Search the Community

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a Wi-Fi password with a wordlist can take several hours and can fail, even if you choose a great wordlist because there was no such password in it like Evilcorp2019. Therefore, using the generated wordlist, it is possible to organize a targeted and effective online password check. Features The hashcat rule syntax is used to generate the wordlist. By default, the generator uses a set of rules "online.rule", which performs the following mutations: Adding special characters and popular endings to the end of the word - !,!@, !@#, 123! etc. evilcorp!, evilcorp!123 Adding digits from 1 to 31, from 01 to 12 - evilcorp01, evilcorp12. Adding the date 2018-2023 - evilcorp2018, evilcorp2019 Various combinations of 1-3 - evilcorp2018! Capitalize the first letter and lower the rest, apply 1-4. Evilcorp!2021 As a result, for the word evilcorp, the following passwords will be generated (216 in total): evilcorp Evilcorp EVILCORP evilcorp123456 evilcorp2018 Evilcorp!2021 Evilcorp!2022 Evilcorp2018!@# You can use your own hashcat rules, just click "Show rules" and put in the "Rules" textarea them with the list of rules you like best. Rules that are supported (source [Hidden Content]): [Hidden Content]

VulWebaju is a script that automates to set up your pentesting environment for learning purposes. This script will help you to install common vulnerable applications. Vulnerable webapps that you can install DVWA Owasp Juice Shop Web goat Nodegoat Damm Vulnerable GraphQL Rails Goat OAuth 2.0 Application Xeelab DVWP XSSLab TiredAPI Vulnerable Nginx SSRF Vulnerable Lab Note: This script is only tested in Ubuntu. You can also use it in multiple cloud providers(EC2, Google Compute Engine, Azure virtual machines, DigitalOcean Droplets). [hide][Hidden Content]]

[Hidden Content]

[Hidden Content]

[Hidden Content]

[Hidden Content]

Copyright 2019 The Social-Engineer Toolkit (SET) Written by: David Kennedy (ReL1K) Company: TrustedSec DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, Features The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio. Bugs and enhancements For bug reports or enhancements, please open an issue here. Supported platforms Linux Mac OS X [HIDE][Hidden Content]]