Search the Community

A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are created for selections containing non-ASCII characters The part field is auto-set based on whether the selection was in the request header or body Every generated template auto-includes a Status matcher, using the HTTP status code of the response Request template generation In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or Cluster bomb The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to Battering ram Template execution Generated templates can be executed instantly, and the output is shown in the same window for convenience The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request History of unique, executed commands are stored, can be quick searched and re-executed within the current session Experimental features (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema Syntax highlighting of YAML properties, based on reserved words Productivity Almost every action can be triggered using keyboard shortcuts: F1: open nuclei template documentation Ctrl + Enter: execute current template Ctrl + Shift + E: jump to the template editor Ctrl + L: jump to the CLI input field Ctrl + S: save the current template Ctrl + Plus/Minus: increase/decrease font size Ctrl + Q: quit The template path is auto-updated if the template is saved to a new location The template-id is recommended as file name when saving Settings The plugin attempts to auto-detect and complete the configuration values The code searches for the nuclei binary path, using the values from the process’s environmental PATH variable. Note: the BurpSuite binary, opposed to the stand-alone BurpSuite jar, might not have access to the current users’s PATH variable. The target template path is calculated based on the default nuclei template directory, configured under <USER_HOME>/.config/nuclei/.templates-config.json The name of the currently logged-in operating system user is used as a default value for the template author configuration Look and feel The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected BurpSuite theme, under User Options Support for colored nuclei output Modifiable font size in the template editor and command output Changelog v1.1.1 Fixed a bug on windows with path not correctly updating after saving by @forgedhallpass in #53 [hide][Hidden Content]]

A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated hash cracking, Bluetooth hacking, and much more. I recommend you my alfa adapter: Alfa AWUS036ACM, which works really great with both, 2.4 and 5 Ghz Tested and supported in Kali Linux, Parrot OS, Arch Linux, and Ubuntu SUPPORTED ATTACKS: Deauthentication Attack Authentication Attack Beacon Flood Attack PKMID Attack EvilTwin Attack Passive/Stealthy Attack Pixie Dust Attack Null Pin Attack Chopchop Attack Replay Attack Michael Exploitation Attack Caffe-Latte Attack Jamming, Reading and Writing Bluetooth connections GPS Spoofing with HackRF FEATURES: ☑️ Log generator ☑️ WPA/WPA2, WPS, and WEP Attacks ☑️ Auto handshake cracking ☑️ Multiple templates for EvilTwin attack ☑️ Check monitor mode and its status ☑️ 2Ghz and 5Ghz attacks ☑️ Custom wordlist selector ☑️ Auto detect requirements ☑️ Bluetooth support (Jamming, Reading, Writing) [hide][Hidden Content]]

Juumla is a python tool created to identify the Joomla version, scan for vulnerabilities and search for config or backup files. ✨ Features Fast scan Low RAM and CPU usage Detect Joomla version Find config and backup files Scan for vulnerabilities based on the Joomla version Open-Source Changelog v0.1.4 Improved the code Removed useless checks Changed Juumla banner Changed status messages [hide][Hidden Content]]

An Obfuscation-Neglect Android Malware Scoring System Android malware analysis engine is not a new story. Every antivirus company has its own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way. We have an order theory of criminal which explains stages of committing a crime. For example, the crime of murder consists of five stages, they are determined, conspiracy, preparation, start and practice. The latter the stage the more we’re sure that the crime is practiced. According to the above principle, we developed our order theory of android malware. We develop five stages to see if malicious activity is being practiced. They are 1. Permission requested. 2. Native API call. 3. A certain combination of native API. 4. Calling sequence of native API. 5. APIs that handle the same register. We not only define malicious activities and their stages but also develop weights and thresholds for calculating the threat level of malware. Malware evolved with new techniques to gain difficulties for reverse engineering. Obfuscation is one of the most commonly used techniques. In this talk, we present a Dalvik bytecode loader with the order theory of android malware to neglect certain cases of obfuscation. Our Dalvik bytecode loader consists of functionalities such as 1. Finding cross-reference and calling sequence of the native API. 2. Tracing the bytecode register. The combination of these functionalities (yes, the order theory) not only can neglect obfuscation but also match perfectly to the design of our malware scoring system. Changelog v22.3.1 New features Add a limit to the number of processes available for parallel analysis. Thank @PaulNicolasHunter for this work. (#311 and #315) Update analysis library for Rizin v0.3.0 and above. (#314) Dependency update Update pillow from 9.0.0 to 9.0.1. (#311) [hide][Hidden Content]]

An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. Changelog v3.0 Fixed some error and added naabu for port scanning and uro for url filtering [hide][Hidden Content]]

ScanT3r – Web Security Scanner Scant3r Scans all URLs with multiple HTTP Methods and content-types also, it tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way and scant3r will help you write your own python script faster, you don’t need to configure http/threads/errors/options/etc…, just by writing the main function in your script (also you can import scant3r function for write an awesome script), you can run it in your terminal or access your script from api [hide][Hidden Content]]

HackBar (Burpsuite Plugin) HackBar is a sidebar that assists you with web application security testing, it’s aim is to help make those tedious tasks a little bit easier. Feature MD5, SHA1, SHA256 Hashing Algorithms ROT13 Encoding/Decoding Base64 Encoding/Decoding URL Encoding/Decoding Hex Encoding/Decoding Binary Encoding/Decoding Load, split and execute HTTP requests, This also includes the ability to manipulate POST data and your Referer Extract links from the current page Strip spaces and slashes from strings as well as reversing them XSS assistance (String.fromCharCode generation, HTML Characters and XSS Alert generation) Auto-XSS (Scrapes possible parameters and tests them for XSS (either using a Custom payload or a Polygot)) SQL Injection Assistance Changelog v2.0 Shifted to gradle from NetBeans Bug Fix [hide][Hidden Content]]

An engine to make Tor network your default gateway Summary The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking groups, criminal activities and even ordinary users who care about their privacy in the digital world. Nipe is an engine, developed in Perl, that aims on making the Tor network your default network gateway. Nipe can route the traffic from your machine to the Internet through Tor network, so you can surf the Internet having a more formidable stance on privacy and anonymity in cyberspace. Currently, only IPv4 is supported by Nipe, but we are working on a solution that adds IPv6 support. Also, only traffic other than DNS requests destined for local and/or loopback addresses is not trafficked through Tor. All non-local UDP/ICMP traffic is also blocked by the Tor project. [hide][Hidden Content]]

airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods Assisted Handshake file capturing Cleaning and optimizing Handshake captured files Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule-based) Evil Twin attacks (Rogue AP) Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS) Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap) Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip) Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF) Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd) Optional MAC spoofing for all Evil Twin attacks WPS features WPS scanning (wash). Self-parameterization to avoid “bad FCS” problem Custom PIN association (bully and reaver) Pixie Dust attacks (bully and reaver) Bruteforce PIN attacks (bully and reaver) Parameterizable timeouts Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update Integration of the most common PIN generation algorithms WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.) Compatibility with many Linux distributions (see Requirements section) Easy targeting and selection in every section Drag and drop files on console window for entering file paths Dynamic screen resolution detection and windows auto-sizing for optimal viewing Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired Multilanguage support and autodetect OS language feature (see Supported Languagessection) Help hints in every zone/menu for easy use Auto-update. Script checks for newer version if possible Docker container for easy and quick deployment Http proxy auto detection for updates Changelog v10.21 Improved hostapd-wpe config for some conflicting Linux Dockerfile migrated to Arch (ArchStrike image as base) to avoid Debian based missing packages problem After PMKID capturing, now additionally can transform captured file into .cap aircrack-ng file format [HIDE][Hidden Content]]

ReconNess Web App Tool A Web App Tool to Run and Keep all your #recon in the same place. Why ReconNess? Well, we have seen a lot of #bugbounty hackers organizing his #recon using txt and doing a lot of bash scripts to filter the output to keep everything organized with the intention to focus only on the potentially vulnerable targets. But realistically this demands a lot of bash skill and strong folders/files organization process to avoid the feeling of chaos. Continuous Recon (CR) Concept The idea with ReconNess is to create a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events. Changelog v1.2.1 Add notification feature [HIDE][Hidden Content]]

Threadtear Threadtear is a multifunctional deobfuscation tool for java. Android application support is coming soon (Currently working on a Dalvik to java converter). Suitable for easier code analysis without worrying too much about obfuscation. Even the most expensive obfuscators like ZKM or Stringer are included. For easier debugging, there are also other tools included. Insert debug line numbers to better understand where exceptions originate or add .printStackTrace() to try-catch blocks without recompiling your code. Reverse compatibility is not a problem anymore if no version-specific methods are used. Executions An “execution” is a task that is executed and modifies all loaded class files. There are multiple types of executions, varying from bytecode cleanup to string deobfuscation. Make sure to have them in the right order. Cleanup executions, for example, should be executed at last, but also can help other executions if executed first. If you are ready, click on the “Run” button and they will be executed in order. Warning Use this tool at your own risk. Some executions use implemented ClassLoaders to run code from the jar file. An attacker could tweak the bytecode so that malicious code could be executed. Affected executions use the class me.nov.threadtear.asm.vm.VM. These are mostly used for decrypting string or resource/access obfuscation, as it is much easier to execute the decryption methods remotely. Changelog v2.5 make sure right real bootstrap is found [HIDE][Hidden Content]]

BlackArch Linux 2019.09.01 Releases: Linux kernel 5.2.9, added more than 150 new tools BlackArch Linux is an open source distribution of Linux derived from the lightweight and powerful Arch Linux operating system and designed from the ground up to be used by security professionals for penetration testing tasks. The repository contains more than 2050 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. For more information, see the installation instructions. ChangeLog 2019.09.01: added more than 150 new tools added terminus font for all WMs (thanks to psf for i3-wm bugfixes) included linux kernel 5.2.9 new ~/.vim and ~/.vimrc (thanks to noptrix offering his config files) updated blackarch-installer to v1.1.19 various improvements and bugfixes removed dwm window manager replaced the default terminal xterm with rxvt-unicode updated look&feel: new BlackArch theme for WMs, grub, syslinux, etc. (special thanks to Erik!) QA’ed and fixed all packages (runtime exec). updated all blackarch tools and packages including config files updated all system packages updated all window manager menus (awesome, fluxbox, openbox) [HIDE][Hidden Content]]

ArcoLinux is an Arch Linux based distro that uses Arch Linux as a base elements from the AUR (applications from github, debian (deb), redhat (rpm), compressed files, etc…) ArcoLinux created elements (themes, icons, conky’s, tweaks and configs) Features Provide an operating system with all applications with personal theming installed but also bluetooth, printers, … After the installation no fuss and all fun. Provide a continuous stream of tutorials and knowledge on ArcoLinux. Easy setup. No technical knowledge. Low in cpu and memory consumption Provide all icons, themes, cursors, wallpapers, … out of the box. Provide Windows users a comfortable transition to the (Arch) Linux world. Blazing fast. Linux Arch Linux xfce openbox i3wm awesome budgie cinnamon gnome mate bspwm Changelog CALAMARES NEW VERSION 3.2.8 NEW PROJECT ARCOLINUXB XFCE BARE QTILE TUTORIALS AND PROJECTS QTILE OBLOGOUT QTILE MEMORY WIDGET QTILE NET GRAPH WIDGET QTILE NET WIDGET QTILE BATTERY QTILE SUPER + SHIFT + X BREAKING BAD CONKY MAINTENANCE OF GITHUBS NEW IN .BIN GENERAL IMPROVEMENTS FUTURE EFFORTS STAY ROLLING More… [HIDE][Hidden Content]]

ThunderShell ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is employed here to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption. Advantage against detection The "core" RAT doesn't require a second stage to be injected / loaded in memory. Version 2.1.2 (11/01/2019) [HIDE][Hidden Content]]