Search the Community

Showing results for tags 'the'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me










Found 349 results

  1. Deepfake Offensive Toolkit dot (aka Deepfake Offensive Toolkit) makes real-time, controllable deepfakes ready for virtual camera injection. dot is created for performing penetration testing against e.g. identity verification and video conferencing systems, for the use by security analysts, Red Team members, and biometrics researchers. [hide][Hidden Content]]
  2. Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [hide][Hidden Content]]
  3. socialhunter Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company’s reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Currently, it supports Twitter, Facebook, Instagram, and Tiktok without any API keys. [hide][Hidden Content]]
  4. Portable utility that helps you restore your privacy and increase your security. Optimizer is recommended after a fresh, clean installation of Windows to achieve maximum privacy and security. Depending on your version of Windows, Optimizer will also allow you to perform some specific tweaks. Full multilingual support (16 languages available) Speed up your system and network performance Disable unnecessary Windows services Disable Windows telemetry, Cortana and many more Disable Office telemetry (works only with Office 2016) Disable Windows 10 automatic updates Download useful apps quickly at once Uninstall UWP apps Clean your system drive and major browsers' profile data Fix common registry issues Ping IPs and assess your latency Search IPs on Rapidly change DNS server (from a pre-made list) Flush DNS cache Remove unwanted programs running at startup Edit your HOSTS file Find file lock handles and kill associated processes Network speed monitoring Hardware inspection tool Add items in desktop on right-click menu Define custom commands for run dialog Silent run support using a configuration file [hide][Hidden Content]]
  5. Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make an HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. Each HTTP response is then compared to the original using the Levenshtein algorithm to determine similarity. If the response is similar, it will be deemed a match. [hide][Hidden Content]]
  6. Knowing how networks are built and how to keep communications technologies and network protocols safe What you’ll learn Learning Types of Transmission: An Introduction to Network Security Foundations of Learning and Networking Services for Learning Networks Wireless Networks: An Overview An Overview of Protocols Understanding Different Network Sizes Network Attacks: An Overview Learning Model Based on Open Systems Interconnection (OSL) Requirements An internet connection and access to a computer Description Hello and welcome to this course. While practically every nation on the globe has experienced difficult economic times, one sector that has remained relatively unaffected is information security. Organizations and government agencies do not have a big enough pool of employees with the required skillset from which to recruit, yet assaults on these institutions are only rising and becoming more crucial. If you are genuinely smart, talented, and disciplined, security is a terrific industry to be in. Telecommunications and networking make use of a variety of interconnected and integrated processes, devices, software, and protocols. Because there are so many technologies involved and changing, networking is one of the most complicated issues in the computer world. Our existing technologies are always changing, and it seems like there are new “emerging” technologies to study, comprehend, adapt, and protect every month. A network administrator should be able to set up networking software, protocols, and devices, as well as deal with interoperability difficulties, install, configure, and interface with telecommunications software and equipment, and efficiently troubleshoot. To properly recognize where vulnerabilities might exist within each of these components and then know what to do about them, a security expert must first comprehend them and then be able to analyze them at a deeper level. This may be a difficult process. You may have more employment choices than you know what to do with if you are informed, have a strong practical skill set, and are ready to continue learning. This course will teach you how to: TCP/IP and OSI models. Types of protocols and security concerns technologies such as LAN, WAN, MAN, intranet, and extranet. Data transmission kinds and cable types Internet-connected devices and services Routing by software Dissemination networks Protocols with several layers Network technologies that are convergent Communication, safety, and management Devices and technology for communication Technology for remote connection Technologies that are based on wireless communication Encryption over the internet Attainment and threats Who this course is for: Anyone interested in learning more about network security should consult [hide][Hidden Content]]
  7. RedTeam Toolkit Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities. The cybersecurity open-source projects are integrated with what will be a powerful toolkit together. Currently, it supports the following options: FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output) Livehosts (scan all live hosts in the network scale – PDF output) DirScan (scan all directories on a target – PDF output) CVE Description ( CveID Search) SSH Dictionary Attack RDP BruteForce WebApps Section F5 BIG-IP PoC ( CVE-2022-1388 ) Apache Path Traversal PoC ( CVE-2021-41773 ) Automated XSS Finder Web Crawler for gathering URLs SubDomain Enumeration HTTP Verb Tampering (SQLi will be added soon) Windows Section (Being updated, other major CVEs will be added) Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 ) Linux Section to implement major Linux CVEs (UNDER MAINTENANCE) Changelog v0.1.5 The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules: CVE-2022-1388 PoC (for F5 BIG-IP Automated XSS Finder to server a website and find XSS on that A new module for content discovery (Gathering all URLs) [hide][Hidden Content]]
  8. With the help of this automated script, you will never lose track of newly released CVEs. What does this powershell script do is exactly running the Microsoft Edge at system startup, navigate to 2 URLs ,and then put the browser in to full screen mode. As ethical hackers, it's vital that we keep track of the recently released CVEs in order to be fully aware of new threats or vulnerabilities out there in the Internet. Actually, it's a routine task in our day to day lives. So why don't we just automate the whole procedure of opening a browser and navigate to our sources for cheking the new CVEs? The purpose of this tool is to basically, automate the mentioned procedure with the help of powershell scripting. Among all the online sources that are available which publish new CVEs, I've chosen the following 2 URLs and leveraged them in the script. [hide][Hidden Content]]
  9. Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Changelog v1.6.5 One patch related to #5087 [hide][Hidden Content]]
  10. Description Would you like to learn everything about the anonymous world the Dark web You are in the Right Place! Brief Description: This course covers how explore the hidden part of the internet(dark web) without break any rules, no matter what professionalism you have , whether you are an IT professional or a personal user. We will go through step by step how to navigate on the dark web . Also we will go over how to explore some dark web market on the darknet we will see how to avoid get scammed on dark web My Promise to You I’ll be here for you in every step. If you have any questions about the course content or anything related to this topic or any other topic, you can always put a question in the course or send me a direct message. and I will be here with you to help. I want to make this the best course about Dark web , deep web and tor browser . So if there is any way I can improve this course, just tell me and I’ll we be happy to hear and I will make it happen. With the 30-day 100% money-back guarantee, there is nothing holding you back from jumping in right now and trying the course out. Go ahead and click the enroll button, and I’ll see you in lesson 1! Who this course is for: Anyone who is Curious and Interested about the Dark Web and Tor Browsers. Requirements you will only need a Computer and an Internet connection. [Hidden Content] [hide][Hidden Content]]
  11. This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain. Introduction For security professionals, the URL is usually the most trusted aspect of a domain. Yes there’s attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs but not to an extent that makes URLs unreliable. All of this eventually lead me to think, is it possible to make the “Check the URL” advice less reliable? After a week of brainstorming I decided that the answer is yes. Disclaimer Usage of these templates for attacking targets without prior consent is illegal. It's the end user's responsibility to obey all applicable laws. The developer is not responsible for any misuse of these templates. [hide][Hidden Content]]
  12. Jbin website secret scraper Jbin will gather all the URLs from the website and then it will try to expose the secret data from them. It collects both URLs and JS links to scrape secrets out of it. Also if you are looking for a specific string on a page or want to run custom regex then you can do that too now with the new release, It also provides you with an informative excel report. Currently, we can scrape these secrets! Google Maps API Artifactory API Artifactory Pass Auth Tokens AWS Access Keys AWS MWS Auth Token Base 64 Basic Auth Credentials Cloudanary Basic Auth Tokens Facebook Access Tokens Facebook Oauth Tokens Github Secrets Google Cloud API Google Oauth Tokens Youtube Oauth Tokens Heroku API Keys IPV4 IPV6 URL Without http URL With http Generic API RSA Private Keys PGP Private Keys Mailchamp API key Mailgun API key Picatic API Slack Token Slack Webhook Stripe API Keys Square Access Token Square Oauth Secret Twilio API key Twitter Client ID Twitter Oauth Twitter Secret Keys Vault Token Firebase Secrets Paypal Braintree Tokens New Features? Directory bruteforce to get more URLs Custom wordlist Added realtime task monitoring Added the option to reduce power [hide][Hidden Content]]
  13. hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser. It supports the most popular browsers on the market and runs on Windows, macOS, and Linux. Changelog v0.4 feat: support Go 1.18 generics, refactor project layout feat: add support for all published firefox feat: add color output for command line logs feat: add support chromium when some Linux distributions does not use D-Bus to get master key fix: getting wrong Chromium cookie file path error fix: check AES block size when decrypting Chromium password under Windows fix: export credit card failed for windows [hide][Hidden Content]]
  14. itsMe


    [hide][Hidden Content]]
  15. SpiderFoot is an open-source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, or network subnet. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organization is freely providing for attackers to use against you. Features Utilises a shedload of data sources; over 50 so far and counting, including SHODAN, RIPE, Whois, PasteBin, Google, SANS, and more. Designed for maximum data extraction; every piece of data is passed on to modules that may be interested so that they can extract valuable information. No piece of discovered data is saved from the analysis. Runs on Linux and Windows. And fully open-source so you can fork it on GitHub and do whatever you want with it. Visualisations. Built-in JavaScript-based visualizations or export to GEXF/CSV for use in other tools, like Gephi for instance. Web-based UI and CLI. Choose between a GUI that is easy to use and a powerful command-line interface. Take a look through the gallery for screenshots of the GUI and the collection of CLI videos on Highly configurable. Almost every module is configurable so you can define the level of intrusiveness and functionality. Modular. Each major piece of functionality is a module, written in Python. Feel free to write your own and submit them to be incorporated! SQLite backend. All scan results are stored in a local SQLite database, so you can play with your data to your heart’s content. Simultaneous scans. Each footprint scan runs as its own thread, so you can perform footprinting of many different targets simultaneously. So much more.. check out the documentation for more information. Changelog v4.0 SpiderFoot 4.0 introduces the concept of writing your own correlation rules in YAML, plus integration with a number of open source security tools. SpiderFoot has integrated with a few popular open source tools such as DNSTwist, CMSeek, Whatweb, WAFW00F and Nmap for some time nbtscan: Scans for open NETBIOS nameservers on your target’s network. Nuclei: Fast and customizable vulnerability scanner with a powerful templating framework for custom detections. onesixtyone: Fast scanner to find publicly exposed SNMP services. Retire.js: Scanner detecting the use of JavaScript libraries with known vulnerabilities. snallygaster: Finds file leaks and other security problems on HTTP servers. Identify various TLS/SSL weaknesses, including Heartbleed, CRIME and ROBOT. TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history. Wappalyzer: Wappalyzer indentifies technologies on websites. [hide][Hidden Content]]
  16. Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [hide][Hidden Content]]
  17. Cryptomator is provided free of charge as an open-source project despite the high development effort and is therefore dependent on donations. Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud. Features Works with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory Open Source means: No backdoors, control is better than trust Client-side: No accounts, no data shared with any online service Totally transparent: Just work on the virtual drive as if it were a USB flash drive AES encryption with 256-bit key length File names get encrypted Folder structure gets obfuscated Use as many vaults in your Dropbox as you want, each having individual passwords One thousand commits for the security of your data!! Privacy 256-bit keys (unlimited strength policy bundled with native binaries) Scrypt key derivation Cryptographically secure random numbers for salts, IVs and the masterkey of course Sensitive data is wiped from the heap asap Lightweight: Complexity kills security Consistency HMAC over file contents to recognize changed ciphertext before decryption I/O operations are transactional and atomic, if the filesystems support it Each file contains all information needed for decryption (except for the key of course), no common metadata means no SPOF Changelog v1.6.7 Update copyright years from 2021 to 2022 to reflect the new year by @httpjamesm in #2015 Update JavaFX to 17.0.2 by @KarlKeu00 in #2031 Add modules required for JFR by @overheadhunter in #2035 Added error message if user tries to mount to occupied drive by @JaniruTEC in #2013 Feature/win installbundle with winfsp by @infeo in #2072 Deduplicate Freedesktop Metadata by @overheadhunter in #2073 Feature/winfsp mountpoint by @infeo in #2082 Update Cryptomator screenshots for flathub, taken of 1.6.5 by @purejava in #2095 Build binary packages in separate workflows by @overheadhunter in #2103 [Snyk] Security upgrade com.auth0:java-jwt from 3.18.3 to 3.19.0 by @snyk-bot in #2110 Simplify async workflows by @overheadhunter in #1983 Show vault locked/unlocked state in the vault title in the tray menu by @kevinstsauveur in #2101 New Crowdin updates by @cryptobot in #1966 [Hidden Content]
  18. CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. Disclaimer This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool. [hide][Hidden Content]]
  19. uncover is a go wrapper using APIs of well-known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan, censys, and fofa search engine. Simple and Handy utility to query multiple search engine Multiple Search engine support (Shodan, Censys, Fofa) Automatic key/credential randomization stdin / stdout support for input and output [hide][Hidden Content]]
  20. The international hacker organization Anonymous announced a cyberwar against Russia after Russia attacked Ukraine. At present, Anonymous has hacked several Russian government websites. Most of these attacks just make these websites inaccessible, but there are also serious consequences, such as the theft of some Russian government websites and bank data. On February 28, the Anonymous affiliate group Network Battalion 65 (NB65) attacked the Russian Institute for Nuclear Security, stealing 40,000 documents and containing certain sensitive data. At that time, the autonomous system of a Russian operator was also attacked, which hosted a large number of information systems of Russian government organizations and even military departments. Some content related to Kaspersky can also be seen in the autonomous system, and it is suspected that Kaspersky provides security services for these websites and information systems. The latest news is that the hacker group has stolen the Kaspersky antivirus source code, and the screenshots released by the hackers show that the successful intrusion time is March 7, 2022. [hide][Hidden Content]]
  21. dEEpEst

    Twitter in the Dark Web

    Twitter is now also on the Dark Web: [Hidden Content]
  22. LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse shell payloads on the fly. The reverse shell payloads that LAZYPARIAH supports include (but are not limited to): C binary payloads (compiled on the fly): c_binary Ruby payloads: ruby, ruby_b64, ruby_hex, ruby_c Powershell payloads: powershell_c, powershell_b64 Base64-encoded Python payloads: python_b64 Rust binary payloads (compiled on the fly): rust_binary PHP scripts containing base64-encoded Python payloads called via the system() function: php_system_python_b64 Java classes (compiled on the fly): java_class Perl payloads: perl, perl_b64, perl_hex, perl_c Simple PHP payloads (targeting specific file descriptors): php_fd, php_fd_c, php_fd_tags Dependencies Ruby >= 2.7.1 (LAZYPARIAH has not been tested on previous versions of Ruby) OpenJDK (Optional: Only required for java_class payloads.) GCC (Optional: Only required for c_binary payloads.) Rust (Optional: Only required for rust_binary payloads.) [hide][Hidden Content]]
  23. Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [hide][Hidden Content]]
  24. Millions of tech-lovers around the world are aware that multiple dimensions exist on the World Wide Web. The internet, to call it by its household name, does not solely consist of what we interact with, far from it. In fact, what we interact with and search for overall only makes up a few percent of the actual (estimated) size of the World Wide Web. There are indeed multiple “floors” on the internet itself, akin to hidden underground areas you would imagine Area 51 ( or e.g., a bank) would have. Because of this, several reasons exist why informing yourself about the dark web is useful. The deeper parts of the internet are like a vast iceberg below the surface area -the area we all know and use every day. A lot is going on in the vast universe of the internet that 90% of us are unaware of. You might have heard about the mysterious darknet or “dark web” and want to learn more, or you may want to visit the dark web lair and find out for yourself (more on this later.) Likewise, you may want to understand what the “deep web” is. You could also be wondering whether it is safe to access the deeper parts of the web. Whatever your reason may be, read on below and find out more about this fascinating topic. The Various Layers of the Internet To draw on an analogy, the internet is much like our universe in its structure. It is a seemingly endless space that consists of unique planets and galaxies that form to make a whole. It also resembles a living organism in the same way. Remember, the internet has no central authority of control, and that’s why it is truly the only free platform of communication we have. That is not to say that law enforcement does not patrol the internet, but more so to underline that the internet has taken on a life of its own and it is still possible to be truly invisible on it. We can use a metaphor to illustrate this even better, by saying the internet is like a party with lots of people. All of the people are together, but also behave individually at the same time, and there is no single entity responsible for, or controlling, everyone. Yet, all parts contribute to the whole as well. This is the internet in a nutshell. As for the structure of the internet, we can use yet another analogy to describe this. This would be the classic iceberg analogy, which consists of a top layer, an immediate layer beneath the water and a third layer much deeper down that completes the iceberg. The top layer is the surface web, the middle layer is the deep web, and finally, the dark web resides down below in the depths. What is the Surface Web? The surface web also called the “clear web”, is the internet that we interact with daily for activities such as e.g., email, social media, web browsing, shopping, and online searches. This part of the web is only a fraction of the entire platform. This layer is indexed by typical search engines, and only makes up about 10% of the entire internet’s size. What is the Deep Web? The deep web is the largest chunk of the internet and comprises the majority of it. We could compare this to a huge warehouse or factory where the inner workings of the internet are held and are not indexed by classical search engines. This content is mostly databases, unlisted items, and other storage databases. The deep web is not indexed by search engines but is not purposefully encrypted either. What is the Dark Web? The dark web, considered to be within the deep web that covers 90% of the entire size of the internet, is a purposefully encrypted layer of the internet that can only be accessed with search engines like Tor (The Onion Browser.) Much of the deep web, also called the darknet, contains extremely illicit and highly illegal material. Its users are hidden, and payments are also anonymized. Should You be Using the Dark Web? First of all, browsing the dark web in itself is not illegal, inasmuch as torrenting isn’t if you use it for downloading files legally and not breaking copyright rules. However, since the dark web is home to vast amounts of illegal material, the automatic assumption is that the user may be there to conduct an illegal activity or even terrorism. It is a place with no filters at all. The dark web is a place where you can shop for everything from weapons, drugs, illegal porn to hiring a hitman. At the same time, the dark web is practically the only place e.g., journalists wishing to remain anonymous. Even some companies and academic institutions benefit from the dark web these days. Using the Tor browser (or any other onion browser for the dark web) is not illegal either, and you will not attract any attention to yourself unless you meddle in illegal or clandestine activities. Having said that, internet users are demanding more and more security and privacy every day, meaning that the menacing lair of the dark web is also the only place that can almost guarantee both complete privacy and complete security for anyone wishing to cloak themselves. You can use the dark web, but make sure to avoid clicking on any links that seem to lead to “dark” things. Many people use the dark web for private research, private communications, and even private cryptocurrency transactions. If you happen to stumble on a shady website, make sure to close the tab immediately and avoid it in the future. As long as you stick to normal habits, you can use the dark web for your privacy as much as you like. Remember, using a VPN or Virtual Private Network when browsing the dark web will give you even greater peace of mind and disambiguate you from the process.
  25. Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Changelog v1.6.2 Update for #4928 [hide][Hidden Content]]