Search the Community

PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules. Changelog v1.0.14 Backdoor reported in #72 [hide][Hidden Content]]

Second Order Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Usage Ideas This is a list of tips and ideas (not necessarily related to second-order subdomain takeover) on what to use Second Order for. Check for second-order subdomain takeover: takeover.json. (Duh!) Collect inline and imported JS code: javascript.json. Find where a target hosts static files cdn.json. (S3 buckets, anyone?) Collect <input> names to build a tailored parameter bruteforcing wordlist: parameters.json. Feel free to contribute more ideas! [Hidden Content]

An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. Changelog v3.0 Fixed some error and added naabu for port scanning and uro for url filtering [hide][Hidden Content]]

PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules. Changelog v1.0.9 README update with new -r flag [hide][Hidden Content]]

PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules. Changelog v1.0.7 Signature update from new infections [hide][Hidden Content]]

AutoDirbuster Automatically run and save Dirbuster scans for multiple IPs Why? OWASP Dirbuster is a great directory buster but running it against multiple IPs and ports is a very manual process with a lot of downtime between scans. This script attempts to automate that process and eliminates downtime between scans. What is the recommended usage? If attacking multiple targets: Run Nmap and find open ports, outputting the results with -oG or -oA Run AutoDirbuster with the Nmap results and a timeout (closed ports or non-HTTP based services are ignored) python AutoDirbuster.py -g Nmap_results.gnmap -to 15 As the pentest progresses, periodically review the Dirbust results using dirbust_read.py, which will ignore all Dirbuster error lines and only print the found directories and files If attacking a single target: python AutoDirbuster.py -st example.com:80 What data does this need? The script can take three data sources: List of IP:port or hostname:port, one per line python AutoDirbuster.py ip_port_list.txt An Nmap Gnmap result file python AutoDirbuster.py -g Nmap_results.gnmap A single target python AutoDirbuster.py -st example.com:80 How does this script work? A list of targets is provided A TCP connect scan is done on the target port to test if it’s open If it’s open, HTTP and HTTPS requests are sent to determine if the service is HTTP-based and whether it requires SSL If the service is HTTP, a check is done to determine if a previous report file is in the same directory. Report files follow the format: DirBuster-Report-IP-port.txt Dirbuster is run using Python’s subprocess.Popen(). If a timeout is specified, then after the timeout period, a SIGINT signal is sent to Dirbuster so it can safely shut down and write results to disk. A note is added to the report indicating that the scan timed out. The next IP:port goes through the same process (TCP connect, HTTP service query, dirbust) This script isn’t working Ensure the following Are all of the dependencies listed in requirements.txt installed? Is there a directory called “DirBuster” inside the same directory as AutoDirbuster.py? Does this “DirBuster” directory contain the Dirbuster JAR file named “DirBuster.jar”? Is “DirBuster.jar” version 0.12? Does this “DirBuster” directory contain a file called “directory-list-2.3-small.txt” (the default wordlist)? Does this “DirBuster” directory contain a subdirectory called “lib” with the default 13 required Dirbuster JAR dependencies? Is Java installed? Is Java in your path? Run AutoDirbuster with the –debug flag to view the subprocess command that AutoDirbuster is using to launch Dirbuster. Run this command from the terminal to view standard error as AutoDirbuster is configured to send subprocess standard error to /dev/null [hide][Hidden Content]]

PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules. Changelog v1.0.6 Allowing multiple use of -d option and braces in path syntax, closes #56 [hide][Hidden Content]]

Perform automated network reconnaissance scans to gather network intelligence. IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more. The tool will also launch further enumeration scans for each detected service using a number of different tools. Features Scans multiple targets in the form of IP addresses, IP ranges (CIDR notation) and resolvable hostnames. Scans targets concurrently. Detects live hosts in an IP range (CIDR) network. Customizable port scanning profiles and service enumeration commands. Creates a directory structure for results gathering. Logs commands that were run. Generates shell scripts with commands to be run manually. Extracts important information in txt and markdown format. Stores data to an SQLite database. Generates HTML report. [hide][Hidden Content]]

PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules. Changelog v1.0.5 Combined whitelist updated [hide][Hidden Content]]