Search the Community

Showing results for tags 'tool'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 70 results

  1. identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. [Hidden Content] AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing. [HIDE][Hidden Content]]
  2. Dark Scrape OSINT Tool to find Media Links in Tor Sites Features Download Media Scrape From Single Url Face Recognition Scraping From Files Txt Csv Excel Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux [HIDE][Hidden Content]]
  3. identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. [Hidden Content] AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing. Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference. Changelog v1.0.118 Adding signatures for new WAF (Wapples) [HIDE][Hidden Content]]
  4. Cat-Nip Automated Basic Pentest Tool this tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic. Pentest Tools Auto Executed With Cat-Nip Whois Lookup DNSmap Nmap Dmitry Theharvester Load Balancing Detector SSLyze Automater Ua Tester Gobuster Grabber Parsero Uniscan And More Tool Soon [HIDE][Hidden Content]]
  5. Penta (PENTest + Automation tool) Penta is a Pentest automation tool using Python3. Main menu Port scanning To check ports for a target. Log output supported. Nmap To check ports by additional means using nmap Check HTTP option methods To check the methods (e.g. GET, POST) for a target. Grab DNS server info To show the info about DNS server. Shodan host search To collect host service info from Shodan. Request Shodan API key to enable the feature. FTP connect with anonymous To check if it has anonymous access activated in port 21. FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it. Anyone can log in to the server if the administrator has allowed an FTP connection with anonymous login. SSH connect with Brute Force To check ssh connection to scan with Brute Force. Dictionary data is in data/dict. [HIDE][Hidden Content]]
  6. Dirble is a website directory scanning tool for Windows and Linux. It’s designed to be fast to run and easy to use. Changelog v1.4 Added Add ability to do scans using HEAD and POST requests Directories which return 401 and 403 codes are no longer scanned by default Not found detection now can detect response lengths that vary by the URL length Added dockerfile to git repository Commit hashes are now displayed with the version number in local builds Changed Wordlist items now have a leading and trailing slash removed Default wordlist location checks have been improved SimpleLog crate now used to print additional scanning information Silent and verbose flags now affect logging level Output for listable directories now has a bold L Wordlist splitting of initial URLs is increased Fixed Disable recursion flag now works as intended Validator always defaulting to 404 [HIDE][Hidden Content]]
  7. Python3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station. Features Generate a dictionary list using Cartesian product method, support custom dictionary list Random UserAgent, XFF, X-Real-IP Customize 404-page recognition, access random pages and then compare the similarities through difflib to identify custom 302 jumps When scanning the directory, first detect the http port and add multiple http ports of one host to the scan target. Filter invalid Content-Type, invalid status? WAF/CDN detection Use the socket to send packets to detect common ports and send different payload detection port service fingerprints. Hosts that encounter full port open (portspoof) automatically skip Call wappalyzer.json and WebEye to determine the website fingerprint It is detected that the CDN or WAF website automatically skips Call nmap to identify the operating system fingerprint Call weak password detection script based on port open (FTP/SSH/TELNET/Mysql/MSSQL…) Call POC scan based on fingerprint identification or port, or click on the open WEB port of IP Analyze sensitive asset information (domain name, mailbox, apikey, password, etc.) in the js file Grab website connections, test SQL injection, LFI, etc. Call some online interfaces to obtain information such as VT, and other websites, determine the real IP through VT pdns, and query the website by and [HIDE][Hidden Content]]
  8. The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules Modules return results via a common interface, which permits consolidated reporting and artefact generation Should be very easy to run regardless of the type of project that you’re scanning How it works Hawkeye is designed to be extensible by adding modules and writers. Add modules in the modules folder. Add writers in the writers folder. Modules Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met. For example: The npm outdated module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning. Generic Modules files-ccnumber: Scans for suspicious file contents that are likely to contain credit card numbers files-contents: Scans for suspicious file contents that are likely to contain secrets files-entropy: Scans files for strings with high entropy that are likely to contain passwords. Entropy scanning is disabled by default because of the high number of false positives. It is useful to scan codebases every now and then for keys, in which case please run it please using the -m files-entropy switch. files-secrets: Scans for suspicious filenames that are likely to contain secrets Java java-find-secbugs: Finds common security issues in Java code with findsecbugs java-owasp: Scans Java projects for gradle/maven dependencies with known vulnerabilities with the OWASP dependency checker Node.js node-crossenv: Scans node projects for known malicious crossenv dependencies node-npmaudit: Checks node projects for dependencies with known vulnerabilities with npm audit node-npmoutdated: Checks node projects for outdated npm modules with npm outdated PHP php-security-checker: Checks whether the composer.lock contains dependencies with known vulnerabilities using security-checker Python python-bandit: Scans for common security issues in Python code with bandit. python-piprot: Scans python dependencies for out of date packages with piprot python-safety: Checks python dependencies for known security vulnerabilities with the safety tool. Ruby ruby-brakeman: Statically analyzes Rails code for security issues with Brakeman. ruby-bundler-scan: Scan for Ruby gems with known vulnerabilities using bundler Adding a module If you have an idea for a module, please feel free open a feature request in the issues section. If you have a bit of time left, please consider sending us a pull request. To see modules work, please head over to the modules folder to find how things are working. Changelog v1.6 Update OWASP dependency check and bundle-audit at build time, no updates at runtime Remove the superfluous node-crossenv module Use temporary file for brakeman report instead of spamming the target folder Use temporary file for findsecbugs report instead of spamming the target folder Remove floating ruby dependencies [HIDE][Hidden Content]]
  9. Features: [+] Multi Threaded [+] Filter & Sort easily by one click! [+] Socks 4/5 Checker [+] Deep Scan for scraping proxies [NEW!] [+] Export as CSV (Excel) [NEW!] [+] Check Valid Proxy Sources [+] Auto saves proxies separately (Elite/Anon/Transparent/Scraped) [+] Load own source to scrape proxy from [+] Auto Removes Duplicate Proxies [+] Export By Country , Proxy Anonymity Type , Url Passed [+] Accurate Results [HIDE][Hidden Content]]
  10. dEEpEst

    Iky project tool

    Description Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Project - Previous version We want to warn you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with AngularJS as Frontend in the iKy-v1 branch. The reason of changing the Frontend was to update the technology and get an easier way of installation. Video Demo: [Hidden Content] Download: [Hidden Content]
  11. itsMe

    APK Easy Tool 1.55 Portable

    [Hidden Content] Apk Easy Tool is a lightweight application that enables you to manage, sign, compile and decompile the APK files for the apps you are working on. Allows you to manage the updates and fixes from one place The program comes with a clean and user-friendly interface that is unlikely to give you troubles. You can get started by selecting the desired file via the browsing function of the tool or drag and drop. The interface displays various information about the APK files, including package name, version, minimum SDK version and version code. From the main window, you can make the desired modifications as the main functions and additional options are all available in this tab. Speaking of functionality, some of the main operations you can perform via this tool, you can count compiling, decompiling, signing, extracting and installing the APK. In case you are working with ROMs only, then you can make further changes from the Framework tab. Moreover, if you feel you missed something, you can check all operations performed from the Log output tab. A straightforward app for managing APK files efficiently A noteworthy feature of the tool is that you can create the new code separately and overwrite the current APK with a simple drag and drop. It goes without saying that this operation can save you a lot of time and effort. In the eventuality that you provide frequent fixes and updates for your Android games or tools and want to be able to manage this processes smoother, then perhaps Apk Easy Tool could come in handy. Requirements: - Windows 7 or above - .NET Framework 4.6.2 or above - Java SE/JDK for decompile, compile, and sign APK. If you don't have Java installed, you can only use Zipalign or Install APK. Download and install Java SE/JDK now Features: Decompile/Compile Decomile and compile APK, DEX and JAR files, with SPACE, symbols and germany, danish, swedish etc... characters support. Can cancel during operation Sign/Zipalign Signing and ZipAligning of APK/JAR files. Can cancel during operation Extract/Zip APK Extract and zip APK with 7z Compression-level 0-9. Can cancel during operation APK Infomation Show APK infomation with icon using aapt dump badging and link to Play Store Framework Install your framework and manage framework paths Log output View your logs to find errors. Set date to view your previous logs Sided log output is only available for higher resolution with 1250 width and above. Options Change options of tool, decompile, compile, sign and zipalign. Options: Java heap, Apktool version, apksigner version, directories, java path, Windows explorer integration, remeber window position and more All options and textboxes are saved as config.xml and will load on launch Quick options on main. Drag and drop Drop APK, DEX, JAR files and Decompiled folder on buttons to perform actions. Drop outside buttons to select/open as file/folder Apktool.jar version selection Can switch to other versions of apktool.kar on options Add other apktool.jar in "Apktool" folder Shortcuts 4 buttons to open work directories of decompiled APK, compiled APK, extracted APK and zipped APK Jumplist shortcuts Windows explorer integration Do actions by just right-clicking on APK file and choose the following options, decomile or compile APK, DEX, and JAR files, Zipalign APK, Check align, Sign APK and Install APK
  12. OSINT Tool For Scraping Dark Websites Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux [HIDE][Hidden Content]]
  13. Raccoon Offensive Security Tool for Reconnaissance and Information Gathering Features DNS details DNS visual mapping using DNS dumpster WHOIS information TLS Data - supported ciphers, TLS versions, certificate details and SANs Port Scan Services and scripts scan URL fuzzing and dir/file detection Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce Web application data retrieval: CMS detection Web server info and X-Powered-By robots.txt and sitemap extraction Cookie inspection Extracts all fuzzable URLs Discovers HTML forms Retrieves all Email addresses Scans target for vulnerable S3 buckets and enumerates them for sensitive files Detects known WAFs Supports anonymous routing through Tor/Proxies Uses asyncio for improved performance Saves output to files - separates targets by folders and modules by files Roadmap and TODOs Expand, test, and merge the "owasp" branch with more web application attacks and scans (#28) Support more providers for vulnerable storage scan (#27) Add more WAFs, better detection OWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.) Support multiple hosts (read from file) Rate limit evasion IP ranges support CIDR notation support More output formats (JSON at the very least) About Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously. Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments. For more options - see "Usage". Installation For the latest stable version: pip install raccoon-scanner # To run: raccoon [OPTIONS] Please note Raccoon requires Python3.5+ so may need to use pip3 install raccoon-scanner. You can also clone the GitHub repository for the latest features and changes: git clone [Hidden Content] cd Raccoon python install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used # Or python develop # Changes to code will be reflected in calls to raccoon. This can be undone by using python develop --uninstall # Finally raccoon [OPTIONS] [TARGET] macOS To support Raccoon on macOS you need to have gtimeout on your machine. gtimeout can be installed by running brew install coreutils. Docker # Build the docker image docker build -t evyatarmeged/raccoon . # Run a scan, As this a non-root container we need to save the output under the user's home which is /home/raccoon docker run --name raccoon evyatarmeged/raccoon:latest -o /home/raccoon Prerequisites Raccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon. OpenSSL is also used for TLS/SSL scans and should be installed as well. Usage Usage: raccoon [OPTIONS] TARGET Options: --version Show the version and exit. -d, --dns-records TEXT Comma separated DNS records to query. Defaults to: A,MX,NS,CNAME,SOA,TXT --tor-routing Route HTTP traffic through Tor (uses port 9050). Slows total runtime significantly --proxy-list TEXT Path to proxy list file that would be used for routing HTTP traffic. A proxy from the list will be chosen at random for each request. Slows total runtime -c, --cookies TEXT Comma separated cookies to add to the requests. Should be in the form of key:value Example: PHPSESSID:12345,isMobile:false --proxy TEXT Proxy address to route HTTP traffic through. Slows total runtime -w, --wordlist TEXT Path to wordlist that would be used for URL fuzzing -T, --threads INTEGER Number of threads to use for URL Fuzzing/Subdomain enumeration. Default: 25 --ignored-response-codes TEXT Comma separated list of HTTP status code to ignore for fuzzing. Defaults to: 302,400,401,402,403,404,503,504 --subdomain-list TEXT Path to subdomain list file that would be used for enumeration -sc, --scripts Run Nmap scan with -sC flag -sv, --services Run Nmap scan with -sV flag -f, --full-scan Run Nmap scan with both -sV and -sC -p, --port TEXT Use this port range for Nmap scan instead of the default --vulners-nmap-scan Perform an NmapVulners scan. Runs instead of the regular Nmap scan and is longer. --vulners-path TEXT Path to the custom nmap_vulners.nse script.If not used, Raccoon uses the built-in script it ships with. -fr, --follow-redirects Follow redirects when fuzzing. Default: False (will not follow redirects) --tls-port INTEGER Use this port for TLS queries. Default: 443 --skip-health-check Do not test for target host availability --no-url-fuzzing Do not fuzz URLs --no-sub-enum Do not bruteforce subdomains --skip-nmap-scan Do not perform an Nmap scan -q, --quiet Do not output to stdout -o, --outdir TEXT Directory destination for scan output --help Show this message and exit. Screenshots Web application data including vulnerable S3 bucket: HTB challenge example scan: Nmap vulners scan results: Results folder tree after a scan: Contributing Any and all contributions, issues, features and tips are welcome. Download: [HIDE][Hidden Content]]
  14. Spy MAX Remote control system in Android systems with simple graphical interfaces and easy to use requirements Java NET framework 4.5 The program is compatible with the following Microsoft Windows application windows 10 windows 8 windows 7 windows Pach is compatible with modern Android systems 9.0 - eBay 8.0 - Orio / oreo 7.0 - Noga / nougat 6.0 - Marshmallow One of the most important features Multi-port Size 18.5 KB / Clean Encode with insertion point Run more than one patch on one phone Secure data sent and received over the network Ability to control the program settings to suit your needs and your own taste And other features .. Explanation Code: +----------------------+ | [1] Files Manager | | [2] SMS Manager | | [3] Calls Manager | | [4] Contacts Manager | | [5] Location Manager | > +--+[6] GPS | | | | | +--+[7] GSM | [8] Account Manager | | [9] Camera Manager | > +--+[10] Front | | | | | +--+[11] Back | [12] Shell Terminal | | [13] informations | | [14] Applications | | [15] Microphone | | [16] Server | > +--+[17] EditSocket | | | +----------------------+ +--+[18] Restart | +--+[19] Rename | +--+[20] Close [1] files [2] Messages [3] Calling [4] Contact [5] Location [6] Global Positioning System (GPS) [7] Global System for Mobile communications (GSM) [8] Calculations [9] What is your favorite camera? [10] Front camera [11] Rear camera [12] Execution of linux commands [13] Information [14] Installed applications [15] The microphone [16] server [17] Editing or modifying the communication [18] Restart the connection [19] Renaming contact [20] Close the connection after restarting the phone Code: +---------------+ | | | [1] Build | | | | [2] Settings | | | | [3] About | | | | [4] Exit | | | +---------------+ [1] Window Builder Patch [2] Settings [3] About the program 4 Code: +-----------------------------------------+ | [1] connection | | + | | +-> [2] dynamic DNS/ip +--+ | | v | | +----------------------+ | | | | | +-> [3] port | | | [8] DNS/ip:port | | | | | | +-> [4] Add | | | | | | | | | +-> [5] DEL | | | | | | | | | +-> [6] up | | | | | | | +----------------------+ +-> [7] down | | | +-----------------------------------------+ [1] Communications [2] Your address is on LAN or WAN external domain [3] Port number Preferably choose a port between 1024 to 65535 [4] Add the title and entry in the list [5] Delete title and port from list [6] Upload contact information up to become a priority in communication [7] Contact information down [8] List of contacts Code: +----------------------------+ |[1] installation | | + | | +--> [2] name of victim | | | | | +--> [3] name patch | | | | | +--> [4] version | | | | | | +-----------+ | | | | | | | +--> | [5] hide | | | | | [6] icon | | | | | [7] doze | | | | | | | | | +-----------+ | | | | | +--> [8] sleep | | | | | +--> [9] futex | | | | | +--> [10] flavor | | | +----------------------------+ [1] Composition [2] Contact Name [3] The name of the patch is the name shown when installed on the phone [4] issue number [5] How to hide the patch after playback [6] Choosing the icon You can add custom icons to the res \ Icons \ Apps folder and the sizes must be 144 in 144 or 192 in 192 pixels [7] In case of non-activation will be restricted to doze system and applications and other artificial intelligence systems and control on activation You can add custom icons to the folder res \ Icons \ Notification The sizes must be 24 in 24 or 32 in 32 pixels [8] You have to set the time in milliseconds. Click on the box to see the timing, it will work under any circumstance doze or other. If you do not need a timer, you can set the value to 0. [9] Generating keys to secure communication and data synchronization Pass the key on the box and the keys will be generated automatically [10] to create different versions after the dot. You must put your own suffix in English only without letters, numbers or symbols Code: +------------------------------------+ | | | +---------------+ +--------+ | | | [1] browse | | [2] OK | | | +---------------+ +--------+ | | | +------------------------------------+ [1] You must install java and then select the bin folder from the operating environment of jre java applications Code: \Java\jre x.x.x\bin [2] Select the patch that is included with the program to configure your settings Code: +------------------------------------------+ | | | [1] socket +> [3] high | | + | | | +> [2] performance+> [4] normal | | | | | | +> [6] Encoding +> [5] low | | | + | | | | | | | +-------+> [7] Default | | | | | | | +> [8] UTF8 | | | | | | | +> [9] UTF32 | | | | | | | +> [10] ASCII | | | | | +> [11] Disconnected | | + | | | | | +----------+-----------+ | | v v | | [12] Close windows [13] Just tell me | | | +------------------------------------------+ [1] The Socket [2] Program performance with communications, processor and data traffic [3] If you have a high-quality device and have lots of connections, you can make the most of the program [4] Using normal mode will work on low and high mode (recommended) [5] If you have a low-specification device and have little communication you can use low mode [6] Character encoding [7] The default codec on your device [8] UTF8 [9] UTF32 [10] ASCII [11] Disconnect [12] Close all active client windows if connection is interrupted [13] You will be notified only when you disconnect and will not close any window Code: +-----------------------------------+ | | | [1] Alert | | + | | +> [2] Show Alert +> [3] Yes | | | | | | | +> [4] No | | | | | +> [5] Location | | + | | +------+------+ | | v v | | [6] Left [7] Right | | | | | +-----------------------------------+ [1] Alert [2] View alert or notification of new customer login or connection [3] Yes if you need to show the alarm [4] No need to show the alarm [5] Alert site on desktop screen [6] Left desktop screen [7] Right desktop screen Code: +---------------------------------------+ | | | [1] Camera Manager | | + +-> [3] Yes | | +> [2] Auto focus | | | | +-> [4] No | | | | | | | | +> [5] Effects +-> [7] Gray | | | + | | | | +-+-------> [8] Raw-01 | | | | | | | | v +-> [9] Raw-02 | | | [6] Normal | | | | | | | | | | | +> [10] Quality | | + | | +---+--> [11] Auto | | | | | v | | [12] high quality | | | +---------------------------------------+ [1] Camera settings [2] Auto focus [3] Autofocus activation (not recommended) [4] Auto focus is inactive [5] Effects [6] without any default effect [7] Gradient effect [8] Raw Impact 01 model click here [9] The raw effect 02 is similar to the impact of crude 01 and the difference coloration of the model model click here [10] Broadcast quality [11] Automatic depending on the speed of communication between the parties [12] Top quality (not recommended) Code: +---+ +---------------------------------------+ | | | | | | [1] Location Manager | | | | + | | | | | | | | | +---> [2] Style | | | | + | | | | | | | | | +--> [3] Silver | | | | | | | | | [4] Aubergine <--+ | | | | | | | | | +--> [5] Dark | | | | | | | | | [6] Standard <--+ | | | | | | | +---------------------------------------+ | +---+ [1] Site settings [2] Map format [3] Silver model click here [4] Eggplant Form Click Here [5] Dark model click here [6] Basic Form Click Here Code: +------------------------------------+ |[1] Saving data | | + + | | | | | | | +>[2] Auto save | | | + | | | +----------+-----------+ | | | | | | | | +-> [3] No [4] Yes <-+ | | | | | + | |[5] Colors | | + + | | | +---------+ | | | | | | + | | |[10] Font | | | + +-> [6] Foreground | | | | | | +-----+ +-> [7] Background | | | | | | +-> [11] Size +-> [8] Titles | | | | | | +-> [12] Style +-> [9] New Files | | | +------------------------------------+ [1] Save data [2] Autosave [3] No data saving will appear on the records. You can save them again [4] Yes to save data automatically Records and data will be saved in the client folder Use (Firefox - Google Chrome) to open the records [5] Color in the sample program click here [6] Color Foreground - one color includes text, buttons, icons, etc. [7] Background color - one color will be used in the program background [8] Color Titles [9] Color of new files shared or modified by user or software [10] Program line [11] font size [12] Style font - bold or regular Show client folder Two clicks on the contacts To show contact information, click on the first column Total frames per second = FPS (Frames Per Second) Size = one frame size 170.25kb = 15fps * 11.35KB total size per second The accuracy of the site was less than all the best. The correct location is almost 0 to 75.0 = Accuracy Speedometer in kilometers per hour The speed of the vehicle or any other vehicle is measured = km / h Go to Google Maps two clicks on the map Zoom the map with the mouse wheel or the keyboard up or down To the end of the explanation here was to cover the most important details in the program If you encounter problems with the program, write down the details of the bugs, and they will be fixed in the next version. [Hidden Content] Download: [HIDE][Hidden Content]] Password:
  15. EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is project is a proof of concept, intended for use on machines you own. Download: [HIDE]. [Hidden Content]]
  16. Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...) Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest. This script uses some webpages generated by SocialFish Tool ([Hidden Content]) Instagram webpage generated by An0nUD4Y (@its_udy) ([Hidden Content]) Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github, Yahoo, Protonmail, Google, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Pinterest +1 customizable Features: Port Forwarding using Ngrok or Serveo Legal disclaimer: Usage of Shellphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [HIDE][Hidden Content]]
  17. DISCLAIMER Stitch is for education/research purposes only. The author takes NO responsibility and/or liability for how you choose to use any of the tools/source code/any files provided. The author and anyone affiliated with will not be liable for any losses and/or damages in connection with use of ANY files provided with Stitch. By using Stitch or any files included, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again Stitch and ALL files included are for EDUCATION and/or RESEARCH purposes ONLY. Stitch is ONLY intended to be used on your own pentesting labs, or with explicit consent from the owner of the property being tested. About Stitch A Cross Platform Python Remote Administration Tool: This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on. Features Cross Platform Support Command and file auto-completion Antivirus detection Able to turn off/on display monitors Hide/unhide files and directories View/edit the hosts file View all the systems environment variables Keylogger with options to view status, start, stop and dump the logs onto your host system View the location and other information of the target machine Execute custom python scripts which return whatever you print to screen Screenshots Virtual machine detection Download/Upload files to and from the target system Attempt to dump the systems password hashes Payloads' properties are "disguised" as other known programs Windows Specific Display a user/password dialog box to obtain user password Dump passwords saved via Chrome Clear the System, Security, and Application logs Enable/Disable services such as RDP,UAC, and Windows Defender Edit the accessed, created, and modified properties of files Create a custom popup box View connected webcam and take snapshots View past connected wifi connections along with their passwords View information about drives connected View summary of registry values such as DEP Mac OSX Specific Display a user/password dialog box to obtain user password Change the login text at the user's login screen Webcam snapshots Mac OSX/Linux Specific SSH from the target machine into another host Run sudo commands Attempt to bruteforce the user's password using the passwords list found in Tools/ Webcam snapshots? (untested on Linux) Implemented Transports All communication between the host and target is AES encrypted. Every Stitch program generates an AES key which is then put into all payloads. To access a payload the AES keys must match. To connect from a different system running Stitch you must add the key by using the showkey command from the original system and the addkey command on the new system. Implemented Payload Installers The "stitchgen" command gives the user the option to create NSIS installers on Windows and Makeself installers on posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the firewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer places the payload and attempts to add persistence. To create NSIS installers you must download and install NSIS. Wiki Crash Course of Stitch Requirements Python 2.7 For easy installation run the following command that corresponds to your OS: # for Windows pip install -r win_requirements.txt # for Mac OSX pip install -r osx_requirements.txt # for Linux pip install -r lnx_requirements.txt Pycrypto Requests Colorama PIL Windows Specific Py2exe pywin32 Mac OSX Specific PyObjC Mac OSX/Linux Specific PyInstaller pexpect To Run python or ./ Motivation My motivation behind this was to advance my knowledge of python, hacking, and just to see what I could accomplish. Was somewhat discouraged and almost abandoned this project when I found the amazing work done by n1nj4sec, but still decided to put this up since I had already come so far. Other open-source Python RATs for Reference vesche/basicRAT n1nj4sec/pupy Screenshots Download: [HIDE][Hidden Content]]
  18. Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords. Supported Files RAR Files Legacy ZIP Files PDF Files Linux Shadow Files (zydra can find all the user’s password in the linux shadow file one after the other) [HIDE][Hidden Content]]
  19. dEEpEst

    GhostDelivery Tool

    GhostDelivery Tool This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence + windows antivirus disabling functions. GhostDelivery Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions. Heavy: Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications, injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe) to execute payload when opened, adds a scheduled task called "WindowsDefender" for payload to be run at login and obfuscates the vbs delivery script. This tool also has a serveo function to deliver obfuscated vbs script. Medium: The medium option only delivers/executes payload, creates a scheduled task named "WindowsDefender" to run payload at login for persistence, disables UAC and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path. Light: The light option only delivers/executes payload, creates a scheduled task named "WindowsDefender" to run payload at login for persistence and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path. Prerequisites/requirements: *Python 2.7, Modules imported in script. (random, sys, string, os, time, base64) [Hidden Content]
  20. Powerfull Simple XSS Scanner made with python 3.7 [HIDE][Hidden Content]] Roadmap v0.3B: Added custom options ( --proxy, --user-agent etc... ) v0.3B Patch: Added support for ( form method GET ) v0.4B: Improved Error handling Now Multiple parameters for GET method is Supported
  21. dEEpEst

    Hackers Tool Kit

    hackers-tool-kit Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff to see updates check on my instagram @tuf_unkn0wn install git clone [Hidden Content] cd hackers-tool-kit python Run ROOT IS NOT REQUIRED TO RUN BUT IS RECOMMENDED cd hackers-tool-kit python HTK Secure the file will run the hackers-tool-kit with proxychains and other tools making you anonymous when hacking but some stuff might be slow or not work... to run htk secure look below cd hackers-tool-kit python UPDATES this is where i will try to put the most recent updates everytime you run the script it will switch randomly between different banners added banner option (same thing as clear option just people might not know that clear randomizes the banner) also added more banners added a phpload option added a update file added python and php payload maker [Hidden Content]
  22. Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because brutemap will do it automatically. Brutemap is also equipped with an attack method that makes it easy for you to do account checking or test forms with the SQL injection bypass authentication technique. [HIDE][Hidden Content]]
  23. Brutex is a shell based open source tool to make your work faster. It combines the power of Nmap, Hydra and DNSenum. This tool will automatically run an nmap scan to your target and then it will brute force all the open services for you, such as FTP, SSH and more using Hydra. BruteX ABOUT: Automatically brute force all services running on a target Open ports Usernames Passwords INSTALL: ./ USAGE: brutex target <port> DOCKER: docker build -t brutex . docker run -it brutex target <port> DEMO VIDEO: Download: [HIDE][Hidden Content]]