents that are likely to contain credit card numbers files-contents: Scans for suspicious file contents that are likely to contain secrets files-entropy: Scans files for strings with high entropy that are likely to contain passwords. Entropy scanning is disabled by default because of the high number of false positives. It is useful to scan codebases every now and then for keys, in which case please run it please using the -m files-entropy switch. files-secrets: Scans for suspicious filenames that are likely to contain secrets Java java-find-secbugs: Finds common security issues in Java code with findsecbugs java-owasp: Scans Java projects for gradle/maven dependencies with known vulnerabilities with the OWASP dependency checker Node.js node-crossenv: Scans node projects for known malicious crossenv dependencies node-npmaudit: Checks node projects for dependencies with known vulnerabilities with npm audit node-npmoutdated: Checks node projects for outdated npm modules with npm outdated PHP php-security-checker: Checks whether the composer.lock contains dependencies with known vulnerabilities using security-checker Python python-bandit: Scans for common security issues in Python code with bandit. python-piprot: Scans python dependencies for out of date packages with piprot python-safety: Checks python dependencies for known security vulnerabilities with the safety tool. Ruby ruby-brakeman: Statically analyzes Rails code for security issues with Brakeman. ruby-bundler-scan: Scan for Ruby gems with known vulnerabilities using bundler Adding a module If you have an idea for a module, please feel free open a feature request in the issues section. If you have a bit of time left, please consider sending us a pull request. To see modules work, please head over to the modules folder to find how things are working. Changelog v1.6 Update OWASP dependency check and bundle-audit at build time, no updates at runtime Remove the superfluous node-crossenv module Use temporary file for brakeman report instead of spamming the target folder Use temporary file for findsecbugs report instead of spamming the target folder Remove floating ruby dependencies [HIDE][Hidden Content]]
  21. Features: [+] Multi Threaded [+] Filter & Sort easily by one click! [+] Socks 4/5 Checker [+] Deep Scan for scraping proxies [NEW!] [+] Export as CSV (Excel) [NEW!] [+] Check Valid Proxy Sources [+] Auto saves proxies separately (Elite/Anon/Transparent/Scraped) [+] Load own source to scrape proxy from [+] Auto Removes Duplicate Proxies [+] Export By Country , Proxy Anonymity Type , Url Passed [+] Accurate Results [HIDE][Hidden Content]] Mirror: [HIDE][Hidden Content]] Password:
  22. dEEpEst

    Iky project tool

    Description Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Project - Previous version We want to warn you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with AngularJS as Frontend in the iKy-v1 branch. The reason of changing the Frontend was to update the technology and get an easier way of installation. Video Demo: [Hidden Content] Download: [Hidden Content]
  23. itsMe

    APK Easy Tool 1.55 Portable

    [Hidden Content] Apk Easy Tool is a lightweight application that enables you to manage, sign, compile and decompile the APK files for the apps you are working on. Allows you to manage the updates and fixes from one place The program comes with a clean and user-friendly interface that is unlikely to give you troubles. You can get started by selecting the desired file via the browsing function of the tool or drag and drop. The interface displays various information about the APK files, including package name, version, minimum SDK version and version code. From the main window, you can make the desired modifications as the main functions and additional options are all available in this tab. Speaking of functionality, some of the main operations you can perform via this tool, you can count compiling, decompiling, signing, extracting and installing the APK. In case you are working with ROMs only, then you can make further changes from the Framework tab. Moreover, if you feel you missed something, you can check all operations performed from the Log output tab. A straightforward app for managing APK files efficiently A noteworthy feature of the tool is that you can create the new code separately and overwrite the current APK with a simple drag and drop. It goes without saying that this operation can save you a lot of time and effort. In the eventuality that you provide frequent fixes and updates for your Android games or tools and want to be able to manage this processes smoother, then perhaps Apk Easy Tool could come in handy. Requirements: - Windows 7 or above - .NET Framework 4.6.2 or above - Java SE/JDK for decompile, compile, and sign APK. If you don't have Java installed, you can only use Zipalign or Install APK. Download and install Java SE/JDK now Features: Decompile/Compile Decomile and compile APK, DEX and JAR files, with SPACE, symbols and germany, danish, swedish etc... characters support. Can cancel during operation Sign/Zipalign Signing and ZipAligning of APK/JAR files. Can cancel during operation Extract/Zip APK Extract and zip APK with 7z Compression-level 0-9. Can cancel during operation APK Infomation Show APK infomation with icon using aapt dump badging and link to Play Store Framework Install your framework and manage framework paths Log output View your logs to find errors. Set date to view your previous logs Sided log output is only available for higher resolution with 1250 width and above. Options Change options of tool, decompile, compile, sign and zipalign. Options: Java heap, Apktool version, apksigner version, directories, java path, Windows explorer integration, remeber window position and more All options and textboxes are saved as config.xml and will load on launch Quick options on main. Drag and drop Drop APK, DEX, JAR files and Decompiled folder on buttons to perform actions. Drop outside buttons to select/open as file/folder Apktool.jar version selection Can switch to other versions of apktool.kar on options Add other apktool.jar in "Apktool" folder Shortcuts 4 buttons to open work directories of decompiled APK, compiled APK, extracted APK and zipped APK Jumplist shortcuts Windows explorer integration Do actions by just right-clicking on APK file and choose the following options, decomile or compile APK, DEX, and JAR files, Zipalign APK, Check align, Sign APK and Install APK
  24. OSINT Tool For Scraping Dark Websites Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux [HIDE][Hidden Content]]
  25. Raccoon Offensive Security Tool for Reconnaissance and Information Gathering Features DNS details DNS visual mapping using DNS dumpster WHOIS information TLS Data - supported ciphers, TLS versions, certificate details and SANs Port Scan Services and scripts scan URL fuzzing and dir/file detection Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce Web application data retrieval: CMS detection Web server info and X-Powered-By robots.txt and sitemap extraction Cookie inspection Extracts all fuzzable URLs Discovers HTML forms Retrieves all Email addresses Scans target for vulnerable S3 buckets and enumerates them for sensitive files Detects known WAFs Supports anonymous routing through Tor/Proxies Uses asyncio for improved performance Saves output to files - separates targets by folders and modules by files Roadmap and TODOs Expand, test, and merge the "owasp" branch with more web application attacks and scans (#28) Support more providers for vulnerable storage scan (#27) Add more WAFs, better detection OWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.) Support multiple hosts (read from file) Rate limit evasion IP ranges support CIDR notation support More output formats (JSON at the very least) About Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously. Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments. For more options - see "Usage". Installation For the latest stable version: pip install raccoon-scanner # To run: raccoon [OPTIONS] Please note Raccoon requires Python3.5+ so may need to use pip3 install raccoon-scanner. You can also clone the GitHub repository for the latest features and changes: git clone [Hidden Content] cd Raccoon python install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used # Or python develop # Changes to code will be reflected in calls to raccoon. This can be undone by using python develop --uninstall # Finally raccoon [OPTIONS] [TARGET] macOS To support Raccoon on macOS you need to have gtimeout on your machine. gtimeout can be installed by running brew install coreutils. Docker # Build the docker image docker build -t evyatarmeged/raccoon . # Run a scan, As this a non-root container we need to save the output under the user's home which is /home/raccoon docker run --name raccoon evyatarmeged/raccoon:latest -o /home/raccoon Prerequisites Raccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon. OpenSSL is also used for TLS/SSL scans and should be installed as well. Usage Usage: raccoon [OPTIONS] TARGET Options: --version Show the version and exit. -d, --dns-records TEXT Comma separated DNS records to query. Defaults to: A,MX,NS,CNAME,SOA,TXT --tor-routing Route HTTP traffic through Tor (uses port 9050). Slows total runtime significantly --proxy-list TEXT Path to proxy list file that would be used for routing HTTP traffic. A proxy from the list will be chosen at random for each request. Slows total runtime -c, --cookies TEXT Comma separated cookies to add to the requests. Should be in the form of key:value Example: PHPSESSID:12345,isMobile:false --proxy TEXT Proxy address to route HTTP traffic through. Slows total runtime -w, --wordlist TEXT Path to wordlist that would be used for URL fuzzing -T, --threads INTEGER Number of threads to use for URL Fuzzing/Subdomain enumeration. Default: 25 --ignored-response-codes TEXT Comma separated list of HTTP status code to ignore for fuzzing. Defaults to: 302,400,401,402,403,404,503,504 --subdomain-list TEXT Path to subdomain list file that would be used for enumeration -sc, --scripts Run Nmap scan with -sC flag -sv, --services Run Nmap scan with -sV flag -f, --full-scan Run Nmap scan with both -sV and -sC -p, --port TEXT Use this port range for Nmap scan instead of the default --vulners-nmap-scan Perform an NmapVulners scan. Runs instead of the regular Nmap scan and is longer. --vulners-path TEXT Path to the custom nmap_vulners.nse script.If not used, Raccoon uses the built-in script it ships with. -fr, --follow-redirects Follow redirects when fuzzing. Default: False (will not follow redirects) --tls-port INTEGER Use this port for TLS queries. Default: 443 --skip-health-check Do not test for target host availability --no-url-fuzzing Do not fuzz URLs --no-sub-enum Do not bruteforce subdomains --skip-nmap-scan Do not perform an Nmap scan -q, --quiet Do not output to stdout -o, --outdir TEXT Directory destination for scan output --help Show this message and exit. Screenshots Web application data including vulnerable S3 bucket: HTB challenge example scan: Nmap vulners scan results: Results folder tree after a scan: Contributing Any and all contributions, issues, features and tips are welcome. Download: [HIDE][Hidden Content]]