Search the Community

GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others. Changelog v0.3.1 Fixed bugs [hide][Hidden Content]]

Features Easy to use dashboard with settings, statistics, payloads, view/share/search reports Unlimited users with permissions to personal payloads & their reports Instant alerts via mail, Telegram, Slack, Discord or custom callback URL Custom javascript payloads Custom payload links to distinguish insert points Extract additional pages, block, whitelist and other filters Secure your login with Two-factor (2FA) The following information can be collected on a vulnerable page: The URL of the page IP Address Any page referer (or share referer) The User-Agent All Non-HTTP-Only Cookies All Locale Storage All Session Storage Full HTML DOM source of the page Page origin Time of execution Payload URL Screenshot of the page Extract additional defined pages much much more, and, its just ez 🙂 Required Server or hosting with PHP 7.1 or up Domain name (consider a short one) SSL Certificate to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL) ezXSS v4.0 Latest I am excited to announce the release of ezXSS v4.0, a major update to the XSS tool. This version includes at least the following new features and improvements: Completely re-coded, resulting in clean, readable code that is easy to understand and maintain Multi-user setup that allows for roles and payload separation Alerts via Slack and Discord in addition to existing support for email and Telegram Redesigned pages and fixed styling bugs More statistics on the dashboards Improved reports view and search Ability to render collected DOM pages Lots of smaller bug fixes and much much more amazing things! It is highly recommended to update to ezXSS v4.0, as version 3.x will no longer be supported due to its old codebase. If you are currently running an older version of ezXSS, please make sure to first update to version >3.10 before upgrading to v4.0. Also, after updating, the default username will be "admin". Thank you for your continued support and I hope you enjoy using the new and improved ezXSS v4.0! [hide][Hidden Content]]

The best way to get ready for an SEO job interview is to answer any question. Impress your boss. Get better at what you do, and then get the job. What you’ll learn SEO Interview Preparation (Question, Answer, Test, Practice) How do I prepare for an interview with SEO? How to answer the question right. The interviewer will like you if you make them happy. Answer questions the right way. Questions about technical SEO. People ask about behavior. How to speak like a person who works with SEO. Requirements It doesn’t matter if you know a little about SEO, but it’s a good idea. Description Did you get a call for the job interview you want in SEO? Is this your first job, or are you still looking for one? Make sure you know what to say in your interview so you can get a job with SEO. In this training, I show you how I learned about SEO while working for different companies, including Fortune 500 clients. Before the interview, I had to do a lot of practice interviews. This gave me a lot of information about what recruiters ask, what their top priorities are, how they hire people like you, and how to answer each question; not just technical answers, but also cultural and behavioral answers that make you more likeable. Before I hired one of the best employees and coworkers at the company, I did my own SEO interviews to make sure they were the right person for the job. As a beginner or an experienced SEO, you can use this interview to get ready for any and all SEO interviews. There is something for everyone, so you will find both technical and non-technical information very useful in it. What will you learn in this class? How to answer questions on the job They ask: What does the recruiter want to know about me? The best way to answer: The best answer is: What should you do if you get stuck? Is it important to ask about salary? No, I haven’t done that. How would you say it? You will learn through: The following is a sample question that you can use A Sample Answer: It’s possible to choose from a lot of Types of Queries Analysis of the situation You’ll get answers and practice for questions like this one, like: In SEO, what does “on-page” mean? SEO has gone bad. How would you fix it and make it better? How are on-page and off-page SEO different? Tell me more about yourself. What is your favorite project? Is it better for you to do a project with or without help? Who this course is for: Got a call from SEO. Soon, I’ll have an interview with an SEO company, so stay tuned. The people who applied for SEO jobs were interested. People who are new to SEO It’s a job for someone who is good at SEO Very little about SEO. [Hidden Content] [hide][Hidden Content]]

Description ـــــــــــــــــــــــــــ -This course is designed and built for improve your knowledge & skills in penetration testing and Ethical Hacking ! -This course is Suitable for people who are familiar with the world of security and penetration testing and Ethical hackers , or at least know the basics . This specialized course can show you different ways to increase your abilities and knowledge in the field of penetration testing and teach you important points. ـــــــــــــــــــــــــــــــــــــــــــ •A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF). •Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in — either virtually or for real — and reporting back the findings. You will learn ــــــــــــــــــــــــــــــ ✓ WebAppliction Scan & Attacks ✓ Webserver Scan & Attacks ✓ MITM Theory & Attack ✓ Network Scanning ✓ Exploit ✓ WAF ✓ sql methods ✓ Logs & LostTrack ✓ Honeypot ✓ Port Scanning With Python & etc. ✓ CCTV penetration testing ✓ Nmap tips What you’ll learn ـــــــــــــــــــــــــــــــــــــ WebAppliction Scan & Attacks Webserver Scan & Attacks MITM Theory & Attack Network Scanning Exploit WAF sql methods Logs & LostTrack Honeypot python tools Nmap tips CCTV penetration testing Are there any course requirements or prerequisites? Be familiar with network & security Be familiar with penetration test Be familiar with python pragramming Have two Penetration lab and a windows Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــ Beginner Penetration testers that want to improve their skills Beginner Hackers who want to improve their knowledge Security engineers that curious about ways to penetrate . [hide] [Hidden Content]]

Description ــــــــــــــــــــــــــ In this course, I will walk you through the process of penetration testing applications to find vulnerabilities and earn bug bounties. We will analyze a vulnerable Android app, and see how vulnerabilities can be found using tools such as: Drozer Dex2Jar Jadx ApkTool Adb Burp Suite Learn about dynamic and static analysis to become an expert at finding Android exploits! Requirements ــــــــــــــــــــــــــــــــ A basic understanding of programming and app development is recommended Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــ Android developers looking to secure their applications Hackers looking to learn common Android vulnerabilities Bug Bounty participants looking to target Android apps People looking to expand their knowledge of Computer Security [Hidden Content]

GyoiThon is a growing penetration test tool using Machine Learning. It identifies the software installed on the web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. It executes the above processing automatically. [hide][Hidden Content]]

[Hidden Content]

RAT-el is an open-source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. Features RATelServer: Multiple Connections Broadcast commands to all clients Stores client information in the database Encryption of data on the network via XOR Token management system to identify clients Client: Encryption of data sent over the network Startup persistence Remote command execution via CMD Remote command execution via Powershell Encryption of data on the network via XOR Automatic persistence when running the client Automatic reconnection RATelGenerator: Automatic client compilation [hide][Hidden Content]]

What’s PAKURI Sometimes, penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is a semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools using only the numeric keypad, just like a game. It is also a good entry tool for beginners. They can use PAKURI to learn the flow to penetration testing without struggling with a confusing command line/tools. Abilities of “PAKURI”. Intelligence gathering. Vulnerability analysis. Visualize. Brute Force Attack. Exploitation. Your benefits. By using our PAKURI, you will benefit from the following. For redteam: (a) Red Teams can easily perform operations such as information enumeration and vulnerability scanning. (b) Visualizing the survey results is possible only with the numeric keypad. For blueteam: (c) The Blue Team can experience a dummy attack by simply operating the numeric keypad even they do not have any penetration testing skill. For beginner: (d) PAKURI has been created to support the early stages of penetration testing. These can be achieved with what is included in Kali-Tools. It can be useful for training the entry level pentesters. NOTE If you are interested, please use them in an environment under your control and at your own risk. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legal liability for your action. Features Scan enum4linux Nikto Nmap OpenVAS Skipfish sslscan SSLyze Exploit BruteSpray Metasploit Visualize Faraday CUI-GUI switching PAKURI can be operated with CUI and does not require a high-spec machine, so it can be operated with Raspberry Pi Changelog v1.1.1 This is PAKURI version 2, presented at BlackHat Asia 2020 Arsenal [hide][Hidden Content]]

ezXSS is an easy way to test (blind) Cross-Site Scripting. Current features Easy to use dashboard with statics, payloads, view/share/search reports and more Payload generator Instant email alert on the payload Custom javascript for extra testing Prevent double payloads from saving or alerting Share reports with other ezXSS users Easily manage and view reports in the system Search for reports in no time Secure your system account with extra protection (2FA) The following information is collected on a vulnerable page: The URL of the page IP Address Any page referer (or share referer) The User-Agent All Non-HTTP-Only Cookies Full HTML DOM source of the page Page origin Time of execution its just ez 🙂 Changelog v3.6 In order to update ezXSS 3.x to 3.6 you need to rename config.ini.example to config.ini and fill in your database information. Your database information is no longer stored in the Database.php. Changelog: Fixed #56, bug on deleting reports on page 2 or up Fixed and added #55, custom send mail from Added config file Renamed some things Fixed some other small bugs [hide][Hidden Content]]

Bypass anti-virus software lateral movement command execution test tool（No need 445 Port） Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted by Anti-virus software 100%, so we created WMIHACKER (Bypass anti-virus software lateral movement command execution test tool（No need 445 Port）). Main functions: 1. Command execution 2. File upload 3. File download [hide][Hidden Content]]

What’s PAKURI Sometimes, penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is a semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools using only the numeric keypad, just like a game. It is also a good entry tool for beginners. They can use PAKURI to learn the flow to penetration testing without struggling with a confusing command line/tools. Abilities of “PAKURI”. Intelligence gathering. Vulnerability analysis. Visualize. Brute Force Attack. Exploitation. For beginner: (d) PAKURI has been created to support the early stages of penetration testing. These can be achieved with what is included in Kali-Tools. It can be useful for training the entry level pentesters. NOTE If you are interested, please use them in an environment under your control and at your own risk. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legal liability for your action. Features Scan enum4linux Nikto Nmap OpenVAS Skipfish sslscan SSLyze Exploit BruteSpray Metasploit Visualize Faraday CUI-GUI switching PAKURI can be operated with CUI and does not require a high-spec machine, so it can be operated with Raspberry Pi. [HIDE][Hidden Content]]

[Hidden Content]

[HIDE][Hidden Content]]

Deep Exploit Fully automatic penetration test tool using Machine Learning. Deep Exploit is fully automated penetration tool linked with Metasploit. Deep Exploit has two exploitation modes. Intelligence mode Deep Exploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint based on past experience (trained result). Brute force mode Deep Exploit executes exploits using all combinations of “exploit module”, “target” and “payload” corresponding to a user’s indicated product name and port number. Deep Exploit’s key features are following. Efficiently execute exploit. If “intelligence mode”, Deep Exploit can execute exploits at pinpoint (minimum 1 attempt). If “Brute force mode”, Deep Exploit can execute exploits thoroughly corresponding to user’s indicated product name and port number. Deep penetration. If Deep Exploit succeeds the exploit to the target server, it further executes the exploit to other internal servers. Operation is very easy. Your only operation is to input one command. It is very easy!! Self-learning. Deep Exploit doesn’t need the “learning data”. Deep Exploit can learn how to method of exploitation by itself (uses reinforcement learning). Learning time is very fast. Deep Exploit uses distributed learning by multi-agents. So, we adopted an advanced machine learning model called A3C. Current Deep Exploit’s version is a beta. But, it can automatically execute following actions: Intelligence gathering. Threat Modeling. Vulnerability analysis. Exploitation. Post-Exploitation. Reporting. [HIDE][Hidden Content]]

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, automotive and exploitation. It has been built on Ubuntu core system yet fully customized, designed to be one of the best Penetration testing and security distribution and more. As usual, this major release includes many updates. These include new kernel, updated tools and some structural changes with a focus on maintaining stability and compatibility with Ubuntu 18.04 LTS. What’s new Updated Linux Kernel 4.18 Updated desktop environment Updated hacking tools Updated ISO Hybrid with UEFI support System requirements 32-bit or 64-bit processor 1024 MB of system memory (RAM) 10 GB of disk space for installation Graphics card capable of 800×600 resolution DVD-ROM drive or USB port (3 GB) The ISO images for both 32bit & 64bit can be downloaded from the official web site download section: [HIDE][Hidden Content]]