Search the Community

Deepfake Offensive Toolkit dot (aka Deepfake Offensive Toolkit) makes real-time, controllable deepfakes ready for virtual camera injection. dot is created for performing penetration testing against e.g. identity verification and video conferencing systems, for the use by security analysts, Red Team members, and biometrics researchers. [hide][Hidden Content]]

RedTeam Toolkit Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities. The cybersecurity open-source projects are integrated with what will be a powerful toolkit together. Currently, it supports the following options: FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output) Livehosts (scan all live hosts in the network scale – PDF output) DirScan (scan all directories on a target – PDF output) CVE Description ( CveID Search) SSH Dictionary Attack RDP BruteForce WebApps Section F5 BIG-IP PoC ( CVE-2022-1388 ) Apache Path Traversal PoC ( CVE-2021-41773 ) Automated XSS Finder Web Crawler for gathering URLs SubDomain Enumeration HTTP Verb Tampering (SQLi will be added soon) Windows Section (Being updated, other major CVEs will be added) Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 ) Linux Section to implement major Linux CVEs (UNDER MAINTENANCE) Changelog v0.1.5 The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules: CVE-2022-1388 PoC (for F5 BIG-IP Automated XSS Finder to server a website and find XSS on that A new module for content discovery (Gathering all URLs) [hide][Hidden Content]]

black-widow is one of the most useful, powerful, and complete offensive penetration testing tools. It provides easy ways to execute many kinds of information gatherings and attacks. Fully Open Source Written in Python Continuously updated and extended [hide][Hidden Content]]

Osmedeus is a fully automated vulnerability scanner that analyses system, subdomain, and website to identify security holes. It is a useful security tool that can scan and take screenshots of the target. Osmedeus: Open Source Web Reconnaissance and Vulnerability Scanner Osmedeus is an open-source vulnerability scanner developed to protect your organization against imminent cyber-security threats. It combines the best of intranet and extranet surveillance. The tool has features that exceed most premium scanning and reconnaissance tools in the market. It can be used to scan your target network and server for vulnerabilities. It features an impressive collection of tools such as web technology detection, IP discovery, and way back machine discovery. It can separate workspace to store all scan output and logging details. Finally, it supports a continuous scan and lets you view the scan report from the command line. Furthermore, it is equipped with web technology detection, IP discovery, and way back machine discovery features. The application can separate workspace to store all scan output and details logging. Lastly, it can support a continuous scan and lets you view the scan report from the command line. Osmedeus Architecture Features: Subdomain Scan Subdomain TakeOver Scan Screenshot the target Basic recon like Whois, Dig info Web Technology detection IP Discovery CORS Scan SSL Scan Wayback Machine Discovery URL Discovery Headers Scan Port Scan Vulnerable Scan Separate workspaces to store all scan output and details logging REST API React Web UI Support Continuous Scan Slack notifications Easily view report from commanad line Supported platforms: Kali Linux, *nix OS, and macOS [hide][Hidden Content]]

Offensive Wifi Toolkit (owt) This tool compiles some necessary tools for wifi auditing in a Unix bash script with a user-friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. [hide][Hidden Content]]

Proxies: Yes Bots: 100 Email:Pass / User:Pass Capture: Subscription [hide][Hidden Content]]

Offensive Software Exploitation (OSE) Course This repository is for the Offensive Software Exploitation Course I am teaching at Champlain College and currently doing it for free online (check the YouTube channel for the recordings). Most of the slide notes I used are already shared on HTID Course, but the labs were fully created by myself. I used publically available resources and software to explain each of the weaknesses covered, so there is nothing here that you cannot find online. Vulnerable Software The vulnerable software I used is also online and can be found at Exploit-db. I also used Stephen Bradshaw’s VulnServer, plus maybe some other simple code that I prepared. Please check each lab for the software used in that specific lab and from where to download it. Tool(s) Required All of the tools used are free and could be downloaded from the URLs below. Immunity Debugger: download Kali Linux: download CFF Explorer: download PE-bear: download Ghidra: download IDA Pro: download x64dbg: download Microsoft SysInternals Suite: download CAPA by FireEye FLARE Team: download NetCat: download Others! Target(s) Used Download a Windows 10 VM from Microsoft VMs (currently using Version 1809 Build 17763.1339) here. This will be used for most of the labs, except for the EggHunter lab, I used a Windows 7 VM, also from Microsoft VMs (currently offline so check archive.org). All the targeted software is Intel/AMD 32-bit unless otherwise instructed. Table of Contents: The topics that will be covered in this course are: The Basics (PE Format, DLLs, etc) Bug Hunting and Fuzzing Intro. to Memory Corruption and Buffer Overflows Metasploit Mitigation Techniques SEH and Jumping Strategies Egghunter Return Oriented Programming (ROP) Post Exploitation Manual Code Injection Intro. to Assembly x86 and x64 (please check-update #3 for this part) Reverse Engineering (please check-update #3 for this part) Video Recordings: Arabic version: Playlist English version: Playlist Useful Resources: The number one resource is the Corelan Team’s blog, Corelan Team Introductory Intel x86, OpenSecurityTraining [hide][Hidden Content]]

Description This course will primarily be hands-on and build familiarity from basic hacking concepts to more advanced exploitation techniques, while also demonstrating through video lectures to teach learners penetration testing methodologies and tools. The course will cover how to set up Kali Linux and use the tools within it to perform a penetration test by learning how to scan targets, conduct enumeration to find vulnerabilities within networks as well as web applications, modify exploit code to fit the environment to successfully exploit the target, obtain a shell on a target, and then escalate privileges to successfully “own” a target all in a controlled and organized manner in preparation to write a comprehensive penetration test report. Learners will also become familiar with how to write the penetration test report as this is an equally important requirement for their pentesting career. This course will also help learners develop the hacker mindset of how to think laterally and with agility while under stress and a time limit in order to successfully exploit targets. This course is equally beneficial for those with a basic level of knowledge of penetration testing and want more hands-on experience to hone their skills. This is a deep course about penetration testing. In this course, you’ll learn from basic to the most advanced and modern techniques to find vulnerabilities through information gathering, create and/or use exploits and be able to escalate privileges in order to test your information systems defenses. Prerequisites Solid understanding of TCP/IP networking Reasonable Windows and Linux administration experience Familiarity with the Windows and Linux command line Familiarity of Bash scripting with basic Python Course Goals By the end of this course, students should be able to: Set up Kali Linux and understand the tools it has available Conduct a full penetration test Write a comprehensive penetration test report Understand what the hacker mindset is and help develop it What Is Offensive Security? Offensive security allows developers to find vulnerabilities within a system or application by gathering information. Then, the developer creates exploits to escalate privileges in order to test the information systems’ defenses. Think of offensive security as a proactive approach to protecting websites and applications. Offensive security training provides developers with penetration testing methodologies and provides them with the knowledge to utilize the tools included with the Kali Linux distribution. Is OSCP Hard? Obtaining an OSCP certification can be challenging for even the most skilled developers. Before starting offensive security training, evaluate your skills and consider if you feel your skills rank as advanced. Any offensive security course will be difficult, as well, but with the proper training, developers will be able to flourish and earn the OSCP certificate. How Do You Prepare For an Offensive Security Certification? Before pursuing OSCP certification, having specific prerequisites will help you successfully complete the course. Students should have a robust IT Background, InfoSec knowledge, ethical Hacking knowledge, and basic programming skills. How Do You Pass an Offensive Penetration Testing Certification? The best way to earn the offensive penetration testing certification is to take an online course such as Cybrary’s offensive security training course. Cybrary’s course allows students to take the course online, which allows for flexibility to start and stop the videos when it’s convenient for students. Cybrary’s offensive security training will enable students to practice pen tests in a lab and erase their tracks in Labs. Is Offensive Security Certification Worth It? By the end of this offensive security training course, students will understand how to use passive and active reconnaissance techniques, as well as use basic and advanced scanning and information harvesting techniques. The goal is for developers to be able to create code to exploit vulnerabilities and recognize legitimate public exploits from fake exploits. Upon obtaining certification, students will also be able to: Use and modify public exploits Use several techniques to gain access to a system from both remote and local side Use several methods to escalate privileges Clear your tracks Perform lateral and vertical jumps between systems Use tunnels to compromise other computers on the network or hide your traffic. OSCP training will help developers in their careers by giving them the skills needed to create executive reports with the results of the pen test and present the findings to your managers. What Should I Do After The OSCP? Once you’ve earned an OSCP certificate, it’s time to utilize your knowledge and skills in the professional world. Having an offensive security certification on your resume can help you advance your career and earn a coveted role. Developers with an OSCP certificate make $91,000 a year on average, according to Payscale. For someone who specializes in penetration testing, with an offensive cybersecurity certification, Indeed says they’ll earn $116,272 a year, on average. [Hidden Content] [hide][Hidden Content]]

xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named “launch.txt” The key to decrypt the payload is saved to a file named “safe.txt” Execute “launch.txt” on a remote host The script will call back to the attacker defined web server to retrieve the decryption key “safe.txt” Decrypt the payload in memory Execute the intended payload in memory Changelog v0.3 ETW and Script Block Logging bypass added to all payloads. The bypasses can be disabled with –disable-etw and –disable-script-logging. [hide][Hidden Content]]

xeca xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named “launch.txt” The key to decrypt the payload is saved to a file named “safe.txt” Execute “launch.txt” on a remote host The script will call back to the attacker defined web server to retrieve the decryption key “safe.txt” Decrypt the payload in memory Execute the intended payload in memory [hide][Hidden Content]]

Black Widow black-widow is one of the most useful, powerful and complete offensive penetration testing tool. It provides easy ways to execute many kinds of information gatherings and attacks. Fully Open Source Written in Python Continuously updated and extended Features: Localhost Web GUI Sniffing Website crawling Web page parsing SQL injection Injected database management Brute force attacks Cluster between other black-widows Multiple asynchronous requests Multiple targets management Useful CTF features [HIDE][Hidden Content]]

Counter-Strike Global Offensive (vphysics.dll) versions prior to 1.37.1.1 allow remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, using a crafted map that causes memory corruption. View the full article

Raccoon Offensive Security Tool for Reconnaissance and Information Gathering Features DNS details DNS visual mapping using DNS dumpster WHOIS information TLS Data - supported ciphers, TLS versions, certificate details and SANs Port Scan Services and scripts scan URL fuzzing and dir/file detection Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce Web application data retrieval: CMS detection Web server info and X-Powered-By robots.txt and sitemap extraction Cookie inspection Extracts all fuzzable URLs Discovers HTML forms Retrieves all Email addresses Scans target for vulnerable S3 buckets and enumerates them for sensitive files Detects known WAFs Supports anonymous routing through Tor/Proxies Uses asyncio for improved performance Saves output to files - separates targets by folders and modules by files Roadmap and TODOs Expand, test, and merge the "owasp" branch with more web application attacks and scans (#28) Support more providers for vulnerable storage scan (#27) Add more WAFs, better detection OWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.) Support multiple hosts (read from file) Rate limit evasion IP ranges support CIDR notation support More output formats (JSON at the very least) About Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously. Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments. For more options - see "Usage". Installation For the latest stable version: pip install raccoon-scanner # To run: raccoon [OPTIONS] Please note Raccoon requires Python3.5+ so may need to use pip3 install raccoon-scanner. You can also clone the GitHub repository for the latest features and changes: git clone [Hidden Content] cd Raccoon python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used # Or python setup.py develop # Changes to code will be reflected in calls to raccoon. This can be undone by using python setup.py develop --uninstall # Finally raccoon [OPTIONS] [TARGET] macOS To support Raccoon on macOS you need to have gtimeout on your machine. gtimeout can be installed by running brew install coreutils. Docker # Build the docker image docker build -t evyatarmeged/raccoon . # Run a scan, As this a non-root container we need to save the output under the user's home which is /home/raccoon docker run --name raccoon evyatarmeged/raccoon:latest example.com -o /home/raccoon Prerequisites Raccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon. OpenSSL is also used for TLS/SSL scans and should be installed as well. Usage Usage: raccoon [OPTIONS] TARGET Options: --version Show the version and exit. -d, --dns-records TEXT Comma separated DNS records to query. Defaults to: A,MX,NS,CNAME,SOA,TXT --tor-routing Route HTTP traffic through Tor (uses port 9050). Slows total runtime significantly --proxy-list TEXT Path to proxy list file that would be used for routing HTTP traffic. A proxy from the list will be chosen at random for each request. Slows total runtime -c, --cookies TEXT Comma separated cookies to add to the requests. Should be in the form of key:value Example: PHPSESSID:12345,isMobile:false --proxy TEXT Proxy address to route HTTP traffic through. Slows total runtime -w, --wordlist TEXT Path to wordlist that would be used for URL fuzzing -T, --threads INTEGER Number of threads to use for URL Fuzzing/Subdomain enumeration. Default: 25 --ignored-response-codes TEXT Comma separated list of HTTP status code to ignore for fuzzing. Defaults to: 302,400,401,402,403,404,503,504 --subdomain-list TEXT Path to subdomain list file that would be used for enumeration -sc, --scripts Run Nmap scan with -sC flag -sv, --services Run Nmap scan with -sV flag -f, --full-scan Run Nmap scan with both -sV and -sC -p, --port TEXT Use this port range for Nmap scan instead of the default --vulners-nmap-scan Perform an NmapVulners scan. Runs instead of the regular Nmap scan and is longer. --vulners-path TEXT Path to the custom nmap_vulners.nse script.If not used, Raccoon uses the built-in script it ships with. -fr, --follow-redirects Follow redirects when fuzzing. Default: False (will not follow redirects) --tls-port INTEGER Use this port for TLS queries. Default: 443 --skip-health-check Do not test for target host availability --no-url-fuzzing Do not fuzz URLs --no-sub-enum Do not bruteforce subdomains --skip-nmap-scan Do not perform an Nmap scan -q, --quiet Do not output to stdout -o, --outdir TEXT Directory destination for scan output --help Show this message and exit. Screenshots Web application data including vulnerable S3 bucket: HTB challenge example scan: Nmap vulners scan results: Results folder tree after a scan: Contributing Any and all contributions, issues, features and tips are welcome. Download: [HIDE][Hidden Content]]

[Hidden Content] What is Osmedeus? Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advance Usage ./osmedeus.py -t example.com Installation git clone [Hidden Content] cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page Features Subdomain Scan. Subdomain TakeOver Scan. Screenshot the target. Basic recon like Whois, Dig info. IP Discovery. CORS Scan. SSL Scan. Headers Scan. Port Scan. Vulnerable Scan. Seperate workspaces to store all scan output and details logging. REST API. SPA Web UI. Slack notifications. Demo Disclaimer Most of this tool done by the authors of the tool that you can see in the module folder. I just put all the pieces together, plus some extra boring stuff that we don't wanna do everyday. This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only.

Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. [HIDE][Hidden Content]] Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Installed Tools

[Hidden Content]