Search the Community

This project is heavily work in progress and is being created as a study for me and new reversers in .NET VM to explore and learn about code obfuscation techniques and how to reverse engineer them. The main focus currently of this project is on .NET Reactor 6.9.0.0, which has a simple 1:1 CIL virtual machine. Introduction Code obfuscation is a technique used to protect software code from reverse engineering. It makes the code difficult to understand, analyze, and modify by humans, making it harder for adversaries to access proprietary code or execute malicious attacks. Virtualization is the most common form of code obfuscation. It transforms code into a virtual program that is no longer recognizable as its original source code, allowing it to be executed without the need for a human-readable form. However, this makes it difficult for security analysts to understand the behavior of virtualized programs, as the internal mechanism of commercial obfuscators is a black box. [Hidden Content]

The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server. Main Features The Infection Monkey uses the following techniques and exploits to propagate to other machines. Multiple propagation techniques: Predefined passwords Common logical exploits Password stealing using mimikatz Multiple exploit methods: SSH SMB RDP WMI Shellshock Conficker SambaCry Elastic Search (CVE-2015-1427) Changelog v2.0 Added credentials.json file for storing Monkey Island user login information. #1206 GET /api/propagation-credentials/<string:guid> endpoint for agents to retrieve updated credentials from the Island. #1538 GET /api/island/ip-addresses endpoint to get IP addresses of the Island server network interfaces. #1996 SSHCollector as a configurable System info Collector. #1606 deployment_scrips/install-infection-monkey-service.sh to install an AppImage as a service. #1552 The ability to download the Monkey Island logs from the Infection Map page. #1640 POST /api/reset-agent-configuration endpoint. #2036 POST /api/clear-simulation-data endpoint. #2036 GET /api/registration-status endpoint. #2149 Authentication to /api/island/version. #2109 The ability to customize the file extension used by the ransomware payload when encrypting files. #1242 {GET,POST} /api/agents endpoint. #2362 GET /api/agent-signals endpoint. #2261 GET /api/agent-logs/<uuid:agent_id> endpoint. #2274 GET /api/machines endpoint. #2362 {GET,POST} /api/agent-events endpoints. #2405 GET /api/nodes endpoint. #2155, #2300, #2334 Scrollbar to preview pane’s exploit timeline in the map page. #2455 GET /api/agent-plugins/<string:os>/<string:type>/<string:name> endpoint. #2578, #2811 GET /api/agent-configuration-schema endpoint. #2710 GET /api/agent-plugins/<string:type>/<string:name>/manifest endpoint. #2786 GET /api/agent-binaries/<string:os> endpoint. #1675, #1978 More… [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.1 – Fixed issue with dirsearch installation/command syntax update v9.1 – Updated Nuclei sc0pe templates v9.1 – Fixed issue with Nuclei sc0pe parsers not working v9.1 – Fixed issue with GAU installer/commmand not working v9.1 – Fixed issue with passive URL fetching v9.1 – Fixed issue with nuclei not being installed v9.1 – Removed error in hackertarget URL fetching v9.1 – Added dnsutils to installer to fix missing deps v9.1 – Fixed issue with gau in webscan modes not running v9.1 – Updated subfinder to latest version v9.1 – Added new email spoofing security checks to OSINT mode (-o) v9.1 – Removed spoofcheck.py v9.1 – Updated timeout settings for curl which was causing sockets/scans to hang v9.1 – Fixed issue with Nuclei symlink missing in installer v9.1 – Fixed issue with Nuclei sc0pe parser not parsing results correctly v9.1 – Fixed issue with Dirsearch not running due to invalid command settings v9.1 – Fixed issue with Nuclei templates not being installed v9.1 – Fixed issue with enum4linux command not being installed v9.1 – Fixed HackerTarget API integration v9.1 – Fixed issue with ping command not being installed v9.1 – Fixed issue with carriage returns in conf v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file v9.1 – Added verbose scan notifications for disabled conf options v9.1 – Updated default aux mode options in default sniper.conf [hide][Hidden Content]]

With the help of this automated script, you will never lose track of newly released CVEs. What does this powershell script do is exactly running the Microsoft Edge at system startup, navigate to 2 URLs ,and then put the browser in to full screen mode. As ethical hackers, it's vital that we keep track of the recently released CVEs in order to be fully aware of new threats or vulnerabilities out there in the Internet. Actually, it's a routine task in our day to day lives. So why don't we just automate the whole procedure of opening a browser and navigate to our sources for cheking the new CVEs? The purpose of this tool is to basically, automate the mentioned procedure with the help of powershell scripting. Among all the online sources that are available which publish new CVEs, I've chosen the following 2 URLs and leveraged them in the script. [hide][Hidden Content]]

Reconator is a Framework for automating your process of reconnaissance without any Computing resource (Systemless Recon) free of cost. Its Purely designed to host on Heroku which is a free cloud hosting provider. It performs the work of enumerations along with many vulnerability checks and obtains maximum information about the target domain. It also performs various vulnerability checks like XSS, Open Redirects, SSRF, CRLF, LFI, SQLi, and much more. Along with these, it performs OSINT, fuzzing, dorking, ports scanning, nuclei scan on your target. Reconator receives all the targets that need to be reconed via a Web Interface and adds into the Queue and Notifies via Telebot on start and end of Recon on a target. So this is 100% automated and doesn’t require any manual interaction. 🔥 Features 🔥 Systemless Recon 100% Free Fast scan and Easy to use Permanent storage of Results in DB Notification support via Telegram bot Fully Automated Scanner Easy access via Web UI Queue support allows to add many targets Easy Deploy Easy Recon Runs 24/7 for 22 Days [Heroku – 550 hrs/month free] [hide][Hidden Content]]

Osmedeus is a fully automated vulnerability scanner that analyses system, subdomain, and website to identify security holes. It is a useful security tool that can scan and take screenshots of the target. Osmedeus: Open Source Web Reconnaissance and Vulnerability Scanner Osmedeus is an open-source vulnerability scanner developed to protect your organization against imminent cyber-security threats. It combines the best of intranet and extranet surveillance. The tool has features that exceed most premium scanning and reconnaissance tools in the market. It can be used to scan your target network and server for vulnerabilities. It features an impressive collection of tools such as web technology detection, IP discovery, and way back machine discovery. It can separate workspace to store all scan output and logging details. Finally, it supports a continuous scan and lets you view the scan report from the command line. Furthermore, it is equipped with web technology detection, IP discovery, and way back machine discovery features. The application can separate workspace to store all scan output and details logging. Lastly, it can support a continuous scan and lets you view the scan report from the command line. Osmedeus Architecture Features: Subdomain Scan Subdomain TakeOver Scan Screenshot the target Basic recon like Whois, Dig info Web Technology detection IP Discovery CORS Scan SSL Scan Wayback Machine Discovery URL Discovery Headers Scan Port Scan Vulnerable Scan Separate workspaces to store all scan output and details logging REST API React Web UI Support Continuous Scan Slack notifications Easily view report from commanad line Supported platforms: Kali Linux, *nix OS, and macOS [hide][Hidden Content]]

DRAKVUF Sandbox is an automated black-box malware analysis system with a DRAKVUF engine under the hood. This project provides you with a friendly web interface that allows you to upload suspicious files to be analyzed. Once the sandboxing job is finished, you can explore the analysis result through the mentioned interface and get insight on whether the file is truly malicious or not. Because it is usually pretty hard to set up a malware sandbox, this project also provides you with an installer app that would guide you through the necessary steps and configure your system using settings that are recommended for beginners. At the same time, experienced users can tweak some settings or even replace some infrastructure parts to better suit their needs. Supported hardware&software In order to run DRAKVUF Sandbox, your setup must fullfill all of the listed requirements: Processor: Intel processor with VT-x and EPT features Host system: Debian 10 Buster/Ubuntu 18.04 Bionic/Ubuntu 20.04 Focal with at least 2 core CPU and 5 GB RAM Guest system: Windows 7 (x64), Windows 10 (x64; experimental support) Nested virtualization: KVM does work, however it is considered experimental. If you experience any bugs, please report them to us for further investigation. Due to lack of exposed CPU features, hosting drakvuf-sandbox in cloud is not supported (although it might change in the future) Hyper-V does not work Xen does work out of the box VMware Workstation Player does work, but you need to check Virtualize EPT option for a VM; Intel processor with EPT still required [hide][Hidden Content]]

𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target. Shodan Premium API key is required to use this automation. Output from the 𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is displayed to the screen and saved to files/directories. Features Powerful and flexible results via Shodan Dorks SSL SHA1 checksum/fingerprint Search Only hit In-Scope IPs Verify each IP with SSL/TLS certificate issuer match RegEx Provide Out-Of-Scope IPs Find out all ports including well known/uncommon/dynamic Grab all targets vulnerabilities related to CVEs Banner grab for each IP, Product, OS, Services & Org etc. Grab favicon Icons Generate Favicon Hash using python3 mmh3 Module Favicon Technology Detection using nuclei custom template ASN Scan BGP Neighbour IPv4 & IPv6 Profixes for ASN Interesting Leaks like Indexing, NDMP, SMB, Login, SignUp, OAuth, SSO, Status 401/403/500, VPN, Citrix, Jfrog, Dashboards, OpenFire, Control Panels, Wordpress, Laravel, Jetty, S3 Buckets, Cloudfront, Jenkins, Kubernetes, Node Exports, Grafana, RabbitMQ, Containers, GitLab, MongoDB, Elastic, FTP anonymous, Memcached, DNS Recursion, Kibana, Prometheus, Default Passwords, Protected Objects, Moodle, Spring Boot, Django, Jira, Ruby, Secret Key and many more... [hide][Hidden Content]]

The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance with a target’s account lockout policy the ability to increase the IP pool that authentication attempts originate from for operational security purposes the ability to quickly extend functionality to include newly-encountered authentication platforms v0.1.5 Latest fixed bug in o365 nozzle (thank you jfish) [hide][Hidden Content]]

Disclaimer Any actions and or activities related to Zphisher is solely your responsibility. The misuse of this toolkit can result in criminal charges brought against the persons in question. The contributors will not be held responsible in the event any criminal charges be brought against any individuals misusing this toolkit to break the law. This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way. This Tool is made for educational purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then Get the hell out of here! It only demonstrates "how phishing works". You shall not misuse the information to gain unauthorized access to someones social media. However you may try out this at your own risk. Features Latest and updated login pages. Mask URL support Beginners friendly Docker support (checkout docker-legacy branch) Multiple tunneling options Localhost Ngrok (With or without hotspot) Cloudflared (Alternative of Ngrok) [Hidden Content]

Burp Automation Performing automated scan using Burp Suite Pro & Vmware Burp Rest API with Robot Framework using Python3. It can be also used in Jenkins to perform automated UI tests. This will initiate an automated spider and crawler by leveraging the power of the Burp Scanner along with the burp extender. Once the scan is complete the report is generated in HTML & CSV which is automatically uploaded in the GDrive What it does One-click run using bash installs all the dependencies with verbose prerequisites. Uses python3 and robot framework which is easy to automate. Uses Burp Suite Rest API and runs Burp Suite Professional (pre-activated) in the headless mode along with multiple Burp Suite extensions like additional-scanner-checks, BurpJSLinkFinder, and active-scan-plus-plus. Automatically performs pentest of API/Web endpoint including scope addition and deletion using robot script. Automatically upload reports in CSV & HTML into Google Drive in YYYY-MM-DD format. Slack integration for real-time alerts. [hide][Hidden Content]]

OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanners making it one of the bests. Changelog v0.0.2 Many bugs fixed in this release and we are aiming to stop supporting Python 2.7 after this release and restructure our framework to be faster and better. [hide][Hidden Content]]

MeterPwrShell Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE SCANNER NEVER USE THIS PROGRAM FOR MALICIOUS PURPOSE SPREADING THE PAYLOAD THAT GENERATED BY THIS PROGRAM IS NOT COOL ANY DAMAGE GENERATED BY THIS PROGRAM IS NOT MY (As the program maker) RESPONSIBILTY!!! If you have some feature recommendation,post that on Issue If you have some issue with the program,try redownloading it again (trust me),cause sometimes i edit the release and fix it without telling 😂 If you want to know how tf my payload bypass any AVs,you can check on this and this Dont even try to fork this repository,you'll dont get the releases! Features (v1.5.1) Bypass UAC Automatic Migrate (using PrependMigrate) Built-in GetSYSTEM (if u use the Bypass UAC option) Disable All Firewall Profile (if u use the Bypass UAC option) Fully Bypass Windows Defender Real-time Protection (if you choose shortened payload or using Bypass UAC or both) Disable Windows Defender Security Features (if u use the Bypass UAC option) Fully unkillable payload Bypasses AMSI Successfully (if you choose shortened payload) Short One-Liner (if you choose shortened payload) Bypass Firewall (If you pick an unstaged payload) Great CLI A Lot More (Try it by yourself) [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.0 – Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template v9.0 – Added CVE-2020-17519 – Apache Flink Path Traversal sc0pe template v9.0 – Added RabbitMQ Management Interface Detected sc0pe template v9.0 – Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX v9.0 – Removed vulnscan NMap CSV updates/downloads to save space/bandwidth v9.0 – Added Nuclei sc0pe parser v9.0 – Added Nuclei vulnerability scanner v9.0 – Added WordPress WPScan sc0pe vulnerability parser v9.0 – Fixed issue with wrong WPscan API key command v9.0 – Added CVE-2020-11738 – WordPress Duplicator plugin Directory Traversal sc0pe template v9.0 – Renamed AUTO_VULNSCAN setting to “VULNSCAN” in sniper.conf to perform vulnerability scans via ‘normal’ mode [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.9 – Tuned sniper.conf around performance for all scans and recon modes v8.9 – Added out of scope options to sniper.conf v8.9 – Added automatic HTTP/HTTPS web scans and vulnerability scans to ‘normal’ mode v8.9 – Added SolarWinds Orion Panel Default Credentials sc0pe template v8.9 – Added SolarWinds Orion Panel sc0pe template v8.9 – Fixed issue with theHarvester not running on Kali 2020.4 v8.9 – Added WPScan API support to sniper.conf v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Path Traversal sc0pe template v8.9 – Removed verbose error for chromium on Ubuntu v8.9 – Added CVE-2020-8209 – Citrix XenMobile Server Path Traversal sc0pe template v8.9 – Fixed F+ in CSP Not Enforced sc0pe template v8.9 – Added CVE-2020-14815 – Oracle Business Intelligence Enterprise DOM XSS sc0pe template v8.9 – Fixed issue with dnscan not working in Kali 2020.3 v8.9 – Fixed issue with screenshots not working in Ubuntu 2020 v8.9 – Added Frontpage Service Password Disclosure sc0pe template v8.9 – Removed Yasuo tool [hide][Hidden Content]]

h4rpy is an automated WPA/WPA2 PSK attack tool, wrapper of aircrack-ng framework. h4rpy provides clean interface for automated cracking of WPA/WPA2 PSK networks. h4rpy enables monitor mode on selected wireless interface, scans the wireless space for access points, tries to capture WPA/WPA2 4-way handshake for the acess point, and starts a dictionary attack on the handshake. It is also possible to send disassociate packets to clients associated with access point. [hide][Hidden Content]]

Xerror is an automated penetration tool, which will helps security professionals and nonprofessionals to automate their pentesting tasks. Xerror will do all tests and, at the end generate two reports for executives and analysts. [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details) v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc. v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template v8.8 – Added cPanel Login Found sc0pe template v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template v8.8 – Added PHP Composer Disclosure sc0pe template v8.8 – Added Git Config Disclosure sc0pe template v8.8 – Added updated NMap vulscan DB files v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template v8.8 – Removed UDP port scan settings/options and combined with full portscan ports v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template v8.8 – Added Smuggler HTTP request smuggling detection v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template v8.8 – Added Jaspersoft Detected sc0pe template v8.8 – Added improved dirsearch exclude options to all web file/dir searches v8.8 – Fixed naming conflict for theharvester v8.8 – Created backups of all NMap HTML reports for fullportonly scans v8.8 – Added line limit to GUA URL’s displayed in console [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.7 – Updated web file bruteforce lists v8.7 – Added updated Slack API integration/notifications v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template v8.7 – Added MobileIron Login sc0pe template v8.7 – Added Revive Adserver XSS sc0pe template v8.7 – Added IceWarp Webmail XSS sc0pe template v8.7 – Added Mara CMS v7.5 XSS sc0pe template v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template v8.7 – Added Sitemap.xml Detected sc0pe template v8.7 – Added Robots.txt Detected sc0pe template v8.7 – Added AWS S3 Public Bucket Listing sc0pe template v8.7 – Fixed logic error in stealth mode recon scans not running v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template v8.7 – Fixed F- detection in WordPress Sc0pe templates v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template [hide][Hidden Content]]

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Known Issues Parsing Mimikatz dcsync (working on fix) Bypassing Antivirus and EDRs , you will need to maintain your payloads TODO Encrypted Communication Automated Lateral movement Automated Password Spraying Automated Hash Cracking [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.6 – Added new Sn1per configuration flow that allows persistent user configurations and API key transfer v8.6 – Updated port lists to remove duplicate ports error and slim down list v8.6 – Updated PHP to 7.4 v8.6 – Added CVE-2020-12720 – vBulletin Unauthenticaed SQLi v8.6 – Added CVE-2020-9757 – SEOmatic < 3.3.0 Server-Side Template Injection v8.6 – Added CVE-2020-1147 – Remote Code Execution in Microsoft SharePoint Server v8.6 – Added CVE-2020-3187 – Citrix Unauthenticated File Deletion v8.6 – Added CVE-2020-8193 – Citrix Unauthenticated LFI v8.6 – Added CVE-2020-8194 – Citrix ADC & NetScaler Gateway Reflected Code Injection v8.6 – Added CVE-2020-8982 – Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read v8.6 – Added CVE-2020-9484 – Apache Tomcat RCE by deserialization v8.6 – Added Cisco VPN scanner template v8.6 – Added Tiki Wiki CMS scanner template v8.6 – Added Palo Alto PAN OS Portal scanner template v8.6 – Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection v8.6 – Added delete task workspace function to remove running tasks v8.6 – Added CVE-2020-3452 – Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template v8.6 – Updated theharvester command to exclude github-code search v8.6 – Updated theharvester installer to v3.1 v8.6 – Added urlscan.io API to OSINT mode (-o) v8.6 – Added OpenVAS package to install.sh v8.6 – Added Palo Alto GlobalProtect PAN-OS Portal Sc0pe template v8.6 – Fixed issue with Javascript downloader downloading localhost files instead of target v8.6 – Added CVE-2020-5902 F5 BIG-IP RCE sc0pe template v8.6 – Added CVE-2020-5902 F5 BIG-IP XSS sc0pe template v8.6 – Added F5 BIG-IP detection sc0pe template v8.6 – Added interesting ports sc0pe template v8.6 – Added components with known vulnerabilities sc0pe template v8.6 – Added server header disclosure sc0pe template v8.6 – Added SMBv1 enabled sc0pe template v8.6 – Removed verbose comment from stealth scan [hide][Hidden Content]]

Perform automated network reconnaissance scans to gather network intelligence. IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more. The tool will also launch further enumeration scans for each detected service using a number of different tools. Features Scans multiple targets in the form of IP addresses, IP ranges (CIDR notation) and resolvable hostnames. Scans targets concurrently. Detects live hosts in an IP range (CIDR) network. Customizable port scanning profiles and service enumeration commands. Creates a directory structure for results gathering. Logs commands that were run. Generates shell scripts with commands to be run manually. Extracts important information in txt and markdown format. Stores data to an SQLite database. Generates HTML report. [hide][Hidden Content]]

Trishul Trishul is an automated vulnerability finding Burp Extension. Built with Jython supports real-time vulnerability detection in multiple requests with user-friendly output. This tool was made to supplement testing where results have to be found in a limited amount of time. Currently, the tool supports finding Cross-Site Scripting, SQL Injections, and Server-Side Template Injections. More vulnerabilities would be added in the later versions. Configurations There are a couple of configurations available for a user to use Trishul. To view these configurations, head over to Trishul and view the config tab in the bottom left of the pane. Here is the List of Options Available: Intercept Button: With Intercept Button set to On, the tool will perform a test on all requests flowing to the website added in Scope. This button is restricted to scope as it is not feasible to test all the requests flowing to Burp from multiple domains. This would affect the performance. Auto-Scroll: With Auto-Scroll checked, the tool will scroll automatically to the last tested request. This option is feasible when testing a huge domain with Intercept turned on such that scrolling shouldn’t be a tough job. Detect XSS, SQLi, SSTI – These checkboxes are added if any user wants to only test for a specific vulnerability and want to omit other test cases. Used to obtain much faster results for a specific request. Blind XSS: This textbox is added for users who want to append their Blind XSS Payload for every parameter in a request. To use this, enter your Blind XSS payload (singular) in the text box and click on the Blind XSS Checkbox. Now, for every request passing through Trishul, the value of all parameters in the request would be replaced with the Blind XSS payload. Interpreting Results For every result, Trishul displays one of the three options for each of the vulnerability tested: Found: The vulnerability was successfully detected for the Request parameters. Not Found: The vulnerability was not present in the Request parameters. Possible! Check Manually: The vulnerability may be present. The tester has to reconfirm the finding. The test for these vulnerabilities depends on the parameters in the request. If the request has no parameters, Trishul would not process this request and would show Not Found in all of the vulnerabilities. If any of the Found/Possible! Check Manually is been seen under the vulnerability class for the specific request, the user has to click the result to see the vulnerable parameter displayed under the Vulnerability class in Issues Tab in the bottom left. The user then has to select the parameter displayed under the Vulnerability class and the description for that parameter would be shown to him. The user can then view the Request and Response which was sent from Trishul to determine the vulnerability. On Clicking the Highlighted Response Tab, you will be shown the highlighted text for some of the vulnerability class. For Example Payload reflection for Cross-Site Scripting or Error Based SQLi text shown in response. The Highlighted Response tab was added as there was no option in Burp API to highlight the response text in Burp’s MessageEditor Tab. [hide][Hidden Content]]

OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests. Future IoT Scanner Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… ) Asset Discovery & Network Service Analysis Services Brute Force Testing Services Vulnerability Testing HTTP/HTTPS Crawling, Fuzzing, Information Gathering and … HTML, JSON and Text Outputs API & WebUI This project is at the moment in research and development phase and most of the results/codes are not published yet. Changelog v0.0.1 First Release – drawing a line before adding new features and modules. This release is still contains known bugs and is compatible with both Python 2.7 and python 3.6 [hide][Hidden Content]]

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.5 – Added manual installer for Metasploit v8.5 – Added Phantomjs manual installer v8.5 – Added sc0pe template to check for default credentials via BruteX v8.5 – Added fullportscans to all ‘web’ mode scans to ensure full port coverage v8.5 – Fixed issue with 2nd stage OSINT scans not running v8.5 – Added port values to sc0pe engine to define port numbers v8.5 – Fixed issue with LinkFinder not working v8.5 – Fixed issue with Javascript link parser v8.5 – Added phantomjs dependency to fix webscreenshots on Ubuntu v8.5 – Added http-default-accounts NMap NSE to check for default web credentials v8.5 – Fixed several issues with install.sh to resolve deps on Ubuntu and Kali 2020.2 v8.5 – Removed larger wordlists to reduce install size of Sn1per v8.5 – Added 20+ new active/passive sc0pe templates v8.5 – Fixed issue with installer on latest Kali and Docker builds v8.5 – Fixed custom installer for Arachni v8.5 – Fixed Dockerfile with updated Kali image (CC. @stevemcilwain) [hide][Hidden Content]]