Jump to content

Search the Community

Showing results for tags 'plugin'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are created for selections containing non-ASCII characters The part field is auto-set based on whether the selection was in the request header or body Every generated template auto-includes a Status matcher, using the HTTP status code of the response Request template generation In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or Cluster bomb The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to Battering ram Template execution Generated templates can be executed instantly, and the output is shown in the same window for convenience The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request History of unique, executed commands are stored, can be quick searched and re-executed within the current session Experimental features (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema Syntax highlighting of YAML properties, based on reserved words Productivity Almost every action can be triggered using keyboard shortcuts: F1: open nuclei template documentation Ctrl + Enter: execute current template Ctrl + Shift + E: jump to the template editor Ctrl + L: jump to the CLI input field Ctrl + S: save the current template Ctrl + Plus/Minus: increase/decrease font size Ctrl + Q: quit The template path is auto-updated if the template is saved to a new location The template-id is recommended as file name when saving Settings The plugin attempts to auto-detect and complete the configuration values The code searches for the nuclei binary path, using the values from the process’s environmental PATH variable. Note: the BurpSuite binary, opposed to the stand-alone BurpSuite jar, might not have access to the current users’s PATH variable. The target template path is calculated based on the default nuclei template directory, configured under <USER_HOME>/.config/nuclei/.templates-config.json The name of the currently logged-in operating system user is used as a default value for the template author configuration Look and feel The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected BurpSuite theme, under User Options Support for colored nuclei output Modifiable font size in the template editor and command output Changelog v1.1.1 Fixed a bug on windows with path not correctly updating after saving by @forgedhallpass in #53 [hide][Hidden Content]]
  2. efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: every time we focus on the last versions of IDA and Decompiler because trying to use the most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations. Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get the full power of the most recent SDK’s features. Supported Platforms: Win, Linux, and OSX (x86/x64). [hide][Hidden Content]]
  3. Console example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript [Hidden Content]
  4. FindFunc is an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary for cases where classical bindiffing fails. Filtering with Rules The main functionality of FindFunc is letting the user specify a set of “Rules” or constraints that a code function in IDA PRO has to satisfy. FF will then find and list all functions that satisfy ALL rules (so currently all Rules are in an AND-conjunction). Exception: Rules can be “inverted” to be negative matches. Such rules thus conform to “AND NOT”. FF will schedule the rules in a smart order to minimize processing time. Feature overview: Currently, 6 Rules are available, see below Code matching respects Addressing-Size-Prefix and Operand-Size-Prefix Aware of function chunks Smart scheduling of rules for performance Saving/Loading rules from/to file in simple ascii format Several independent Tabs for experimentation Copying rules between Tabs via clipboard (same format as a file format) Advanced copying of instruction bytes (all, opcodes only, all except immediate) Button “Search Functions” clears existing results and starts a fresh search, “Refine Results” considers only results of the previous search. Advanced Binary Copying A secondary feature of FF is the option to copy binary representation of instructions with the following options: copy all -> copy all bytes to the clipboard copy without immediate -> blank out (AA ?? BB) any immediate values in the instruction bytes opcode only -> will blank out everything except the actual opcode(s) of the instruction (and prefixes) Changelog v1.4 new: clone tab option to clone rule + result list (right click on tab) new: add advanced copy menu: mask all but opcode and immediate guard against empty or invalid input when editing middle-click copies the resp. cell in rules and result tables to clipboard allow pasting immediates directly (0xABC or ABCh for hex, else dec) immediate-rules are now serialized in hex representation inverted rules now have red font-color rename button ‘Search Functions’ to ‘Find Functions’ – branding! 😉 [hide][Hidden Content]]
  5. WordPress webshell plugin for RCE A webshell plugin and interactive shell for pentesting a WordPress website. Features Webshell plugin for WordPress. Execute system commands via an API with ?action=exec. Download files from the remote system to your attacking machine with ?action=download. [hide][Hidden Content]]
  6. FindFunc is an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary for cases where classical bindiffing fails. Filtering with Rules The main functionality of FindFunc is letting the user specify a set of “Rules” or constraints that a code function in IDA PRO has to satisfy. FF will then find and list all functions that satisfy ALL rules (so currently all Rules are in an AND-conjunction). Exception: Rules can be “inverted” to be negative matches. Such rules thus conform to “AND NOT”. FF will schedule the rules in a smart order to minimize processing time. Feature overview: Currently, 6 Rules are available, see below Code matching respects Addressing-Size-Prefix and Operand-Size-Prefix Aware of function chunks Smart scheduling of rules for performance Saving/Loading rules from/to file in simple ascii format Several independent Tabs for experimentation Copying rules between Tabs via clipboard (same format as a file format) Advanced copying of instruction bytes (all, opcodes only, all except immediate) Button “Search Functions” clears existing results and starts a fresh search, “Refine Results” considers only results of the previous search. Advanced Binary Copying A secondary feature of FF is the option to copy binary representation of instructions with the following options: copy all -> copy all bytes to the clipboard copy without immediate -> blank out (AA ?? BB) any immediate values in the instruction bytes opcode only -> will blank out everything except the actual opcode(s) of the instruction (and prefixes) [hide][Hidden Content]]
  7. efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: every time we focus on the last versions of IDA and Decompiler because trying to use the most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations. Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get the full power of the most recent SDK’s features. Supported Platforms: Win, Linux, and OSX (x86/x64). Changelog v4.1 [new feature] Improved SMI handlers recognition to support: SxSmiHandler, IoTrapSmiHandler, UsbSmiHandler and etc. [new feature] Improved child SW SMI handlers recognition and now annotated as ChildSwSmiHandler. [new feature] Added visual representation for NVRAM variables and additional context in JSON report: address, service name, var name and var GUID. [bug fix] Numerous improvements and bug fixes in code analyzer and firmware image loader Moving to support of IDA SDK v7.7 [hide][Hidden Content]]
  8. Introduction The VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, it will attempt to rule out calls to these functions which are not interesting from a vulnerability research perspective (think something like strcpy(dst,"Hello World!")). Without the decompiler, the rules are much simpler (to not depend on architecture) and thus only rule out the most obvious cases. [hide][Hidden Content]]
  9. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.7 Support for IDA 7.4+ (Including 7.7 onwards) Added version check for deprecated API functions [hide][Hidden Content]]
  10. Overview Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration. This project is currently powered by a minor fork of the ubiquitous Keystone Engine, supporting x86/x64 and Arm/Arm64 patching with plans to enable the remaining Keystone architectures in a future release. Special thanks to Hex-Rays for supporting the development of this plugin. [hide][Hidden Content]]
  11. A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are created for selections containing non-ASCII characters The part field is auto-set based on whether the selection was in the request header or body Every generated template auto-includes a Status matcher, using the HTTP status code of the response Request template generation In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or Cluster bomb The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to Battering ram Template execution Generated templates can be executed instantly, and the output is shown in the same window for convenience The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request History of unique, executed commands are stored, can be quick searched and re-executed within the current session Experimental features (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema Syntax highlighting of YAML properties, based on reserved words Productivity Almost every action can be triggered using keyboard shortcuts: F1: open nuclei template documentation Ctrl + Enter: execute current template Ctrl + Shift + E: jump to the template editor Ctrl + L: jump to the CLI input field Ctrl + S: save the current template Ctrl + Plus/Minus: increase/decrease font size Ctrl + Q: quit The template path is auto-updated if the template is saved to a new location The template-id is recommended as file name when saving Settings The plugin attempts to auto-detect and complete the configuration values The code searches for the nuclei binary path, using the values from the process’s environmental PATH variable. Note: the BurpSuite binary, opposed to the stand-alone BurpSuite jar, might not have access to the current users’s PATH variable. The target template path is calculated based on the default nuclei template directory, configured under <USER_HOME>/.config/nuclei/.templates-config.json The name of the currently logged-in operating system user is used as a default value for the template author configuration Look and feel The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected BurpSuite theme, under User Options Support for colored nuclei output Modifiable font size in the template editor and command output [hide][Hidden Content]]
  12. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.6 Refactor plugin handler Removed duplicate banner print Changed PLUGIN_FIX to PLUGIN_HIDE, user can just use Ctrl-Shift-H Code cleanup in #5 [hide][Hidden Content]]
  13. Console example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript [hide][Hidden Content]]
  14. Plugin for x64dbg. [hide][Hidden Content]]
  15. Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes. Installing HashDB Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA. (pip install requests) Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes! Use HashDB can be used to look up strings that have been hashed in malware by right-clicking on the hash constant in the IDA disassembly view and launching the HashDB Lookup client. Settings Before the plugin can be used to look up hashes the HashDB settings must be configured. The settings window can be launched from the plugins menu Edit->Plugins->HashDB. [hide][Hidden Content]]
  16. Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes. Installing HashDB Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA. (pip install requests) Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes! 1.7.1 Latest What's Changed Fixed compatibility with Python 3.6, bumped version by @anthonyprintup in #22 [hide][Hidden Content]]
  17. Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes. Installing HashDB Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA. (pip install requests) Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes! [hide][Hidden Content]]
  18. Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes. Installing HashDB Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA. (pip install requests) Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes! [hide][Hidden Content]]
  19. itsMe

    HashDB IDA Plugin

    Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes. Using HashDB HashDB can be used to look up strings that have been hashed in malware by right-clicking on the hash constant in the IDA disassembly view and launching the HashDB Lookup client. Settings Before the plugin can be used to look up hashes the HashDB settings must be configured. The settings window can be launched from the plugins menu Edit->Plugins->HashDB. [hide][Hidden Content]]
  20. Diaphora is a plugin for IDA Pro that aims to help in the typical BinDiffing tasks. It’s similar to other competitor products and open sources projects like Zynamics BinDiff, DarunGrim, or TurboDiff. However, it’s able to perform more actions than any of the previous IDA plugins or projects. Diaphora is distributed as a compressed file with various files and folders inside it. The structure is similar to the following one: diaphora.py: The main IDAPython plugin. It contains all the code of the heuristics, graphs displaying, export interface, etc… jkutils/kfuzzy.py: This is an unmodified version of the kfuzzy.py library, part of the DeepToad project, a tool and a library for performing fuzzy hashing of binary files. It’s included because fuzzy hashes of pseudo-codes are used as part of the various heuristics implemented. jkutils/factor.py: This is a modified version of a private malware clusterization toolkit based on graphs theory. This library offers the ability to factor numbers quickly in Python and, also, to compare arrays of prime factors. Diaphora uses it to compare fuzzy AST hashes and call graph fuzzy hashes based on small-primes-products (an idea coined and implemented by Thomas Dullien and Rolf Rolles first, authors or former authors of the Zynamics BinDiff commercial product, in their “Graph-based comparison of Executable Objects – Zynamics” paper). Pygments/: This directory contains an unmodified distribution of the Python pygments library, a “generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code”. [hide][Hidden Content]]
  21. FindYara Use this IDA python plugin to scan your binary with Yara rules. All the Yara rule matches will be listed with their offset so you can quickly hop to them! Using FindYara The plugin can be launched from the menu using Edit->Plugins->FindYara or using the hot-key combination Ctrl-Alt-Y. When launched the FindYara will open a file selection dialogue that allows you to select your Yara rules file. Once the rule file has been selected FindYara will scan the loaded binary for rule matches. All rule matches are displayed in a selection box that allows you to double click the matches and jump to their location in the binary. [hide][Hidden Content]]
  22. Karta - source code assisted fast binary matching plugin for IDA. [hide][Hidden Content]]
  23. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.5 GUI Features: QTable Heuristic result view Node limiting Single/All function heuristic search Heuristic result export Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping [hide][Hidden Content]]
  24. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. obfDetect v1.4 Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping [hide][Hidden Content]]
  25. Diaphora is a plugin for IDA Pro that aims to help in the typical BinDiffing tasks. It’s similar to other competitor products and open sources projects like Zynamics BinDiff, DarunGrim, or TurboDiff. However, it’s able to perform more actions than any of the previous IDA plugins or projects. Diaphora is distributed as a compressed file with various files and folders inside it. The structure is similar to the following one: diaphora.py: The main IDAPython plugin. It contains all the code of the heuristics, graphs displaying, export interface, etc… jkutils/kfuzzy.py: This is an unmodified version of the kfuzzy.py library, part of the DeepToad project, a tool and a library for performing fuzzy hashing of binary files. It’s included because fuzzy hashes of pseudo-codes are used as part of the various heuristics implemented. jkutils/factor.py: This is a modified version of a private malware clusterization toolkit based on graphs theory. This library offers the ability to factor numbers quickly in Python and, also, to compare arrays of prime factors. Diaphora uses it to compare fuzzy AST hashes and call graph fuzzy hashes based on small-primes-products (an idea coined and implemented by Thomas Dullien and Rolf Rolles first, authors or former authors of the Zynamics BinDiff commercial product, in their “Graph-based comparison of Executable Objects – Zynamics” paper). Pygments/: This directory contains an unmodified distribution of the Python pygments library, a “generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code”. Changelog v2.0.6 BUG: Do not crash when we cannot analyse one Diaphora SQLite database. BUG: Diaphora was incorrectly searching the pattern ‘{}’ instead of ‘[]’ for empty list field values. Fix for #219. GUI: When a reverser uses the “Diff pseudo-code” option and both codes are equal, show a warning message, but also show the diffing. HEUR: In heuristic “Call Address Sequence” use also the “Partial results” when the function name is the same. HEUR: Added heuristic “Same RVA”. Only matches with a minimum ratio of 0.7 will be considered. HEUR: Removed the “Slow” flag from the heuristic “Same Rare Constant”. HEUR: Use the 3 calculated fuzzy hashes in heuristic “Pseudo-code Fuzzy Hash”. HEUR: Moved heuristic “Similar Pseudo-code and Names” from the probably unreliable category to normal. HEUR: Removed wrong heuristics “Similar Small Pseudo-codes” and “Equal Small Pseudo-codes” because they caused a lot of false positives (heuristics for finding matches tend to fail with small functions, and these were no exception). Also, applied suggestion for issue #220. [hide][Hidden Content]]

Chat Room

Chat Room

Chatroom Rules

No support in chat, open a thread.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.