Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'pentest'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server. Main Features The Infection Monkey uses the following techniques and exploits to propagate to other machines. Multiple propagation techniques: Predefined passwords Common logical exploits Password stealing using mimikatz Multiple exploit methods: SSH SMB RDP WMI Shellshock Conficker SambaCry Elastic Search (CVE-2015-1427) Changelog v2.0 Added credentials.json file for storing Monkey Island user login information. #1206 GET /api/propagation-credentials/<string:guid> endpoint for agents to retrieve updated credentials from the Island. #1538 GET /api/island/ip-addresses endpoint to get IP addresses of the Island server network interfaces. #1996 SSHCollector as a configurable System info Collector. #1606 deployment_scrips/install-infection-monkey-service.sh to install an AppImage as a service. #1552 The ability to download the Monkey Island logs from the Infection Map page. #1640 POST /api/reset-agent-configuration endpoint. #2036 POST /api/clear-simulation-data endpoint. #2036 GET /api/registration-status endpoint. #2149 Authentication to /api/island/version. #2109 The ability to customize the file extension used by the ransomware payload when encrypting files. #1242 {GET,POST} /api/agents endpoint. #2362 GET /api/agent-signals endpoint. #2261 GET /api/agent-logs/<uuid:agent_id> endpoint. #2274 GET /api/machines endpoint. #2362 {GET,POST} /api/agent-events endpoints. #2405 GET /api/nodes endpoint. #2155, #2300, #2334 Scrollbar to preview pane’s exploit timeline in the map page. #2455 GET /api/agent-plugins/<string:os>/<string:type>/<string:name> endpoint. #2578, #2811 GET /api/agent-configuration-schema endpoint. #2710 GET /api/agent-plugins/<string:type>/<string:name>/manifest endpoint. #2786 GET /api/agent-binaries/<string:os> endpoint. #1675, #1978 More… [hide][Hidden Content]]
  2. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.1 – Fixed issue with dirsearch installation/command syntax update v9.1 – Updated Nuclei sc0pe templates v9.1 – Fixed issue with Nuclei sc0pe parsers not working v9.1 – Fixed issue with GAU installer/commmand not working v9.1 – Fixed issue with passive URL fetching v9.1 – Fixed issue with nuclei not being installed v9.1 – Removed error in hackertarget URL fetching v9.1 – Added dnsutils to installer to fix missing deps v9.1 – Fixed issue with gau in webscan modes not running v9.1 – Updated subfinder to latest version v9.1 – Added new email spoofing security checks to OSINT mode (-o) v9.1 – Removed spoofcheck.py v9.1 – Updated timeout settings for curl which was causing sockets/scans to hang v9.1 – Fixed issue with Nuclei symlink missing in installer v9.1 – Fixed issue with Nuclei sc0pe parser not parsing results correctly v9.1 – Fixed issue with Dirsearch not running due to invalid command settings v9.1 – Fixed issue with Nuclei templates not being installed v9.1 – Fixed issue with enum4linux command not being installed v9.1 – Fixed HackerTarget API integration v9.1 – Fixed issue with ping command not being installed v9.1 – Fixed issue with carriage returns in conf v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file v9.1 – Added verbose scan notifications for disabled conf options v9.1 – Updated default aux mode options in default sniper.conf [hide][Hidden Content]]
  3. Become a professional pentester that can find SQL injection vulnerabilities and secure the systems like security experts What you'll learn Installing penetration Testing lab How to work with HackBar Add-on Break and Balance the query Types of SQL injection attacks : Union select, blind SQL injection Boolean and Time Based Double Query injection Using DIOS to exploit SQL injection Solving HackBar syntax errors Working with phpmyadmin and essential commands Working with different Boolean expressions Bypassing login form using SQL injection vulnerability Installing Burpsuite and working with Repeater tool Working with Burpsuite Intruder tool Fuzzing for SQL injection using Intruder Directory and File Enumeration using Burpsuite Hackbar Extension for Burpsuite Finding Hidden Parameters using Burpsuite extension Param Miner Installing SQLmap and detecting SQL injection vulnerabilities Exploiting SQL injection vulnerabilities using SQLmap Working with advanced options in SQLmap Requirements Basic IT skills No programming or hacking knowledge required. We teach you from scratch! Mac/Windows/Linux – all operating systems work with this course! Description Welcome to this comprehensive SQL injection course! This course assumes you have NO prior knowledge and by the end of it you’ll be able to find and exploit SQL injection vulnerabilities like a professional pentester. This course is highly practical and full of complete projects from start to the end. You’ll learn everything by example, We’ll never have any boring theoretical lectures since we understand you just learn by doing. In this course, we start from simple workshops using Hackbar and then we focus on Burpsuite and SQLmap in order to detect and exploit vulnerabilities. The most important thing is Knowledge. If you have the knowledge, you can perform penetration testing with all kinds of tools, whether they are simple or advanced ones. So, first we learn to do it manually, and later on we learn to do it using automatic tools such as Burpsuite and SQLmap. The course is divided into six main sections: · Installing needed tools and labs · Working with Hackbar add-on . Managing Database using phpMyAdmin . SQL Injection using Boolean Expressions · Working with Burpsuite · Working with SQLmap At the end of each section you will learn how to detect and exploit SQL injection vulnerabilities. We teach you everything just by doing the projects from the scratch to the end. With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 24 hours. Disclaimer! This course is created for educational purposes only; all the attacks are launched in OWASP Labs or the other C.E.H course Labs which are designed for this purpose. We are not responsible for any misuse or illegal acts. What is next Upcoming Course ? . We are going to solve OWASP Bricks Labs using Burpsuite and SQLmap. First we solve the labs manually, then we will exploit the SQL injections using SQLmap. In addition to these labs, we will definitely include other labs which are related to our course. Stay Tuned!!! Who this course is for: Anybody interested in learning ethical hacking/penetration testing Anybody interested in starting penetration testing as a career Anybody who wants to learn penetration testing in a simple and practical way from scratch. Anybody who wants to be a cyber-security instructor in the future and has no suitable knowledge because we made penetration testing easy by Pentest Handbook series. [Hidden Content] [hide][Hidden Content]]
  4. Pentest Collaboration Framework Pentest Collaboration Framework – an open-source, cross-platform, and portable toolkit for automating routine processes when carrying out various works for testing! Features Structure 👨‍👨‍👦 Teams Work team Personal team ⛑ Pentest projects 🖥️ Hosts ip-address hostnames operation system open ports tester notes 🐞 Issues Proof of concept 🌐 Networks 🔑 Found credentials 📝 Notes 💬 Chats 📊 Report generation plaintext docx zip 📁 Files 🛠 Tools Changelog v1.1 🐞Fixed CSRF problems with notes edition Icons bug Bug with mounted filesystems Bug with issue hosts selection x2 Bug with requirements_unix.txt Bug with session/CSRF timeline Several SQL bugs IPv6 addresses bug Issue styles bug Database thread-locks (SQLite3 only) Issue templates button bug ⭐Added ✔️Double click host copy at creds/network/issue pages ✔️Contribution topic ✔️Config session_lifetime & csrf_lifetime params ✔️Issue interactive metrics tab with CVSS & OWASP Risk ✔️format_date template functions ✔️New structure of template functions ✔️DNSrecon integration ✔️theHarvester integration ✔️Metasploit integration ✔️Nuclei integration ✔️Notes variables for report templates [Hidden Content]
  5. Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3 Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc. Tools/scripts are separated into 4 categories : wave, Network/domain, IP, Port Objects are stored in a NoSQL DB (Mongo) Keep links between them to allow queries Objects can be created through parsers / manual input Business logic can be implemented (auto vuln referencing, item triggers, etc.) Many tools/scripts launch conditions are availiable to avoid overloading the target or the scanner. A GUI based on tcl/tk Features Register your own tools Add command line options in your database. Create your own light plugin to parse your tool output. Use the objects Models to add, update or delete objects to the pentest inside plugins. Limit the number of parallel execution of noisy/heavy tools Define a recon/fingerprinting procedure with custom tools Choose a period to start and stop the tools Define your scope with domains and network IP ranges. Custom settings to include new hosts in the scope Keep results of all files generated through tools executions Start the given docker to implement numerous tools for LAN and Web pentest Collaborative pentests Split the work between your machines by starting one worker by computer you want to use. Tags ip or tools to show your team mates that you powned it. Take notes on every object to keep trace of your discoveries Follow tools status live Search in all your objects properties with the fitler bar. have a quick summary of all hosts and their open ports and check if some are powned. Reporting Create security defects on IPs and ports Make your plugins create defects directly so you don't have to Generate a Word report of security defects found. You can use your own template with extra work. Generate a Powerpoint report of security defects found. You can use your own template with extra work. Currently integrated tools IP / port recon : Nmap (Quick nmaps followed by thorough scan) Domain enumeration : Knockpy, Sublist3r, dig reverse, crtsh Web : WhatWeb, Nikto, http methods, Dirsearch LAN : Crackmapexec, eternalblue and bluekeep scan, smbmap, anonymous ftp, enum4linux Unknown ports : amap, nmap scripts Misc : ikescan, ssh_scan, openrelay Roadmap Change the architecture to an API based one Get rid of Celery Add flexibity for commands Improve UX Add more plugin and improve existing ones Add real support for users / authenticated commands [hide][Hidden Content]]
  6. Docker for pentest Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from any browsers and burp suite installed in your local directory. Exploit database installed. Tool for cracking a password. Linux enumeration tools installed. Tools installed to discovery services running. Tools installed to directory fuzzing. Monitor for Linux processes without root permissions Zsh shell installed. Tools installed Operative system tools rdate vim zsh oh-my-zsh locate cifs-utils htop gotop Network tools traceroute telnet net-tools iputils-ping tcpdump openvpn whois host prips dig Developer tools git curl wget ruby go python python-pip python3 python3-pip php aws-cli tojson nodejs 🔪 Pentest tools Port scanning nmap masscan ScanPorts created by @s4vitar with some improvements 🔍 Recon Subdomains Amass GoBuster Knock MassDNS Altdns spyse Sublist3r findomain subfinder spiderfoot haktldextract Subdomain takeover subjack SubOver tko-subs DNS Lookups hakrevdns 📷 Screenshot gowitness aquatone 🕸️ Crawler hakrawler Photon gospider gau otxurls waybackurls 📁 Search directories dirsearch Fuzzer wfuzz ffuf Web Scanning whatweb wafw00z nikto arjun httprobe striker hakcheckurl CMS wpscan joomscan droopescan cmseek Search JS LinkFinder getJS subjs Wordlist cewl wordlists: wfuzz SecList Fuzzdb Dirbuster Dirb Rockyou all.txt crunch Git repositories gitleaks gitrob gitGraber github-search GitTools OWASP sqlmap XSStrike kxss dalfox Brute force crowbar hydra patator medusa Cracking hashid john the ripper hashcat OS Enumeration htbenum linux-smart-enumeration linenum enum4linux ldapdomaindump PEASS – Privilege Escalation Awesome Scripts SUITE Windows Exploit Suggester – Next Generation smbmap pspy – unprivileged Linux process snooping smbclient ftp Exploits searchsploit Metasploit MS17-010 AutoBlue-MS17-010 PrivExchange Windows evil-winrm impacket CrackMapExec Nishang Juicy Potato PowerSploit pass-the-hash mimikatz gpp-decrypt Reverse shell netcat rlwrap Other resources pentest-tools from @gwen001 qsreplace from @tomnomnom Custom functions NmapExtractPorts from @s4vitar Other services apache2 squid Changelog v0.3.3 feat: dd enum4linx-ng feat: update enum4linux github repo. feat: add sqlite3. feat: upgrade pip for python3. [hide][Hidden Content]]
  7. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.0 – Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template v9.0 – Added CVE-2020-17519 – Apache Flink Path Traversal sc0pe template v9.0 – Added RabbitMQ Management Interface Detected sc0pe template v9.0 – Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX v9.0 – Removed vulnscan NMap CSV updates/downloads to save space/bandwidth v9.0 – Added Nuclei sc0pe parser v9.0 – Added Nuclei vulnerability scanner v9.0 – Added WordPress WPScan sc0pe vulnerability parser v9.0 – Fixed issue with wrong WPscan API key command v9.0 – Added CVE-2020-11738 – WordPress Duplicator plugin Directory Traversal sc0pe template v9.0 – Renamed AUTO_VULNSCAN setting to “VULNSCAN” in sniper.conf to perform vulnerability scans via ‘normal’ mode [hide][Hidden Content]]
  8. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.9 – Tuned sniper.conf around performance for all scans and recon modes v8.9 – Added out of scope options to sniper.conf v8.9 – Added automatic HTTP/HTTPS web scans and vulnerability scans to ‘normal’ mode v8.9 – Added SolarWinds Orion Panel Default Credentials sc0pe template v8.9 – Added SolarWinds Orion Panel sc0pe template v8.9 – Fixed issue with theHarvester not running on Kali 2020.4 v8.9 – Added WPScan API support to sniper.conf v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Path Traversal sc0pe template v8.9 – Removed verbose error for chromium on Ubuntu v8.9 – Added CVE-2020-8209 – Citrix XenMobile Server Path Traversal sc0pe template v8.9 – Fixed F+ in CSP Not Enforced sc0pe template v8.9 – Added CVE-2020-14815 – Oracle Business Intelligence Enterprise DOM XSS sc0pe template v8.9 – Fixed issue with dnscan not working in Kali 2020.3 v8.9 – Fixed issue with screenshots not working in Ubuntu 2020 v8.9 – Added Frontpage Service Password Disclosure sc0pe template v8.9 – Removed Yasuo tool [hide][Hidden Content]]
  9. Linux evil toolkit is a framework that aims to centralize, standardize, and simplify the use of various security tools for pentest professionals. LETK has few simple commands, one of which is the INIT that allows you to define a target, and thus use all the tools without typing anything else. Is LETK better than setoolkit? Yes and no, there are two that serve the same thing and in a different way, the LETK and an automated attack information automation script. § 1 About use This script was made to automate the steps of gathering information about web targets, the misuse, and the responsibility of the user, to report bugs or make suggestions open a report on github. § 2 About simple_scan Automap was replaced by simple_scan, it is lighter and faster, in addition to being less detectable, now it has different modes of execution that make it possible from a quick and simple execution to more complex modes. § 3 About Console The output of the script can be extremely long, so see if your console, (gnome-terminal, cmd, konsole) is configured to display 1000 lines (I particularly recommend 10,000 lines), for professional purposes it allows the documentation, it records the commands, exits, and formats the text. Changelog v4.7.9 code review code style review update fakedump update Readme fixing many small bugs fixing dependencies update install-module. but not work [hide][Hidden Content]]
  10. Docker for pentest Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from any browsers and burp suite installed in your local directory. Exploit database installed. Tool for cracking a password. Linux enumeration tools installed. Tools installed to discovery services running. Tools installed to directory fuzzing. Monitor for Linux processes without root permissions Zsh shell installed. Tools installed Operative system tools rdate vim zsh oh-my-zsh locate cifs-utils htop gotop Network tools traceroute telnet net-tools iputils-ping tcpdump openvpn whois host prips dig Developer tools git curl wget ruby go python python-pip python3 python3-pip php aws-cli tojson nodejs 🔪 Pentest tools Port scanning nmap masscan ScanPorts created by @s4vitar with some improvements 🔍 Recon Subdomains Amass GoBuster Knock MassDNS Altdns spyse Sublist3r findomain subfinder spiderfoot haktldextract Subdomain takeover subjack SubOver tko-subs DNS Lookups hakrevdns 📷 Screenshot gowitness aquatone 🕸️ Crawler hakrawler Photon gospider gau otxurls waybackurls 📁 Search directories dirsearch Fuzzer wfuzz ffuf Web Scanning whatweb wafw00z nikto arjun httprobe striker hakcheckurl CMS wpscan joomscan droopescan cmseek Search JS LinkFinder getJS subjs Wordlist cewl wordlists: wfuzz SecList Fuzzdb Dirbuster Dirb Rockyou all.txt crunch Git repositories gitleaks gitrob gitGraber github-search GitTools OWASP sqlmap XSStrike kxss dalfox Brute force crowbar hydra patator medusa Cracking hashid john the ripper hashcat OS Enumeration htbenum linux-smart-enumeration linenum enum4linux ldapdomaindump PEASS – Privilege Escalation Awesome Scripts SUITE Windows Exploit Suggester – Next Generation smbmap pspy – unprivileged Linux process snooping smbclient ftp Exploits searchsploit Metasploit MS17-010 AutoBlue-MS17-010 PrivExchange Windows evil-winrm impacket CrackMapExec Nishang Juicy Potato PowerSploit pass-the-hash mimikatz gpp-decrypt Reverse shell netcat rlwrap Other resources pentest-tools from @gwen001 qsreplace from @tomnomnom Custom functions NmapExtractPorts from @s4vitar Other services apache2 squid Changelog v0.3.2 feat: add rsyslog and fcrackzip feat: add texlive-full and latexmk [hide][Hidden Content]]
  11. A web application that makes it easy to run your pentest and bug bounty projects. Description The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search. [hide][Hidden Content]]
  12. Docker for pentest Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from any browsers and burp suite installed in your local directory. Exploit database installed. Tool for cracking password. Linux enumeration tools installed. Tools installed to discovery services running. Tools installed to directory fuzzing. Monitor for linux processes without root permissions Zsh shell installed. Tools installed Operative system tools rdate vim zsh oh-my-zsh locate cifs-utils htop gotop Network tools traceroute telnet net-tools iputils-ping tcpdump openvpn whois host prips dig Developer tools git curl wget ruby go python python-pip python3 python3-pip php aws-cli tojson nodejs 🔪 Pentest tools Port scanning nmap masscan ScanPorts created by @s4vitar with some improvements 🔍 Recon Subdomains Amass GoBuster Knock MassDNS Altdns spyse Sublist3r findomain subfinder spiderfoot haktldextract Subdomain takeover subjack SubOver tko-subs DNS Lookups hakrevdns 📷 Screenshot gowitness aquatone 🕸️ Crawler hakrawler Photon gospider gau otxurls waybackurls 📁 Search directories dirsearch Fuzzer wfuzz ffuf Web Scanning whatweb wafw00z nikto arjun httprobe striker hakcheckurl CMS wpscan joomscan droopescan cmseek Search JS LinkFinder getJS subjs Wordlist cewl wordlists: wfuzz SecList Fuzzdb Dirbuster Dirb Rockyou all.txt crunch Git repositories gitleaks gitrob gitGraber github-search GitTools OWASP sqlmap XSStrike kxss dalfox Brute force crowbar hydra patator medusa Cracking hashid john the ripper hashcat OS Enumeration htbenum linux-smart-enumeration linenum enum4linux ldapdomaindump PEASS – Privilege Escalation Awesome Scripts SUITE Windows Exploit Suggester – Next Generation smbmap pspy – unprivileged Linux process snooping smbclient ftp Exploits searchsploit Metasploit MS17-010 AutoBlue-MS17-010 PrivExchange Windows evil-winrm impacket CrackMapExec Nishang Juicy Potato PowerSploit pass-the-hash mimikatz gpp-decrypt Reverse shell netcat rlwrap Other resources pentest-tools from @gwen001 qsreplace from @tomnomnom Custom functions NmapExtractPorts from @s4vitar Other services apache2 squid Changelog v0.3.1 feat: add ssh service. feat:: add plink and netcat executables. fix: change crowbar installation [hide][Hidden Content]]
  13. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details) v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc. v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template v8.8 – Added cPanel Login Found sc0pe template v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template v8.8 – Added PHP Composer Disclosure sc0pe template v8.8 – Added Git Config Disclosure sc0pe template v8.8 – Added updated NMap vulscan DB files v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template v8.8 – Removed UDP port scan settings/options and combined with full portscan ports v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template v8.8 – Added Smuggler HTTP request smuggling detection v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template v8.8 – Added Jaspersoft Detected sc0pe template v8.8 – Added improved dirsearch exclude options to all web file/dir searches v8.8 – Fixed naming conflict for theharvester v8.8 – Created backups of all NMap HTML reports for fullportonly scans v8.8 – Added line limit to GUA URL’s displayed in console [hide][Hidden Content]]
  14. Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly.Docker for pentest Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from any browsers and burp suite installed in your local directory. Exploit database installed. Tool for cracking password. Linux enumeration tools installed. Tools installed to discovery services running. Tools installed to directory fuzzing. Monitor for linux processes without root permissions Zsh shell installed. Tools installed Operative system tools rdate vim zsh oh-my-zsh locate cifs-utils htop gotop Network tools traceroute telnet net-tools iputils-ping tcpdump openvpn whois host prips dig Developer tools git curl wget ruby go python python-pip python3 python3-pip php aws-cli tojson nodejs 🔪 Pentest tools Port scanning nmap masscan ScanPorts created by @s4vitar with some improvements 🔍 Recon Subdomains Amass GoBuster Knock MassDNS Altdns spyse Sublist3r findomain subfinder spiderfoot haktldextract Subdomain takeover subjack SubOver tko-subs DNS Lookups hakrevdns 📷 Screenshot gowitness aquatone 🕸️ Crawler hakrawler Photon gospider gau otxurls waybackurls 📁 Search directories dirsearch Fuzzer wfuzz ffuf Web Scanning whatweb wafw00z nikto arjun httprobe striker hakcheckurl CMS wpscan joomscan droopescan cmseek Search JS LinkFinder getJS subjs Wordlist cewl wordlists: wfuzz SecList Fuzzdb Dirbuster Dirb Rockyou all.txt crunch Git repositories gitleaks gitrob gitGraber github-search GitTools OWASP sqlmap XSStrike kxss dalfox Brute force crowbar hydra patator medusa Cracking hashid john the ripper hashcat OS Enumeration htbenum linux-smart-enumeration linenum enum4linux ldapdomaindump PEASS – Privilege Escalation Awesome Scripts SUITE Windows Exploit Suggester – Next Generation smbmap pspy – unprivileged Linux process snooping smbclient ftp Exploits searchsploit Metasploit MS17-010 AutoBlue-MS17-010 PrivExchange Windows evil-winrm impacket CrackMapExec Nishang Juicy Potato PowerSploit pass-the-hash mimikatz gpp-decrypt Reverse shell netcat rlwrap Other resources pentest-tools from @gwen001 qsreplace from @tomnomnom Custom functions NmapExtractPorts from @s4vitar Other services apache2 squid Changelog v0.3 📝 Changelog feat: Update amass and change wafw00f installation mode. 🏷️ Commits [ a987755 ] – Update amass and change wafw00f installation mode. [hide][Hidden Content]]
  15. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.7 – Updated web file bruteforce lists v8.7 – Added updated Slack API integration/notifications v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template v8.7 – Added MobileIron Login sc0pe template v8.7 – Added Revive Adserver XSS sc0pe template v8.7 – Added IceWarp Webmail XSS sc0pe template v8.7 – Added Mara CMS v7.5 XSS sc0pe template v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template v8.7 – Added Sitemap.xml Detected sc0pe template v8.7 – Added Robots.txt Detected sc0pe template v8.7 – Added AWS S3 Public Bucket Listing sc0pe template v8.7 – Fixed logic error in stealth mode recon scans not running v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template v8.7 – Fixed F- detection in WordPress Sc0pe templates v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template [hide][Hidden Content]]
  16. Some Pentest Tools. Install and keep up to date some pentesting tools. I used this to pass my OSCP exam. Why I was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One day I saw sec-tools from eugenekolo (which you can see at the bottom of the page) and it gave me the motivation to start working on mine right away. But keep in mind that is different. I built this for people that are working with Kali. Should work on others distro but I didn't include tool like Burp Suite or SQLmap because it comes in Kali by default. [hide][Hidden Content]]
  17. Docker for pentest Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from any browsers and burp suite installed in your local directory. Exploit database installed. Tool for cracking password. Linux enumeration tools installed. Tools installed to discovery services running. Tools installed to directory fuzzing. Monitor for linux processes without root permissions Zsh shell installed. Tools installed Operative system tools rdate vim zsh oh-my-zsh locate cifs-utils htop gotop Network tools traceroute telnet net-tools iputils-ping tcpdump openvpn whois host prips dig Developer tools git curl wget ruby go python python-pip python3 python3-pip php aws-cli tojson nodejs 🔪 Pentest tools Port scanning nmap masscan ScanPorts created by @s4vitar with some improvements 🔍 Recon Subdomains Amass GoBuster Knock MassDNS Altdns spyse Sublist3r findomain subfinder spiderfoot haktldextract Subdomain takeover subjack SubOver tko-subs DNS Lookups hakrevdns 📷 Screenshot gowitness aquatone 🕸️ Crawler hakrawler Photon gospider gau otxurls waybackurls 📁 Search directories dirsearch Fuzzer wfuzz ffuf Web Scanning whatweb wafw00z nikto arjun httprobe striker hakcheckurl CMS wpscan joomscan droopescan cmseek Search JS LinkFinder getJS subjs Wordlist cewl wordlists: wfuzz SecList Fuzzdb Dirbuster Dirb Rockyou all.txt crunch Git repositories gitleaks gitrob gitGraber github-search GitTools OWASP sqlmap XSStrike kxss dalfox Brute force crowbar hydra patator medusa Cracking hashid john the ripper hashcat OS Enumeration htbenum linux-smart-enumeration linenum enum4linux ldapdomaindump PEASS – Privilege Escalation Awesome Scripts SUITE Windows Exploit Suggester – Next Generation smbmap pspy – unprivileged Linux process snooping smbclient ftp Exploits searchsploit Metasploit MS17-010 AutoBlue-MS17-010 PrivExchange Windows evil-winrm impacket CrackMapExec Nishang Juicy Potato PowerSploit pass-the-hash mimikatz gpp-decrypt Reverse shell netcat rlwrap Other resources pentest-tools from @gwen001 qsreplace from @tomnomnom Custom functions NmapExtractPorts from @s4vitar Other services apache2 squid Changelog v0.2.6 feat: add tree and jaeles [hide][Hidden Content]]
  18. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.6 – Added new Sn1per configuration flow that allows persistent user configurations and API key transfer v8.6 – Updated port lists to remove duplicate ports error and slim down list v8.6 – Updated PHP to 7.4 v8.6 – Added CVE-2020-12720 – vBulletin Unauthenticaed SQLi v8.6 – Added CVE-2020-9757 – SEOmatic < 3.3.0 Server-Side Template Injection v8.6 – Added CVE-2020-1147 – Remote Code Execution in Microsoft SharePoint Server v8.6 – Added CVE-2020-3187 – Citrix Unauthenticated File Deletion v8.6 – Added CVE-2020-8193 – Citrix Unauthenticated LFI v8.6 – Added CVE-2020-8194 – Citrix ADC & NetScaler Gateway Reflected Code Injection v8.6 – Added CVE-2020-8982 – Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read v8.6 – Added CVE-2020-9484 – Apache Tomcat RCE by deserialization v8.6 – Added Cisco VPN scanner template v8.6 – Added Tiki Wiki CMS scanner template v8.6 – Added Palo Alto PAN OS Portal scanner template v8.6 – Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection v8.6 – Added delete task workspace function to remove running tasks v8.6 – Added CVE-2020-3452 – Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template v8.6 – Updated theharvester command to exclude github-code search v8.6 – Updated theharvester installer to v3.1 v8.6 – Added urlscan.io API to OSINT mode (-o) v8.6 – Added OpenVAS package to install.sh v8.6 – Added Palo Alto GlobalProtect PAN-OS Portal Sc0pe template v8.6 – Fixed issue with Javascript downloader downloading localhost files instead of target v8.6 – Added CVE-2020-5902 F5 BIG-IP RCE sc0pe template v8.6 – Added CVE-2020-5902 F5 BIG-IP XSS sc0pe template v8.6 – Added F5 BIG-IP detection sc0pe template v8.6 – Added interesting ports sc0pe template v8.6 – Added components with known vulnerabilities sc0pe template v8.6 – Added server header disclosure sc0pe template v8.6 – Added SMBv1 enabled sc0pe template v8.6 – Removed verbose comment from stealth scan [hide][Hidden Content]]
  19. Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly.Docker for pentest Features OS, networking, developing and pentesting tools installed. Connection to HTB (Hack the Box) vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. Proxy service to send traffic from any browsers and burp suite installed in your local directory. Exploit database installed. Tool for cracking password. Linux enumeration tools installed. Tools installed to discovery services running. Tools installed to directory fuzzing. Monitor for linux processes without root permissions Zsh shell installed. Tools installed Operative system tools rdate vim zsh oh-my-zsh locate cifs-utils htop gotop Network tools traceroute telnet net-tools iputils-ping tcpdump openvpn whois host prips dig Developer tools git curl wget ruby go python python-pip python3 python3-pip php aws-cli tojson nodejs 🔪 Pentest tools Port scanning nmap masscan ScanPorts created by @s4vitar with some improvements 🔍 Recon Subdomains Amass GoBuster Knock MassDNS Altdns spyse Sublist3r findomain subfinder spiderfoot haktldextract Subdomain takeover subjack SubOver tko-subs DNS Lookups hakrevdns 📷 Screenshot gowitness aquatone 🕸️ Crawler hakrawler Photon gospider gau otxurls waybackurls 📁 Search directories dirsearch Fuzzer wfuzz ffuf Web Scanning whatweb wafw00z nikto arjun httprobe striker hakcheckurl CMS wpscan joomscan droopescan cmseek Search JS LinkFinder getJS subjs Wordlist cewl wordlists: wfuzz SecList Fuzzdb Dirbuster Dirb Rockyou all.txt crunch Git repositories gitleaks gitrob gitGraber github-search GitTools OWASP sqlmap XSStrike kxss dalfox Brute force crowbar hydra patator medusa Cracking hashid john the ripper hashcat OS Enumeration htbenum linux-smart-enumeration linenum enum4linux ldapdomaindump PEASS – Privilege Escalation Awesome Scripts SUITE Windows Exploit Suggester – Next Generation smbmap pspy – unprivileged Linux process snooping smbclient ftp Exploits searchsploit Metasploit MS17-010 AutoBlue-MS17-010 PrivExchange Windows evil-winrm impacket CrackMapExec Nishang Juicy Potato PowerSploit pass-the-hash mimikatz gpp-decrypt Reverse shell netcat rlwrap Other resources pentest-tools from @gwen001 qsreplace from @tomnomnom Custom functions NmapExtractPorts from @s4vitar Other services apache2 squid [hide][Hidden Content]]
  20. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.5 – Added manual installer for Metasploit v8.5 – Added Phantomjs manual installer v8.5 – Added sc0pe template to check for default credentials via BruteX v8.5 – Added fullportscans to all ‘web’ mode scans to ensure full port coverage v8.5 – Fixed issue with 2nd stage OSINT scans not running v8.5 – Added port values to sc0pe engine to define port numbers v8.5 – Fixed issue with LinkFinder not working v8.5 – Fixed issue with Javascript link parser v8.5 – Added phantomjs dependency to fix webscreenshots on Ubuntu v8.5 – Added http-default-accounts NMap NSE to check for default web credentials v8.5 – Fixed several issues with install.sh to resolve deps on Ubuntu and Kali 2020.2 v8.5 – Removed larger wordlists to reduce install size of Sn1per v8.5 – Added 20+ new active/passive sc0pe templates v8.5 – Fixed issue with installer on latest Kali and Docker builds v8.5 – Fixed custom installer for Arachni v8.5 – Fixed Dockerfile with updated Kali image (CC. @stevemcilwain) [hide][Hidden Content]]
  21. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.3 – Added Github subdomain retrieval (requires API key/conf options enabled) v8.3 – Added NMAP_OPTIONS setting to sniper.conf to configure optional NMap scan settings v8.3 – Added option to specify custom Sn1per configuration via (-c) switch v8.3 – Created several custom config files to select from, including: bug_bounty_quick, bug_bounty_max_javascript, super_stealth_mode, webpwn_only + more v8.3 – Added workspace –export option to backup/export a workspace v8.3 – Added flyover mode tuning options to sniper.conf v8.3 – Added GitGraber automated Github leak search ([Hidden Content]) v8.3 – Added static Javascript parsing for sub-domains, URL’s, path relative links and comments v8.3 – Added js-beautifier v8.3 – Added LinkFinder Javascript link finder ([Hidden Content]) v8.3 – Added fprobe HTTP probe checker ([Hidden Content]) v8.3 – Added Cisco RV320 and RV325 Unauthenticated Remote Code Execution CVE-2019-1653 MSF exploit v8.3 – Improved performance of ‘stealth’ and ‘recon’ modes v8.3 – Updated default port lists v8.3 – Improved performance of all port scans v8.3 – Removed all pip v2 commands from installer v8.3 – Added fix for missing Amass package v8.3 – Added sniper.conf options for OPENVAS_HOST and OPENVAS_PORT selection for remote instances v8.3 – Improved ‘vulnscan’ mode via OpenVAS to scan the same asset multiple times with improved error handling [HIDE][Hidden Content]]
  22. [Hidden Content]
  23. Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing About Pentest Tools Framework INFO: Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. [HIDE][Hidden Content]]
  24. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.1 – Added Citrix Gateway Arbitary Code Execution CVE-2019-19781 vulnerability detection v8.1 – Added Pulse Secure VPN Arbitrary File Disclosure CVE-2019-11510 exploit v8.1 – Added –data-length=50 for NMap IPS evasion v8.1 – Removed NMap vulscan script due to F+ results v8.1 – Fixed issue with CRT.SH sub-domain retrieval v8.1 – Updated Kali Linux keyring package v8.1 – Fixed “[: ==: unary operator expected” in all code v8.1 – Updated Sn1per Professional autoload settings v8.1 – Updated web brute force wordlists v8.1 – Removed null and debug errors from passive spider API output v8.1 – Updated Commoncrawl index repo v8.1 – Updated DockerFile repository v8.1 – Fixed issue with -dh flag to delete host with Sn1per Pro v8.0 v8.1 – Fixed issue with subfinder missing v8.1 – Fixed issue with 7zip missing v8.1 – Added check for Ubuntu to install.sh automatically [HIDE][Hidden Content]]
  25. Complete Automated pentest framework for Servers, Application Layer to Web Security Tishna Tishna is Web Server Security Penetration Software for Ultimate Security Analaysis Kali, Parrot OS, Black Arch, Termux, Android Led TV Brief Introduction Tishna is useful in Banks, Private Organisations and Ethical hacker personnel for legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorised access and intrusion. With the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Tishna software can audit, servers and web behaviour. Tishna can perform Scanning & Enumeration as much as possible of target. It’s first step to stop cyber criminals by securing your Servers and Web Application Security. Tishna is false positive free, when there is something it will show no matter what, if it is not, it will give blank results rather error. [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.