Search the Community

Showing results for tags 'framework'.

The search index is currently processing. Current results may not be complete.


More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 40 results

  1. About arissploit framework INFO: Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools. Why arissploit framework? Arissploit is free software INFO: This is a good platform to start learning penetration testing tools development for free! Simple UX/UI interface INFO: Arissploit has simple UX/UI! It is easy to understand and it will be easier for you to master the Arissploit Framework. A lot of different modules INFO: Arissploit includes wireless modules, bluetooth modules, web modules, network modules, file modules and generator modules. [Hidden Content]
  2. ehtools framework Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it’s easy to install, set up, and utilize. Attacking frameworks Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program. An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself. An example of this we’ve covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what’s happening “under the hood” of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network. Changelog v3.0 EPP updated to v4.0 Added EPP Crypto v1.4 Added login and password encryption Added KDE konsole support! Added ehtools application and ehtapp utility Added a new utility named ehtkey (ehtools key) Updated ehtmod (ehtools modules) Updated Modules to v1.9 and renamed to ehtmod Updated ehtools (now you can stable login to ehtools) Fixed EHT-2019-02776 (nologin) vulnerability! Updated epasswd (now you can change login/password) Removed $EPATH firmware commander shell Removed ehtools update helper (euh) Added snapshots (more information in README.md/Utilities) On this version you can turn off ehtools password protection! Updated ehtools/install.sh and epasswd utility! Added arissploit option! Added ehtools simple shell option! Added reboot and shutdown options! Added update APT sources option! Added some new features to main menu! Updated ehtools PRO UX/UI Impruvements Updated ehtools LITE UX/UI Impruvements [HIDE][Hidden Content]]
  3. Mobile Security Framework (MobSF) Version: v2.0 beta Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots Static Analysis - Android APK Static Analysis - iOS IPA Dynamic Analysis - Android APK Web API Viewer Download: [HIDE][Hidden Content]]
  4. 0x1

    TIDoS Framework

    The TIDoS Framework The Offensive Web Application Penetration Testing Framework. Highlights :- Here is some light on what the framework is all about: - [x] A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. - [x] Has 5 main phases, subdivided into __14 sub-phases__ consisting a total of __108 modules__. - [x] Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules). - [x] Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc) - [x] Vulnerability Analysis Phase has 37 modules (including most common vulnerabilites in action). - [x] Exploits Castle has only 1 exploit. `(purely developmental)` - [x] And finally, Auxillaries have got 4 modules. `more under development` - [x] All four phases each have a `Auto-Awesome` module which automates every module for you. - [x] You just need the domain, and leave everything is to this tool. - [x] TIDoS has full verbose out support, so you'll know whats going on. - [x] Fully user friendly interaction environment. `(no shits)` TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules. So to get started, you need to set your own `API KEYS` for various OSINT & Scanning and Enumeration purposes. To do so, open up `API_KEYS.py` under `files/` directory and set your own keys and access tokens for `SHODAN`, `CENSYS`, `FULL CONTACT`, `GOOGLE` and `WHATCMS`. Finally, as the framework opens up, enter the website name `eg. [Hidden Content]` and let TIDoS lead you. Thats it! Its as easy as that. To update this tool, use `tidos_updater.py` module under `tools/` folder. Flawless Features :- TIDoS Framework presently supports the following: Other Tools: net_info.py - Displays information about your network. Located under `tools/`. tidos_updater.py - Updates the framework to the latest release via signature matching. Located under `tools/`. TIDoS In Action: Lets see some screenshots of TIDoS in real world pentesting action: Version: v1.7 [latest release] [#stable] Upcoming: These are some modules which I have thought of adding: Some more of Enumeraton & Information Disclosure modules. Lots more of OSINT & Stuff (let that be a suspense). More of Auxillary Modules. Some Exploits are too being worked on. More info & Download: [hide][Hidden Content]]
  5. 0x1

    Ehtools framework

    EntynetHackerTools ™ (Ehtools Framework) Attacking frameworks Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program. An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself. An example of this we've covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what's happening "under the hood" of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network. UX/UI impruvements for beginners The Ehtools Framework starts by merely typing the letter ehtools or eht into a terminal window, then it asks for the name of your network interfaces after the first run. It uses the names you supply to connect to the tools needed to execute any attacks you select. Aside from that initial input, the majority of the possible attacks can be performed merely by choosing the option number from the menu. This means you can grab a network handshake or download a new hacking tool like Pupy by just selecting from one of the menu options. More info & Download [hide][Hidden Content]]
  6. Jok3r v3 Network & Web Pentest Automation Framework About Overview Jok3r is a framework that aids penetration testers for network infrastructure and web security assessments. Its goal is to automate as much stuff as possible in order to quickly identify and exploit "low-hanging fruits" and "quick win" vulnerabilities on most common TCP/UDP services and most common web technologies (servers, CMS, languages...). Combine Pentest Tools Do not re-invent the wheel. Combine the most useful hacking tools/scripts available out there from various sources, in an automatic way. Automate Attacks Automatically run security checks adapted to the targeted services. Reconnaissance, CVE lookup, vulnerability scanning, exploitation, bruteforce... Centralize Mission Data Store data related to targets in a local database. Keep track of all the results from security checks and continuously update the database. Features Key Features Pentest Toolbox Management Selection of Tools Compilation of 50+ open-source tools & scripts, from various sources. Docker-based Application packaged in a Docker image running Kali OS, available on Docker Hub. Ready-to-use All tools and dependencies installed, just pull the Docker image and run a fresh container. Updates made easy Easily keep the whole toolbox up-to-date by running only one command. Easy Customization Easily add/remove tools from a simple configuration file. Network Infrastructure Security Assessment Many supported Services Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.). Combine Power of Tools Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks. Context Awareness Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.). Reconnaissance Automatic fingerprinting (product detection) of targeted services is performed. CVE Lookup When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details). Vulnerability Scanning Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn). Brute-force Attack Automatically check for default/common credentials on the service and perform dictionnary attack if necessary. Wordlists are optimized according to the targeted services. Post-authentication Testing Automatically perform some post-exploitation checks when valid credentials have been found. Web Security Assessment Large Focus on HTTP More than 60 different security checks targeting HTTP supported for now. Web Technologies Detection Fingerprinting engine based on Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server. Server Exploitation Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.). CMS Vulnerability Scanning Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.). Local Database & Reporting Local Database Data related to targets is organized by missions (workspaces) into a local Sqlite database that is kept updated during security testings. Metasploit-like Interactive Shell Access the database through an interactive shell with several built-in commands. Import Targets from Nmap Add targets to a mission either manually or by loading Nmap results. Access all Results All outputs from security checks, detected credentials and vulnerabilities are stored into the database and can be accessed easily. Reporting Generate full HTML reports with targets summary, web screenshots and all results from security testing. Architecture Framework Architecture General Architecture graph Flowchart Demo Demonstration Videos Download Get Jok3r Jok3r is open-source. Contributions, ideas and bug reports are welcome ! [Hide] [Hidden Content]]
  7. 0x1

    AIL framework

    AIL framework - Analysis Information Leak framework AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information (e.g. data leak prevention). Video Demo Features Modular architecture to handle streams of unstructured or structured information Default support for external ZMQ feeds, such as provided by CIRCL or other providers Multiple feed support Each module can process and reprocess the information already processed by AIL Detecting and extracting URLs including their geographical location (e.g. IP address location) Extracting and validating potential leak of credit cards numbers, credentials, ... Extracting and validating email addresses leaked including DNS MX validation Module for extracting Tor .onion addresses (to be further processed for analysis) Keep tracks of duplicates (and diffing between each duplicate found) Extracting and validating potential hostnames (e.g. to feed Passive DNS systems) A full-text indexer module to index unstructured information Statistics on modules and web Real-time modules manager in terminal Global sentiment analysis for each providers based on nltk vader module Terms, Set of terms and Regex tracking and occurrence Many more modules for extracting phone numbers, credentials and others Alerting to MISP to share found leaks within a threat intelligence platform using MISP standard Detect and decode encoded file (Base64, hex encoded or your own decoding scheme) and store files Detect Amazon AWS and Google API keys Detect Bitcoin address and Bitcoin private keys Detect private keys, certificate, keys (including SSH, OpenVPN) Detect IBAN bank accounts Tagging system with MISP Galaxy and MISP Taxonomies tags UI paste submission Create events on MISP and cases on The Hive Automatic paste export at detection on MISP (events) and The Hive (alerts) on selected tags Extracted and decoded files can be searched by date range, type of file (mime-type) and encoding discovered Graph relationships between decoded file (hashes), similar PGP UIDs and addresses of cryptocurrencies Tor hidden services crawler to crawl and parse output Tor onion availability is monitored to detect up and down of hidden services Browser hidden services are screenshot and integrated in the analysed output including a blurring screenshot interface (to avoid "burning the eyes" of the security analysis with specific content) Tor hidden services is part of the standard framework, all the AIL modules are available to the crawled hidden services Generic web crawler to trigger crawling on demand or at regular interval URL or Tor hidden services Screenshots More info & Download : [hide][Hidden Content]]
  8. msctf in the Text Services Framework suffers from multiple design flaws that can lead to things like UIPI bypass and interfering with processes. View the full article
  9. Adive Framework version 2.0.7 suffers from a cross site request forgery vulnerability. View the full article
  10. pocsuite3 pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers. Features PoC scripts can running with attack,verify, shell mode in different way Plugin ecosystem Dynamic loading PoC script from any where (local file, redis , database, Seebug …) Load multi-target from any where (CIDR, local file, redis , database, Zoomeye, Shodan …) Results can be easily exported Dynamic patch and hook requests Both command line tool and python package import to use IPV6 support Global HTTP/HTTPS/SOCKS proxy support Simple spider API for PoC script to use Integrate with Seebug (for load PoC from Seebug website) Integrate with ZoomEye (for load target from ZoomEye Dork) Integrate with Shodan (for load target from Shodan Dork) Integrate with Ceye (for verify blind DNS and HTTP request) Friendly debug PoC scripts with IDEs More … Changelog version 1.4.6 Fix problems with -v Fix problems that may occur when loading multiple pocs [HIDE][Hidden Content]]
  11. This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation. View the full article
  12. Level23HackTool

    The Shadow Attack Framework

    [Hidden Content]
  13. [Hidden Content] FEATURES
  14. Web Crawler, Scanner, and Analyzer Framework (Shell-Script based) Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penentration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. [HIDE][Hidden Content]]
  15. Cutter is a free and open-source GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. [HIDE][Hidden Content]]
  16. Insanity-Framework THIS PROJECT ARE CLOSED NOW - FEEL FREE TO CONTINUE IT Copyright 2017 Insanity Framework (IF) 2.0 END Written by: * Alisson Moretto - 4w4k3 Special Thanks to Thomas Perkins - Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has the ability to wait long enough to bypass a running sandbox. **NOTE: Insanity payloads may experience a 1 minute delay while connecting, this is necessary in order to bypass most avs and sandboxes. ** Twitter: @4w4k3Official DISCLAIMER: "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Taken from LICENSE. INSTALLATION OF DEPENDENT LIBRARIES cd Insanity-Framework chmod +x install.sh ./install.sh That's it Features Bypass most AV and Sandboxes. Remote Control. Payload Generation. Some Phishing methods are included on payloads generated. Detect Virtual Machines. Multiple Session disabled. Persistence and others features can be enabled. Bypass UAC. Memory Injection. Needed dependencies apt wine wget Linux sudo access python2.7 python 2.7 on Wine Machine pywin32 on Wine Machine VCForPython27 on Wine Machine Tested on: Kali Linux - SANA Kali Linux - ROLLING Ubuntu 14.04-16.04 LTS Debian 8.5 Linux Mint 18.1 Black Arch Linux Cloning: git clone [Hidden Content] Running: sudo python insanity.py If you have another version of Python: sudo python2.7 insanity.py Screenshot: More in Screens Contribute: Send me more features if you want it I need your help for Insanity to become better! Things needed to be improved and future updates: File Transfer (FTP) Webcam Snaps and Streaming Keylogging Print Screens Download: [HIDE][Hidden Content]]
  17. Themosis Framework BookStore version 1.3.0 suffers from a database disclosure vulnerability. View the full article
  18. itsMe

    CHAOS Framework v3.0

    CHAOS Framework v3.0 - Generate Payloads And Control Remote Windows Systems CHAOS is a PoC that allow generate payloads and control remote operating systems. Features Feature Windows Mac Linux Reverse Shell X X X Download File X X X Upload File X X X Screenshot X X X Keylogger X Persistence X Open URL X X X Get OS Info X X X Fork Bomb X X X Run Hidden X Tested On Kali Linux - ROLLING EDITION [HIDE][Hidden Content]]
  19. Features Extract mikrotik credential (user.dat) Password generator Reverse IP lookup Mac address sniffer Online md5 cracker Mac address lookup Collecting url from web.archive.org Web backdoor (Dark Shell) Winbox exploit (CVE-2018-14847) ChimeyRed exploit for mipsbe (Mikrotik) Exploit web application Mass apple dos (CVE-2018-4407) Libssh exploit (CVE-2018-10933) Discovering Mikrotik device Directory scanner Subdomain scanner Mac address scanner Mac address pinger Vhost scanner (bypass cloudflare) Mass bruteforce (wordpress) Interactive msfrpc client Exploit web application plUpload file upload jQuery file upload (CVE-2018-9206) Laravel (.env) sftp-config.json (misc) Wordpress register (enable) elfinder file upload Drupal 7 exploit (CVE-2018-7600) Drupal 8 exploit (CVE-2018-7600) com_fabrik exploit (joomla) gravityform plugin file upload (wordpress) geoplace3 plugin file upload (wordpress) peugeot-music plugin file upload (wordpress) [HIDE][Hidden Content]]
  20. A penetration testing framework for UNIX systems. Introduction DarkSpiritz is a penetration testing framework for Linux, MacOS and Windows systems, created by SecTel Team. Users familiar with another penetration testing framework known as Metasploit, will find DarkSpiritz very easy to setup and use. Features: Python 3 support Real Time Updating of Configuration Never a need to restart the program even when adding plugins or editing them. Easy to use UX Multi-functionality [HIDE][Hidden Content]]
  21. Introduction Increased use of PowerShell attacks led to the fact that they are much better logged and detected today. Yes, PowerShell is flexible, but we needed urgent alternatives. Everyone started to turn to C# and the .NET utilities to execute code on Windows. That’s how SharpShooter, payload generation framework, came out. SharpShooter is a weaponised payload generation framework with anti-sandbox analysis, staged and stageless payload execution and support for evading ingress monitoring. Updated with new features [HIDE][Hidden Content]]
  22. AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply with the requirements described in the user guide. Requirements Powershell 4.0 or higher Changes Version 4.8 • Compatibility with Powershell 4.0 • Automatic copy of the content to the clipboard (passwords, hashes, dumps, etc.) • Automatic exclusion in Windows Defender (4 different methods) • Remote execution without password for PSexec, WMI and Invoke-Command • New available attack: DCOM Passwordless Execution • New available module: Remote Access / Metasploit Web Delivery • New module available: Remote VNC Server (designed for legacy environments) • Autocomplete the host, user and password fields by pressing Enter • It is now possible to run the tool without administrator privileges with the -noadmin parameter *The rest of the changes can be consulted in the CHANGELOG file Use This application can be used locally, remotely or to pivot between computers. Thanks to the additional modules, it is possible to dump hashes and passwords, obtain a remote shell, upload and download files or even recover the history of RDP connections or passwords of wireless networks. One line execution: powershell -ep bypass "cd $env:temp ; iwr [Hidden Content] -outfile AutoRDPwn.ps1 ; .\AutoRDPwn.ps1" The detailed guide of use can be found at the following link: [Hidden Content] [HIDE][Hidden Content]]
  23. A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details. View the full article
  24. Zend Framework ZF1 version 1.x suffers from a database configuration file disclosure vulnerability. View the full article
  25. Zend Framework version 1.11.11 suffers from a database configuration file disclosure vulnerability. View the full article