Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'takeover'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 9 results

  1. DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. [hide][Hidden Content]]
  2. DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. You can use DNS Reaper as an attacker or bug hunter! You can run it by providing a list of domains in a file, or a single domain on the command line. DNS Reaper will then scan the domains with all of its signatures, producing a CSV file. You can use DNS Reaper as a defender! You can run it by letting it fetch your DNS records for you! Yes, that’s right, you can run it with credentials and test all your domain configs quickly and easily. DNS Reaper will connect to the DNS provider and fetch all your records, and then test them. We currently support AWS Route53, Cloudflare, and Azure. Documentation on adding your own provider can be found here You can use DNS Reaper as a DevSecOps Pro! Punk Security is a DevSecOps company, and DNS Reaper has its roots in modern security best practices. You can run DNS Reaper in a pipeline, feeding it a list of domains that you intend to provision, and it will exit Non-Zero if it detects a takeover is possible. You can prevent takeovers before they are even possible! Changelog v1.6.1 enhancement: Handle AWS provider API errors gracefully by @imnotbrandon in #119 fix: explicitly close pool #118 by @SimonGurney in #121 [hide][Hidden Content]]
  3. DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. [hide][Hidden Content]]
  4. [Hidden Content] [Hidden Content]
  5. Second Order Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Usage Ideas This is a list of tips and ideas (not necessarily related to second-order subdomain takeover) on what to use Second Order for. Check for second-order subdomain takeover: takeover.json. (Duh!) Collect inline and imported JS code: javascript.json. Find where a target hosts static files cdn.json. (S3 buckets, anyone?) Collect <input> names to build a tailored parameter bruteforcing wordlist: parameters.json. Feel free to contribute more ideas! [Hidden Content]
  6. An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. Changelog v3.0 Fixed some error and added naabu for port scanning and uro for url filtering [hide][Hidden Content]]
  7. Sub 404 is a tool written in python which is used to check the possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why During the recon process, you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or the urllib method as it is very slow. Using Sub 404 you can automate this task in a much faster way. Sub 404 uses aiohttp/asyncio which makes this tool asynchronous and faster. How it works Sub 404 uses subdomains list from a text file and checks for url of 404 Not Found status code and in addition, it fetches CNAME(Canonical Name) and removes those URL which has target domain name in CNAME. It also combines results from subfinder and sublist3r(subdomain enumeration tool) if you don’t have target subdomains as two is better than one. But for this sublist3r and subfinder tools must be installed in your system. Sub 404 is able to check 7K subdomains in less than 5 minutes. Key Features: – Fast( as it is Asynchronous) – Uses two more tool to increase efficiency – Saves result in a text file for future reference – Umm that’s it, nothing much! [hide][Hidden Content]]
  8. Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz [HIDE][Hidden Content]]
  9. Introduction SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine and many features for penetration testers. SQLMap is capable of databases fingerprinting, fetching data from the databases, accessing the database file systems, running different commands on the target server, etc. SQLmap: Automatic SQL Injection Tool This very powerful exploitation tool is developed in Python an it’s FREE to use. It requires Python version 2.6.x or 2.7.x. and comes preinstalled on Kali Linux, but can be run on any platform. Features SQLmap have many features divided into 3 groups: GENERIC FEATURES FINGERPRINT AND ENUMERATION FEATURES TAKEOVER FEATURES We’ll list some of them here: Full support for:MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band. Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass. Capable to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Ability to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command. [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.