Search the Community

Showing results for tags 'pentest'.

The search index is currently processing. Current results may not be complete.


More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 17 results

  1. About Pentest Tools Framework INFO: Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. Modules EXPLOIT ========= Exploit Name Rank Description -------------- ------- ------------- exploit/inject_html normal Inject Html code in all visited webpage exploit/robots normal robots.txt Detected exploit/jenkins_script_console good Jenkins-CI Script-Console Java Execution exploit/php_thumb_shell_upload good php shell uploads exploit/cpanel_bruteforce normal cpanel bruteforce exploit/joomla_com_hdflayer manual joomla exploit hdflayer exploit/wp_symposium_shell_upload good symposium shell upload exploit/joomla0day_com_myngallery good exploits com myngallery exploit/jm_auto_change_pswd normal vulnerability exploit/android_remote_access expert Remote Acces Administrator (RAT) exploit/power_dos manual Denial Of Service exploit/tp_link_dos normal TP_LINK DOS, 150M Wireless Lite N Router, Model No. TL-WR740N exploit/joomla_com_foxcontact high joomla foxcontact exploit/joomla_simple_shell high joomla simple shell exploit/joomla_comfields_sqli_rce high Joomla Component Fields SQLi Remote Code Execution exploit/inject_javascript normal Inject Javascript code in all visited webpage exploit/dns_bruteforce high Dns Bruteforce with nmap exploit/dos_attack normal hping3 dos attack exploit/shakescreen high Shaking Web Browser content exploit/bypass_waf normal bypass WAf exploit/enumeration high simple enumeration exploit/restrict_anonymous normal obtain credentials exploit/vbulletin high vBulletin v5.x 0day pre-auth RCE exploit exploit/openssl_heartbleed high dump openssl_heartbleed exploit/samba good Samba EXploits exploit/webview_addjavascriptinterface good Android Browser and WebView addJavascriptInterface Code Execution SCANNERS ======== Scanner Name Rank Description -------------- ------- ------------- scanner/ssl_scanning good SSL Vulnerability Scanning scanner/nmap_scanner normal port scanners nmap scanner/smb_scanning good scan vulnerable SMB server scanner/joomla_vulnerability_scanners high vulnerability scanner/joomla_scanners_v.2 good joomla scaning scanner/joomla_scanners_v3 normal joomla scaning scanner/jomscan_v4 good scan joomla scanner/joomla_sqli_scanners high vulnerability scanners scanner/lfi_scanners good lfi bug scan scanner/port_scanners manual port scan scanner/dir_search high directory webscan scanner/wordpress_user_scan good get wordpress username scanner/cms_war high FULL SCAN ALL WEBSITES scanner/usr_pro_wordpress_auto_find good find user pro vulnerability scanner/nmap_vuln normal vulnerability Scanner scanner/xxs_scaner normal Detected vulnerability xss scanner/spaghetti high Web Application Security Scanner scanner/dnslookup normal dnslookup scan scanner/domain_map normal scanner domain map scanner/dns_report normal dns report scanner/find_shared_dns normal find shared dns scanner/dns_propagation low dns propagation scanner/find_records normal find records scanner/cloud_flare normal cloud flare scanner/extract_links normal links extract scanner/web_robot normal web robots scanner scanner/enumeration normal http-enumeration [Hidden Content]
  2. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.3 – Added CVE-2019-15107 Webmin <= 1.920 – Unauthenticated RCE MSF exploit v7.3 – Added massdns plugin v7.3 – Added altdns plugin v7.3 – Added dnsgen plugin v7.3 – Updated web file/dir wordlists from public exploits and honeypots v7.3 – Added time stamps to all commands v7.3 – Removed CloudFront from domain hijacking checks v7.3 – Removed snmp-brute.nse script due to scan issues v7.3 – Fixed issue with discover scan workspace names v7.3 – Fixed issue with DockerFile (sed: can’t read /usr/bin/msfdb: No such file or directory) v7.3 – Fixed issue with installer on docker not having pip installed v7.3 – Fixed issue with port 161 not being referenced correctly in scans [HIDE][Hidden Content]]
  3. itsMe

    WebApp Pentest toolkit

    Tools Listeners HTTP Server DNS Server TCP Server POSTMessage Hooker Websocket Hooker Analysis HTTP/JS-Files/Binary Analyze Analyze Files (Binary, Metadata, Text files, Js sinks) Net Tools Get DNS Records Resolve Hosts Reverse IPs Passive DNS DNS History Text Tools Text Processing Block construct Format generator pattern creation Encrypt/Decrypt data Hash Identification Crackers Payload Generators Encoders/Decoders Poc Generators (Python, Bash, HTML) Recon Get Websites ScreenShots GET Subdomains (Scrabbing, Minning, DNS-brute-force, Http-brute-force) Site categorizer s3/GC bucket enumeration Github Lister Ip History Scanners Detect Misconfiguration Port/vulnerability/ssl scanner Vulnerability Exploiters Waf Detection Scrabbers Download Android apps (APK) Travis-CI logs fetching if the app is not working properly, Download this archive dlls.zip and extract the dll files, put them in the application folder, beside the executable file Some notes: This tool is meant primarily for bug hunters (especially beginners). This tool is not backdoored with any malicious software/tracking. This tool contains bugs more than features so use it carefully. Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design, consider using many threads, this will be replaced with another solution. Memory is not carefully managed so be careful, do not use all the tools at the same time. Do not use it illegally Tools starting with _ are not built yet, I added buttons to remember writing them so I could build them in future, hence no need to reverse engineer the tool in order to enable them, if you have time feel free to do it no problem. Many third-parties are used without permission no APIS used. The source code is not published because the tool is a beta and the code is ugly and worse than my handwriting. The project is planned to be open-source with the first release. Suggestions are deeply welcome. Credits are reserved for all authors and third-parties. [HIDE][Hidden Content]]
  4. Jok3r v3 Network & Web Pentest Automation Framework About Overview Jok3r is a framework that aids penetration testers for network infrastructure and web security assessments. Its goal is to automate as much stuff as possible in order to quickly identify and exploit "low-hanging fruits" and "quick win" vulnerabilities on most common TCP/UDP services and most common web technologies (servers, CMS, languages...). Combine Pentest Tools Do not re-invent the wheel. Combine the most useful hacking tools/scripts available out there from various sources, in an automatic way. Automate Attacks Automatically run security checks adapted to the targeted services. Reconnaissance, CVE lookup, vulnerability scanning, exploitation, bruteforce... Centralize Mission Data Store data related to targets in a local database. Keep track of all the results from security checks and continuously update the database. Features Key Features Pentest Toolbox Management Selection of Tools Compilation of 50+ open-source tools & scripts, from various sources. Docker-based Application packaged in a Docker image running Kali OS, available on Docker Hub. Ready-to-use All tools and dependencies installed, just pull the Docker image and run a fresh container. Updates made easy Easily keep the whole toolbox up-to-date by running only one command. Easy Customization Easily add/remove tools from a simple configuration file. Network Infrastructure Security Assessment Many supported Services Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.). Combine Power of Tools Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks. Context Awareness Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.). Reconnaissance Automatic fingerprinting (product detection) of targeted services is performed. CVE Lookup When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details). Vulnerability Scanning Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn). Brute-force Attack Automatically check for default/common credentials on the service and perform dictionnary attack if necessary. Wordlists are optimized according to the targeted services. Post-authentication Testing Automatically perform some post-exploitation checks when valid credentials have been found. Web Security Assessment Large Focus on HTTP More than 60 different security checks targeting HTTP supported for now. Web Technologies Detection Fingerprinting engine based on Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server. Server Exploitation Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.). CMS Vulnerability Scanning Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.). Local Database & Reporting Local Database Data related to targets is organized by missions (workspaces) into a local Sqlite database that is kept updated during security testings. Metasploit-like Interactive Shell Access the database through an interactive shell with several built-in commands. Import Targets from Nmap Add targets to a mission either manually or by loading Nmap results. Access all Results All outputs from security checks, detected credentials and vulnerabilities are stored into the database and can be accessed easily. Reporting Generate full HTML reports with targets summary, web screenshots and all results from security testing. Architecture Framework Architecture General Architecture graph Flowchart Demo Demonstration Videos Download Get Jok3r Jok3r is open-source. Contributions, ideas and bug reports are welcome ! [Hide] [Hidden Content]]
  5. WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. It currently provides four independent working modes to deal with the target networks. Two of them are online cracking methods while the other runs in offline mode. The offline mode is provided to crack saved hashes from the first two modes. One is for deauthentication attack on wireless network and can also b e used as a jamming handler. It can be run on a variety of linux platforms and atleast requires WN727N from tp-link to properly operate. [Hidden Content]
  6. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.2 – Added experimental OpenVAS API integration v7.2 – Improved Burpsuite 2.x API integration with vuln reporting v7.2 – Added hunter.io API integration to recon mode scans v7.2 – Added Cisco IKE Key Disclosure MSF exploit v7.2 – Added JBoss MSF vuln scanner module v7.2 – Added Apache CouchDB RCE MSF exploit v7.2 – Added IBM Tivoli Endpoint Manager POST Query Buffer Overflow exploit v7.2 – Added Java RMI MSF scanner v7.2 – New scan mode “vulnscan” v7.2 – New scan mode “massportscan” v7.2 – New scan mode “massweb” v7.2 – New scan mode “masswebscan” v7.2 – New scan mode “massvulnscan” v7.2 – Added additional Slack API notification settings v7.2 – Improved NMap port detection and scan modes v7.2 – Fixed issue with Censys API being enabled by default v7.2 – Fixed verbose errors in subjack/subover tools v7.2 – Fixed issue with NMap http scripts not working [HIDE][Hidden Content]]
  7. WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication) WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireless interface on a different channel. That will be done via native linux command iwconfig for which you maybe need sudo privileges. It currently provides four independent working modes to deal with the target networks. Two of them are online cracking methods while the other runs in offline mode. The offline mode is provided to crack saved hashes from the first two modes. One is for deauthentication attack on wireless network and can also b e used as a jamming handler. It can be run on a variety of linux platforms and atleast requires WN727N from tp-link to properly operate. [HIDE][Hidden Content]]
  8. CTFs or Pentest Labs platform links please verify and comment ============================={ Enlaces de plataformas de CTFs o Pentest Labs porfavor verificar y comentar [Hidden Content]
  9. Cat-Nip Automated Basic Pentest Tool this tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic. Pentest Tools Auto Executed With Cat-Nip Whois Lookup DNSmap Nmap Dmitry Theharvester Load Balancing Detector SSLyze Automater Ua Tester Gobuster Grabber Parsero Uniscan And More Tool Soon [HIDE][Hidden Content]]
  10. Reverie Automated Pentest Tools Designed For Parrot Linux this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic. Pentest Tools Auto Executed With Reverie Whois Lookup DNSwalk Nmap Dmitry Whatweb wafw00f Load Balancing Detector SSLyze TLSSled Automater Nikto And More Tool Soon [HIDE][Hidden Content]]
  11. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.1 – Added KeepBlue CVE-2019-0708 MSF scanner v7.1 – Added automatic workspace generation for single target scans v7.1 – Added new slack.sh API integration script v7.1 – Added differential Slack notifications for new domains, new URL’s and various scan outputs v7.1 – Added vulners and vulscan NMap scripts v7.1 – Added installer and support for Debian, Parrot and Ubuntu OS (install_debian.sh) (CC. @imhaxormad) v7.1 – Fixed various issues with the DockerFile v7.1 – Fixed/added Metasploit LHOST/LPORT values to all exploits based on sniper.conf settings v7.1 – Fixed issue with Amass/Golang 1.11 not installing correctly [HIDE][Hidden Content]]
  12. [Hidden Content]
  13. Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms. Details Trigmap can performs several tasks using Nmap scripting engine (NSE): Port Scan Service and Version Detection Web Resources Enumeration Vulnerability Assessment Common Vulnerabilities Test Common Exploits Test Dictionary Attacks Against Active Services Default Credentials Test [HIDE][Hidden Content]]
  14. Cat-Nip Automated Basic Pentest Tool this tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic. faraday Usage Guide Download / Clone Cat-Nip ~# git clone [Hidden Content] Go Inside Cat-Nip Dir ~# cd catnip Give Permission To Cat-Nip ~# chmod 777 catnip.sh Run Cat-Nip ~# ./catnip.sh Changelog 1.0 First Release Pentest Tools Auto Executed With Cat-Nip Whois Lookup DNSmap Nmap Dmitry Theharvester Load Balancing Detector SSLyze Automater Ua Tester Gobuster Grabber Parsero Uniscan And More Tool Soon [Hidden Content]
  15. itsMe

    Kaboom - Automatic Pentest

    About: kaboom is a sript that automates the penetration test. It performs several tasks for each phases of pentest: Information gathering [nmap-unicornscan] TCP scan UDP scan Vulnerability assessment [nmap-nikto-dirb-searchsploit-msfconsole] It tests several services: smb ssh snmp smtp ftp tftp ms-sql mysql rdp http https and more... It finds the CVEs and then searchs them on exploit-db or Metasploit db. Exploitation [hydra] brute force ssh [HIDE][Hidden Content]]
  16. [HIDhttps://github.com/koutto/jok3r#jok3r---network-and-web-pentest-frameworkE][/HIDE] Jok3r - Network and Web Pentest Framework Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff. To achieve that, it combines open-source Hacking tools to run various security checks against all common network services. Main features Toolbox management: Install automatically all the hacking tools used by Jok3r, Keep the toolbox up-to-date, Easily add new tools. Attack automation: Target most common network services (including web), Run security checks by chaining hacking tools, following standard process (Reconaissance, Vulnerability scanning, Exploitation, Account bruteforce, (Basic) Post-exploitation). Let Jok3r automatically choose the checks to run according to the context and knowledge about the target, Mission management / Local database: Organize targets by missions in local database, Fully manage missions and targets (hosts/services) via interactive shell (like msfconsole db), Access results from security checks. Jok3r has been built with the ambition to be easily and quickly customizable: Tools, security checks, supported network services... can be easily added/edited/removed by editing settings files with an easy-to-understand syntax.
  17. J0k3rj0k3r

    ANDRAX Mobile Pentest

    ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! Features and Tools Advanced Terminal Advanced and Professional terminal emulator for Hacking! Dynamic Categories Overlay (DCO) Advanced IDE Complete support for many programming languages Information Gathering Tools for initial informations about the target Whois Bind DNS tools Dnsrecon Raccoon DNS-Cracker Scanning Tools for second stage: Scanning Nmap - Network Mapper Masscan SSLScan Network Hacking Tools for network hacking ARPSpoof Bettercap EvilGINX2 0d1n Recon-NG PHPSploit SQLMap Password Hacking Tools to break passwords Hydra John The Ripper Wireless Hacking Tools for Wireless Hacking VMP Evil AP Aircrack-NG Tools Reaver Exploitation Tools for Dev and launch exploits MetaSploit Framework RouterSploit Framework Getsploit And much more... Install and explore ANDRAX to use more than 200 tools [Hidden Content]