Search the Community

All in one management system that helps business owners to manage and operate their businesses. [Hidden Content] [hide][Hidden Content]]

Note: blendOS is based on Arch Linux, but you can use any app from any of the distros supported by blendOS, or even install a desktop environment from any of the distros and use the distros in standalone sessions. [Hidden Content]

Sandman is a NTP based backdoor for red team engagements in hardened networks. Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders resulting in wide network accessibility. [Hidden Content]

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. The profile is the type of scan that will be executed by the nmap subprocess. The Ip or target will be provided via argparse. At first the custom nmap scan is run which has all the curcial arguments for the scan to continue. nextly the scan data is extracted from the huge pile of data which has been driven by nmap. the "scan" object has a list of sub data under "tcp" each labled according to the ports opened. once the data is extracted the data is sent to openai API davenci model via a prompt. the prompt specifically asks for an JSON output and the data also to be used in a certain manner. The entire structure of request that has to be sent to the openai API is designed in the completion section of the Program def profile(ip): nm.scan('{}'.format(ip), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln') json_data = nm.analyse_nmap_xml_scan() analize = json_data["scan"] # Prompt about what the quary is all about prompt = "do a vulnerability analysis of {} and return a vulnerabilty report in json".format(analize) # A structure for the request completion = openai.Completion.create( engine=model_engine, prompt=prompt, max_tokens=1024, n=1, stop=None, ) response = completion.choices[0].text return response [Hidden Content]

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! [hide][Hidden Content]]

A cloud-based WhatsApp SAAS system where you can make a bulk campaign along with the WhatsApp bot. As this uses WhatsApp web instance so there is no hazard of banning WhatsApp. [Hidden Content] [hide][Hidden Content]]

This isn't a new thing in the pentesting scene, it's been around for a while. I figured I'd post it here though 😉 If you don't use arch linux, be sure to read the supplied wiki for information on how to install and some basic usage. Try it out in a VM and have some fun 😛

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! Changelog v1.0.12 Bug Fixes: Fix issue when RSSH client binary is run in paths that have spaces, that the space no longer acts as an argument. [hide][Hidden Content]]

SMSLab, is a simple and professional Android App based SMS-sending system that comes with Android Apps and PHP Laravel. Its most the cheaper solution for SMS Business, SMS Marketing and avoiding dnd. It’s developed for those people who are interested to create their own SMS Services or who need a personal SMS system to promote their business. 5 billion people globally send and receive SMS messages. That’s about 65% of the world’s population. 23 billion SMS messages are sent every day worldwide. Expectedly, the number of messages sent daily worldwide is much higher. [Hidden Content] [hide][Hidden Content]]

Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. How does it work? It’s very simple, just organize your steps as follows Use your subdomain grabber script or tools. Pass all collected subdomains to httpx or httprobe to get only live subs. Use your links and URLs tools to grab all waybackurls like waybackurls, gau, gauplus, etc. Use URO tool to filter them and reduce the noise. Grep to get all the links that contain parameters only. You can use Grep or GF tool. Pass the final URLs file to the tool, and it will test them. The final schema of URLs that you will pass to the tool must be like this one [Hidden Content] [Hidden Content] [hide][Hidden Content]]

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! [hide][Hidden Content]]

God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently, It only supports TCP reverse shell but waits a min, it’s a FUD and can give an admin shell from any targeted WINDOWS Machine. The List Of Commands It Supports:- =================================================================================================== BASIC COMMANDS: =================================================================================================== help –> Show This Options terminate –> Exit The Shell Completely exit –> Shell Works In Background And Prompted To C2 Server clear –> Clear The Previous Outputs =================================================================================================== SYSTEM COMMANDS: =================================================================================================== cd –> Change Directory pwd –> Prints Current Working Directory mkdir *dir_name* –> Creates A Directory Mentioned rm *dir_name* –> Deletes A Directoty Mentioned powershell [command] –> Run Powershell Command start *exe_name* –> Start Any Executable By Giving The Executable Name =================================================================================================== INFORMATION GATHERING COMMANDS: =================================================================================================== env –> Checks Enviornment Variables sc –> Lists All Services Running user –> Current User info –> Gives Us All Information About Compromised System av –> Lists All antivirus In Compromised System =================================================================================================== DATA EXFILTRATION COMMANDS: =================================================================================================== download *file_name* –> Download Files From Compromised System upload *file_name* –> Uploads Files To Victim Pc =================================================================================================== EXPLOITATION COMMANDS: =================================================================================================== persistence1 –> Persistance Via Method 1 persistence2 –> Persistance Via Method 2 get –> Download Files From Any URL chrome_pass_dump –> Dump All Stored Passwords From Chrome Bowser wifi_password –> Dump Passwords Of All Saved Wifi Networks keylogger –> Starts Key Logging Via Keylogger dump_keylogger –> Dump All Logs Done By Keylogger python_install –> Installs Python In Victim Pc Without UI Feature 1. The Payload.py is a FULLY UNDETECTABLE(FUD) use your own techniques for making an exe file. (Best Result When Backdoored With Some Other Legitimate Applications) 2. Able to perform privilege escalation on any Windows system. 3. Fud keylogger 4. 2 ways of achieving persistence 5. Recon automation to save your time. [hide][Hidden Content]]

Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! [hide][Hidden Content]]

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre defined server. Since NTP is a protocol that is overlooked by many defenders resulting in wide network accessibility. Capabilities Getting and executing an arbitrary payload from an attacker’s controlled server. Can work on hardened networks since NTP is usually allowed in FW. Impersonating a legitimate NTP server via IP spoofing. Setup SandmanServer (Setup) Python 3.9 Requirements are specified in the requirements file. [hide][Hidden Content]]

View File [6GB] Ultimate Hacking Archive | Every eBook Based On Hacking Ultimate Hacking Archive | Every eBook Based On Hacking Link: Download Free for users PRIV8 Submitter dEEpEst Submitted 23/06/22 Category Libro Online Password ********  

A multifunctional Android RAT with GUI based Web Panel without port forwarding. Features Read all the files of Internal Storage Download Any Media to your Device from Victims Device Get all the system information of Victim Device Retrieve the List of Installed Applications Retrive SMS Retrive Call Logs Retrive Contacts Send SMS Gets all the Notifications Keylogger Admin Permission Show Phishing Pages to steal credentials through notification. Steal credentials through pre built phishing pages Open any suspicious website through notification to steal credentials. Record Audio Play music in Victim's device Vibrate Device Text To Speech Change Wallpaper Run shell Commands Pre Binded with Instagram Webview Phishing Runs In Background Auto Starts on restarting the device Auto Starts when any notification arrives No port forwarding needed DISCLAIMER TO BE USED FOR EDUCATIONAL PURPOSES ONLY The use of the AIRAVAT is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. [hide][Hidden Content]]

A Burp Suite extension was made to automate the process of finding reverse proxy path-based SSRF. [hide][Hidden Content]]

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a Wi-Fi password with a wordlist can take several hours and can fail, even if you choose a great wordlist because there was no such password in it like Evilcorp2019. Therefore, using the generated wordlist, it is possible to organize a targeted and effective online password check. Features The hashcat rule syntax is used to generate the wordlist. By default, the generator uses a set of rules "online.rule", which performs the following mutations: Adding special characters and popular endings to the end of the word - !,!@, !@#, 123! etc. evilcorp!, evilcorp!123 Adding digits from 1 to 31, from 01 to 12 - evilcorp01, evilcorp12. Adding the date 2018-2023 - evilcorp2018, evilcorp2019 Various combinations of 1-3 - evilcorp2018! Capitalize the first letter and lower the rest, apply 1-4. Evilcorp!2021 As a result, for the word evilcorp, the following passwords will be generated (216 in total): evilcorp Evilcorp EVILCORP evilcorp123456 evilcorp2018 Evilcorp!2021 Evilcorp!2022 Evilcorp2018!@# You can use your own hashcat rules, just click "Show rules" and put in the "Rules" textarea them with the list of rules you like best. Rules that are supported (source [Hidden Content]): [Hidden Content]

ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution. Features Standard tools defined as ansible roles Customizations designed to make security testing easier Variable list to add or remove git repositories, OS packages, or python modules. (threatbox.yml) Version tracking of the deployed instance version and the deploy tool version. This is helpful it meeting compliance rules and can help minimize fear by actively tracking all tools. Threatbox version created at deployment and displayed in desktop wallpaper Deployed software tracked in ~/Desktop/readme SSH port auto-switching. The deployment starts on port 22, but reconfigures the target system to the desired SSH port using the ansible_port variable in threatbox.yml Download and compile several .net toolkits (i.e. SeatBelt.exe from Ghostpack [Hidden Content]) Most python projects installed using pipenv. Use pipenv shell in the project directory to access. See [Hidden Content] for pipenv usage guidance [hide][Hidden Content]]

Debian 11 bullseye based Voyager 11 is Available to Download, Rodolphe Bachelart has announced the availability of Voyager Live 11, a major new release of the project’s Debian-based desktop Linux distribution with a customised GNOME desktop. This version is derived from the recently-released Debian 11 “Bullseye” and it comes with a variety of non-free firmware pre-installed. Voyager Live 11 ships with the GNOME 3.38 desktop, Linux kernel 5.10, Firefox 78.13 and LibreOffice 7.0. This time the release preserved the internal structure of Debian 11 to avoid any security issues and all the package updates come from official Debian mirrors. It is also a more international release as all languages and translations have been preserved. Voyager has improved the “Box” with new scripts, such as the “Switch” script which allows a one-click switch between the environment of Debian 11 and Voyager 11. Other scripts provide ways to modify various Conky options, install GNOME extensions, switch to a PC Tablet mode with one-click screen rotation, Voyager wallpapers, restore options, installation of Wine Staging, among many others. Read the detailed release announcement (in French) for more information, video presentation and screenshots. [Hidden Content]

Ninjutsu-OS is a dedicated Windows 10 OS (Build 1909) that contains more than 800 cybersecurity testing tools. Kali Linux, just from the Windows world. The release is quite fresh, took place on 18.04.2020. The INSTALLATION of the OS itself is no different from the standard Win 10 installation, except that it is noticeably longer. After the OS itself is launched, it will take about 10 minutes to install and customize everything. After all the manipulations we are met with a slightly overloaded (in my opinion) and a very colorful desktop. Now let's see what's inside. In total, more than 800 utilities were included in the assembly. Some of them the author had to adapt to start running under Windows. At the top is a separate bar, which contains all the utilities by category for speed access. The utility categorization is done with an emphasis on OSCP methodology with an eye to categorization in Kali Linux: "Mr.Robot tools kit are the most commonly used utilities and other additional materials, according to the author of the assembly. Personal top, so to speak; " Red Teaming is the most commonly used tool for category testing. In fact, these are all top utilities with all the categories below under one tab; Information Gathering - gathering information; "Exploitation Tools is an exploiting vulnerability Malware analysis Mobile Security Tools - Mobile Testing Network Attack - Network Attacks Password Attacks - password hacking Proxy and Privacy Tools - proxing and anonymizers; - Reverse Engineering is a reverse engineering; Stress Testing - Stress Testing (DDoS); Vulnerability Analysis - Finding vulnerabilities Web Application Attack , web pentest; Wireless Attacks - Wireless Attacks Fuzzing and payloads - phasing and workloads; Remote Control Tools - Remote Control - Utility Tools - other auxiliary utilities (Winrar, MyS'L, etc.); The full list of available utilities can be found on the project's website. The OS is perfect for both pure pentest and people who are engaged in reverse engineering, OSINT or malware analysis. In a few days of work on the OS, I didn't catch any critical bugs or software failures. Tested on machines with Hack the Box plus turned up an additional project on OSINT. [Hidden Content]

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine. Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64 What is it GOOD for? Emulate bare-metal code (bootloaders, embedded firmware, etc) Emulate standalone functions What is it BAD for? Emulate complex OS code (dynamic libraries, processes, etc) Emulate code with many syscalls What can be improved? Find a way to emulate vendor-specific register access (like MSR S3_x, X0 for ARM64) Add more registers to track [hide][Hidden Content]]

GWTMap is a tool to help map the attack surface of Google Web Toolkit (GWT) based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application’s obfuscated client-side code and attempt to generate example GWT-RPC requests payloads to interact with them. [hide][Hidden Content]]

Features [1] Auto Updater Automatically checks for updates when you start the script, and Downloads and Installs if any update is available so. [2] Utilises the Power of CPU-Cores Can utilise Maximum no. of Cores available. This means increases the process of cracking of zip passwords by opening different processes on different independent cores. What this basically does is Split the inputted words from the given WordList and divides them in the no. of Cores Available or Selected and distributes that splitted list among all selected independent cores and work simultaneously ... [hide][Hidden Content]]