Search the Community

Web Tools is a multifunctional tool for managing your websites. With Web Tools you can: Work with files(ftp client), monitor the stability of your sites by ip address, manage the server with telnet or ssh client and test new features. This is a must-have app for system administrators and web developers. Features: • FTP & SFTP client • Utility for HTTP tests • Reachability – Check availability by ip address • Internet speed test • Source code editor • SSH client • And much more … The Web Tools application provides access to the most popular utilities that network administrators and web developers use on their computers. Web Tools has a simple, intuitive interface, through which you can configure your site in minutes and check its stability. The app is improved continuously. Its developers allow for customer opinions and modify the product offering new, more functional and handy versions. The app’s benefits go far beyond the above list. However, even those mentioned are enough to dismiss doubts, download the Web Tools to your smartphone and assess advantages from using them right now. What’s New: ● Fixes Mod Info: Premium / Paid features unlocked; Disabled / Removed unwanted Permissions + Receivers + Providers + Services; Optimized and zipaligned graphics and cleaned resources for fast load; Ads Permissions / Services / Providers removed from Android.manifest; Ads links removed and invokes methods nullified; Ads layouts visibility disabled; Remove the rate option; Remove all promo apps; AOSP compatible mode; Google Play Store install package check disabled; Debug code removed; Remove default .source tags name of the corresponding java files; Analytics / Crashlytics / Firebase disabled; Facebook ads bundled SDK removed completely; No active trackers or advertisements; Languages: Full Multi Languages; CPUs: universal architecture; Screen DPIs: 160dpi, 240dpi, 320dpi, 480dpi, 640dpi; Original package signature changed; Release by Balatan. [Hidden Content] [hide][Hidden Content]]

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! [hide][Hidden Content]]

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! Changelog v1.0.12 Bug Fixes: Fix issue when RSSH client binary is run in paths that have spaces, that the space no longer acts as an argument. [hide][Hidden Content]]

[hide][Hidden Content]]

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! [hide][Hidden Content]]

Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local, and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channels And more! [hide][Hidden Content]]

Puwr - SSH attack surface on local network SSH pivoting script for expanding attack surfaces on local networks Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP’s, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, by forwarding you hosts you couldn’t normally reach from your own device. Usage Puwr is simple to run, only requiring 4 flags: python3 puwr.py (MACHINE IP) (USER) (PASSWORD) (SUBNET VALUE) Example: python3 puwr.py 10.0.0.53 xeonrx password123 10.0.0.1/24 If you need to connect through a port other than 22, use the -p flag. (example: -p 2222) If you want to keep quiet, use the -s flag to wait specified seconds between request. (example: -s 5) Use the -h flag for usage reference in the script. The paramiko and netaddr modules are required for this script to work! You can install them with the pip tool: pip install netaddr paramiko Download [Hidden Content]

A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the –proxies switch, it acts just like any other multi-threaded SSH brute-forcing script. When the –proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launches all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to be rate-limited by the target host. [hide][Hidden Content]]

SSH Tunneling SSH Tunneling What is SSH Tunneling? SSH tunneling (also called as SSH port forwarding) is a method of transporting arbitrary networking data over an encrypted SSH connection. SSH tunneling is the process by which a TCP/IP connection is tunneled inside a secure SSH tunnel. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls. It protects the tunneled connection from network attacks. Application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be eavesdropped or intercepted while it is in transit. SSH tunneling enables adding network security to legacy applications that do not natively support encryption. The SSH connection is used by the application to connect to the application server. With tunneling enabled, the application contacts to a port on the local host that the SSH client listens on. The SSH client then forwards the application over its encrypted tunnel to the server. The server then connects to the actual application server - usually on the same machine or in the same data center as the SSH server. What is SSH port forwarding in Linux? SSH port forwarding establishes a secure connection between a local computer and a remote Linux machine through SSH protocols which can delay services. You need to give your client your source and destination port numbers to use SSH tunneling in Linux. You also need to provide the location of the destination server, which can either be a hostname or an IP address. Who uses SSH tunneling? Any user who is able to log into a server can enable port forwarding. Hackers and malware can similarly use it to leave a backdoor into the internal network. It can also be used for hiding attackers's tracks by bouncing an attack through multiple devices that permit uncontrolled tunneling. Types of SSH port forwarding • Local port forwarding • Dynamic port forwarding • Remote port forwarding How does SSH port forwarding work? Port forwarding starts with the packets that are generated when you forward a data request over the Internet. Your network router will typically assess the header of an IP packet and forward it to the connected and proper interface. This will then transfer the data to the target information in the header. However, with port forwarding, the intercepting device or application browses the packet header, takes note of the destination, and later modifies the header information. This is then sent to a different computer than the one intended. The subordinate host destination may have a different port on the same IP address, a different IP address on the same port, or a totally different mixture of the two.

Shellz is a small utility to manage your ssh, telnet, kubernetes, winrm, web or any custom shell in a single place. [hide][Hidden Content]]

[hide][Hidden Content]]

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server [hide][Hidden Content]]

sshLooter – Script To Steal SSH Passwords sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in rather than via strace which is not so reliable. ssHLooter was inspired to steal SSH passwords via another script using Python to implement a PAM module to log failed attempts, the author just had to change the location where passwords were logged. Download: [Hidden Content]

Can someone help me with tolls to auto upload shell to sites and small guidance on how to do it properly. I also need a tool for ssh cracking/brute force

Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module Description A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan and shodan module. [HIDE][Hidden Content]]

FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege escalation is done by abusing the insecure sudoers entry file. View the full article

[Hidden Content]

Multi-thread [+] Brute accepts IP lists and ranges 1.0.0.0/8, 1.0.0.0-2.0.0.0 Check for black in spam sheets Check for offline and online location (IP-score.com) Check Tunnels for Speed Check for input on any password, non-password input SOCKS 5 Support [+] Brutus by login;pass Serial brute by login;Pass (IP list) Removes duplicates from beeps Flexible log setting by template Parsing strings for a check by template Easy to view log with the ability to immediately raise a slow tunnel Auto Save log in Excel format Hide the Brutus window by key combination [ + ] Saving settings and progress on exit Download socks by URL/from file by timer Brutus is not picky about iron [+] Masscan built-in [Hidden Content] Pass: level23hacktools.com

CVE-2018-15473-Exploit Exploit written in Python for CVE-2018-15473 with threading and export formats Threading - default 5 If more than 10 are used, often the OpenSSH service gets overwhelmed and causes retries Single username evaluation via username parameter Multiple username evaluation via userList parameter Multiple username evaluation file output via outputFile parameter Multiple output formats (list, json, csv) via outputFormat parameter An example username input file is given in exampleInput.txt An example results output file in List format is given in exampleOutput.txt An example results output file in JSON format is given in exampleOutput.json An example results output file in CSV format is given in exampleOutput.csv Build the image: docker build -t cve-2018-15473 . Run the exploit: docker run cve-2018-15473 -h Delete containers and image: docker ps -a | awk '$2 == "cve-2018-15473" {print $1}' | xargs docker rm docker rmi cve-2018-15473 [Hidden Content]

Eaton Xpert Meter version 13.4.0.10 suffers from an SSH private key disclosure vulnerability. View the full article