Search the Community
Showing results for tags 'karma'.
-
𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target. Shodan Premium API key is required to use this automation. Output from the 𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is displayed to the screen and saved to files/directories. Features Powerful and flexible results via Shodan Dorks SSL SHA1 checksum/fingerprint Search Only hit In-Scope IPs Verify each IP with SSL/TLS certificate issuer match RegEx Provide Out-Of-Scope IPs Find out all ports including well known/uncommon/dynamic Grab all targets vulnerabilities related to CVEs Banner grab for each IP, Product, OS, Services & Org etc. Grab favicon Icons Generate Favicon Hash using python3 mmh3 Module Favicon Technology Detection using nuclei custom template ASN Scan BGP Neighbour IPv4 & IPv6 Profixes for ASN Interesting Leaks like Indexing, NDMP, SMB, Login, SignUp, OAuth, SSO, Status 401/403/500, VPN, Citrix, Jfrog, Dashboards, OpenFire, Control Panels, Wordpress, Laravel, Jetty, S3 Buckets, Cloudfront, Jenkins, Kubernetes, Node Exports, Grafana, RabbitMQ, Containers, GitLab, MongoDB, Elastic, FTP anonymous, Memcached, DNS Recursion, Kibana, Prometheus, Default Passwords, Protected Objects, Moodle, Spring Boot, Django, Jira, Ruby, Secret Key and many more... [hide][Hidden Content]]
-
SKA - Simple Karma Attack SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of AP (evil twin attack). When target has connected to your WLAN you could active the HTTP redirection and perform a MITM attack. Details The script implements these steps: selection of NICs for the attack (one for LAN and one for WAN) capture of probe-requests to choice the fake AP name (tcpdump) activation of fake AP (hostapd and dnsmasq) the new AP has a DHCP server which provides a valide IP to the target and prevents possible alerts on the victim devices activation of HTTP redirection (iptables) only HTTP requests are redirect to fake site, while the HTTPS traffic continues to route normally activation of Apache server for hosting the phising site at the end of the attack the script cleans all changes and restores Apache configuration Screenshots FAQ SKA alerts you if there are some problems with NetworkManager demon or Apache configuration file. Anyway you could find the answers to your problems in the links below:[Hidden Content] In summary Disable DNS line in your NetworkManager configuration file (look into /etc/NetworkManager/): #dns=dnsmasq Insert the MAC of your wireless adapter between the unmanaged devices to allow hostapd works properly: unmanaged-devices=mac:XX:XX:XX:XX:XX:XX Source && Download [hide][Hidden Content]]
-
- 1
-
- mitm
- karma-attack
- (and 4 more)
-
KARMA version 6.0.0 suffers from a remote SQL injection vulnerability. View the full article