Jump to content

Search the Community

Showing results for tags 'tool'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me










  1. OneForAll is a powerful subdomain collection toolsubdomain collection The importance of information collection in penetration testing is self-evident. Subdomain collection is an essential and very important part of information collection. At present, there are many open-source tools for subdomain collection on the Internet, but there are always some of the following problems: Not powerful enough,there are not enough interfaces to collect subdomains automatically, and there are no functions such as automatic subdomain resolve, verification, FUZZ, and information expansion. Not friendly enough,although the command line module is more convenient, but when there are a lot of optional parameters and the operation to be implemented is complex, using command line mode is a bit unfriendly. If there is a good interaction, With a highly operable front end, the experience will be much better. Lack of maintenance,Many tools have not been updated once in years, what issues and PR are, do not exist. Efficiency issues,do not take advantage of multi-process, multi-threading and asynchronous cooperation technology, the speed is slow. Features Powerful collection capability,For more information, please see collection module description. Collect subdomains using certificate transparency (there are currently 6 modules: censys_api,certspotter,crtsh,entrust,google,spyse_api) General check collection subdomains (there are currently 4 modules: domain transfer vulnerability exploitationaxfr, cross-domain policy file cdx, HTTPS certificate cert, content security policy csp, robots file robots, and sitemap file sitemap. Check NSEC record, NSEC3 record and other modules will be added later). Collect subdomains using web crawler files (there are currently 2 modules: archirawl, commoncrawl, which is still being debugged and needs to be added and improved). Collect subdomains using DNS datasets (there are currently 23 modules: binaryedge_api, bufferover, cebaidu, chinaz, chinaz_api, circl_api, dnsdb_api, dnsdumpster, hackertarget, ip138, ipv4info_api, netcraft, passivedns_api, ptrarchive, qianxun, rapiddns, riddler, robtex, securitytrails_api, sitedossier, threatcrowd, wzpc, ximcx) Collect subdomains using DNS queries (There are currently 5 modules: collecting subdomains srv by enumerating common SRV records and making queries, and collecting subdomains by querying MX,NS,SOA,TXT records in DNS records of domain names). Collect subdomains using threat intelligence platform data (there are currently 6 modules: alienvault, riskiq_ api, threatbook_ api, threatkeeper , virustotal, virustotal_ api, which need to be added and improved). Use search engines to discover subdomains (there are currently 18 modules: ask, baidu, bing, bing_api, duckduckgo, exalead, fofa_api, gitee, github, github_api, google, google_api, shodan_api, so, sogou, yahoo, yandex, zoomeye_api), except for special search engines in the search module. General search engines support automatic exclusion of search, full search, recursive search. Support subdomain blasting,This module has both conventional dictionary blasting and custom fuzz mode. It supports batch blasting and recursive blasting, and automatically judges pan-parsing and processing. Support subdmain verification,default to enable subdomain verification, automatically resolve subdomain DNS, automatically request subdomain to obtain title and banner, and comprehensively determine subdomain survival. Support subdomain takeover,By default, subdomain takeover risk checking is enabled. Automatic subdomain takeover is supported (only Github, remains to be improved at present), and batch inspection is supported. Powerful processing feature,The found subdomain results support automatic removal, automatic DNS parsing, HTTP request detection, automatic filtering of valid subdomains, and expansion of Banner information for subdomains. The final supported export formats are rst, csv, tsv, json, yaml, html, xls, xlsx, dbf, latex, ods. Very fast,collection module uses multithreaded calls, blasting module uses massdns, the speed can at least reach 10000pps under the default configuration, and DNS parsing and HTTP requests use asynchronous multiprogramming in subdomain verification. Multithreaded check subdomain takeover risk. Good experience,Each module has a progress bar, and the results of each module are saved asynchronously. [hide][Hidden Content]]
  2. Legal Disclaimer: For Educational Purpose Only Usage of XHUNTER for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Use Responsibly! About The Project There are many great Android RAT available on GitHub; however, I didn't find one that really suited my needs so I created this enhanced one. I want to create a RAT so amazing that it'll be the last one you ever need -- I think this is it. Here's why: The main reason, I did started on this project is to simplify the problem of connection between attacker and victim.[Eliminated all port forwarding and over the internet issues] Followed by, I wanted to have control over victims using smartphone with a simple UI app rather then a pc or remote virtual machine🖥 with command line interface. Of course, no one will serve all features since your needs may be different. So I'll be adding more in the near future. You may also suggest changes by forking this repo and creating a pull request or opening an issue. Prerequisites Before we proceed one must have: Android Device Good Internet Connection Features Real time receive any file or folder from target device bind with other apps fetch all whatsapp messages fetch all whatsapp contacts receive all target message send sms with target device to any number recive all target contacts receive list of all installedd apps in target device delete any file or folder from target device capture main and front camera capture microphone receive last clipboard text [hide][Hidden Content]]
  3. Riptide is a tool allowing you to reverse .EXE files compiled with PyInstaller back to the original source, Python, showing you the source code of the file. [hide][Hidden Content]]
  4. DNS tool that displays information about your domain. Features common records scanning (use -scan) validate DNSSEC chain (use -debug to see more info) change query speed for scanning (default 10 queries per second) diagnostic of your domain (similar to intodns.com, dnsspy.io) For implemented checks see #1 Changelog v1.0.2 571912b Fix missing vendor 9f664f6 Update README bbb2351 Update dependencies 384b1ec Add support for BIMI (#11) 9023c2c Add latest to install command [hide][Hidden Content]]
  5. Dismap positioning is an asset discovery and identification tool; its characteristic function is to quickly identify Web fingerprint information and locate asset types. Assist the red team to quickly locate the target asset information, and assist the blue team to find suspected vulnerabilities Dismap has a comprehensive fingerprint rule library, so you can easily customize new recognition rules. With the help of golang’s concurrency advantages, rapid asset detection and identification can be achieved Changelog v0.4 Optimize concurrency strategy to improve speed (a2a779f) Optimize json output (a2a779f) #19 Added giop protocol identification rules (edcf125) Added web fingerprinting rules [hide][Hidden Content]]
  6. A flexible and scalable cross-plaform shell generator tool. A simple yet flexible cross-platform shell generator tool. Name: G(Great) Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. Supports the following languages and tools: PowerShell Python Bash Sh Perl Socat Netcat Nc Awk Lua NodeJS OpenSSL PHP Ruby Telnet Golang C# Dart Groovy Many more... [hide][Hidden Content]]
  7. CRLFsuite is a fast tool specially designed to scan CRLF injection. Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported Concurrency Best Payloads list Headers supported Fast and efficient scanning with negligible false-positive Changelog v2.0 WAF detection XSS through CRLF injection scanning Improved and fixed bugs in crlfscanner.py Enhanced scanning techniques [hide][Hidden Content]]
  8. Social engineering tool [Access Webcam & Microphone & Location Finder] With Python. Features: Get Device Information Without Any Permissions Access Location [SMARTPHONES] Access Webcam Access Microphone [hide][Hidden Content]]
  9. An OSINT tool to search fast for accounts by username across 115 sites. The Lockheed SR-71 "Blackbird" is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation. [hide][Hidden Content]]
  10. CRLFsuite is a fast tool specially designed to scan CRLF injection. [hide][Hidden Content]]
  11. itsMe

    Proxy AIO Tool

    - Can Check the Proxys (Multithread) - Can Scan Directorx for Proxys and Load it - Can Find Proxy on the Internet [hide][Hidden Content]]
  12. What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an “execution plan”. While having a pre-generated execution plan that describes the spraying operation well before it occurs has many other benefits that Spray365 leverages, this also allows password sprays to be resumed (-R option) after a network error or other interruption. While it is easiest to generate a Spray365 execution plan using Spray365 directly, other tools that produce a compatible JSON structure make it easy to build unique password spraying workflows. [hide][Hidden Content]]
  13. HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple’s DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method in any module (even non-exported ones, and even those that don’t have an entry in their own module’s symbol table). In a single operation, it can be applied to a parent process and all its child processes, whether or not the child processes inherit their parent’s environment. So HookCase is considerably more powerful than DYLD_INSERT_LIBRARIES. It also doesn’t have the restrictions Apple has placed on DYLD_INSERT_LIBRARIES. So, for example, HookCase can be used with applications that have entitlements. HookCase supports interpose hooks. But it also supports another, more powerful kind of hook that we call “patch hooks”. These can hook calls to a method named in its module’s symbol table, including ones that come from the same module. They can also hook calls to an unnamed method (one that isn’t in its module’s symbol table), by specifying the method’s address in its module. So they can be used with non-exported (aka private) methods (named and unnamed) — ones not intended for use by external modules. Patch hooks are so-called because we set them up by “patching” the beginning of an original method with a software interrupt instruction (int 0x30). HookCase’s kernel extension handles the interrupt to implement the hook. This is analogous to what a debugger does when it sets a breakpoint (though it uses int 3 instead of int 0x30). Software interrupts are mostly not used on BSD-style operating systems like macOS and OS X, so we have plenty to choose among. For now, we’re using those in the range 0x30-0x34. Whatever their disadvantages, interpose hooks are very performant. They’re implemented by changing a pointer, so they impose no performance penalty whatsoever (aside from the cost of whatever additional code runs inside the hook). Patch hooks can be substantially less performant — if we have to unset the breakpoint on every call to the hook, then reset it afterward (and protect these operations from race conditions). But this isn’t needed for methods that start with a standard C/C++ prologue in machine code (which is most of them). So most patch hooks run with only a very small performance penalty (that of a single software interrupt). HookCase is compatible with DYLD_INSERT_LIBRARIES and doesn’t stomp on any of the changes it may have been used to make. So a DYLD_INSERT_LIBRARIES hook will always override the “same” HookCase interpose hook. This is because Apple often uses DYLD_INSERT_LIBRARIES internally, in ways it doesn’t document. HookCase would likely break Apple functionality if it could override Apple’s hooks. But this doesn’t apply to patch hooks. Since Apple doesn’t use them, we don’t need to worry about overriding any that Apple may have set. If an interpose hook doesn’t seem to work, try a patch hook instead. (Unless you write them to do so, neither interpose hooks nor patch hooks inherently change the behavior of the methods they hook.) HookCase is compatible with lldb and gdb: Any process with HookCase’s interpose or patch hooks can run inside these debuggers. But you may encounter trouble if you set a breakpoint and a patch hook on the same method, or try to step through code that contains a patch hook. HookCase runs on OS X 10.9 (Mavericks) through macOS 10.15 (Catalina). Changelog v6.0.3 macOS 12.4 once again broke HookCase, by making changes that normally only happen in major releases. This time none of the breakage was caused by changes to internal kernel structures (though some of those used by HookCase did change). Instead it was caused by two changes in behavior. HookCase 6.0.3 works around them. For more information see Issue #34. [hide][Hidden Content]]
  14. [Hidden Content]
  15. Carbon Black Response IR tool for hunting threats in an environment What is it? AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response's awesome capabilities and WITHOUT much bothering IT/System/Network Teams What can it do? Module / Delete Files Delete Registry Values Delete Win32 Service Entries Delete Scheduled Task Entries Detailed Sensor List Export Find Files Find Registry Values Download Files Download A list of Win32 Service Entries Download A list of Scheduled Task Entries Download A list of WMI Entries Isolate/Unisolate Sensors Kill Running Processes Restart Sensors Restart Endpoints Generate CSV reports Scan Collected binaries with THOR APT Scanner Delete WMI Entries Solve the whole case and generate a nice report so we can all have a cold beer [hide][Hidden Content]]
  16. Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on a variety of target types with many available features & tools. Use Cases These enumerations processes can be used for offensive & defensive cyber operations, Bug-Bounty hunting & Research. Multiple techniques are normally used by multiple tools to attain this goal. sub3suite combines these different techniques and provides you with multiple capability tools into one suite for effective enumeration both manually and automatically. General Concepts Passive Subdomain Enumeration. Active Subdomain Enumeration. OSINT (Open-source intelligence). OSINT Information gathering. Target Mapping. Changelog v0.0.4 changed ACTIVE Tool to HOST Tool. changed no longer use the term ENGINES now its TOOLS added IP Tool added Ping feature for HOST & IP tools. added light theme added hostname querying in URL Tool fix unwanted selection in results tree views fix json highlighter fix hackertarget crashing OSINT Tool on hostsearch [hide][Hidden Content]]
  17. FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file. Changelog v3.14 New features Added a replay proxy option --replay-proxy PROXY; Added a Matcher option to match responses by regex -Mr REGEX; Added Filter: Exclude responses by status codes -Fc STATUS; Exclude responses by regex -Fr REGEX; Added recursion jobs feature: Plugin scanners now can enqueue payloads for the next job when needed; Added directory recursion feature (--recursion) on path fuzzing; The user can set the maximum recursion level from jobs (--max-rlevel RLEVEL); Added option to set multiple plugin scanners (when use multiple --scanner argument); Added plugin scanners: Backups; Wappalyzer; Removed features Removed the use of multiple http methods; Removed Find plugin (replaced by match by regex); Bugfix Fixed a bug with match logic on Matcher, when set multiple match options and only one is considered; Fixed a bug with DnsZone plugin when set an invalid hostname; Fixed a split string error on function split_str_to_list; CLI output changes When do a subdomain fuzzing, the ip address will no longer be shown on cli output. It’ll only be stored in the report file; Added a progress bar (credits to Dirsearch for the idea) Other changes Changed the program binary name from FuzzingTool to fuzzingtool; Now the Dictionary object will enqueue Payload objects into the payloads queue; Each Payload has his own recursion level attribute (Payload.rlevel) to tell about the job recursion level; Now the wordlist creation and build are threaded; Code refactored Added HttpHistory object to store the information about the request and response into the result object, including the ip address when do a subdomain fuzzing; Moved some functions from http_utils module to UrlParse class; Removed inspect_result method from scanners. Now they will append results in the _process method; Removed decorator append_args, no longer needed; Updated fuzz types and created a class to store the plugin categories on utils/consts; Moved both logger and reports to persistence directory; Updated the order of the parameters on PluginFactory methods; Moved the api to outside of a specific folder; Moved the argument build functions to utils/argument_utils; [hide][Hidden Content]]
  18. Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the endpoint responds with an Azure AD Authentication and Authorization code. This code is then processed by Go365 and the result is printed to a screen or an output file. * User enumeration is performed in conjunction with a password guess attempt. Thus, there is no specific flag or functionality to perform only user enumeration. Instead, conduct your first password guessing attack, then parse the results for valid users. Changelog v2.0 7c2148e Bug notice temporary note 984b80e Update README.md 97f02b1 v2.0 aacf804 v2.0 [hide][Hidden Content]]
  19. Leaked Windows processes handles identification tool. Useful for identify new LPE vulnerabilities during a pentest or simply as a new research process. Currently supports exploiting (autopwn) procesess leaked handles spawning a new arbitrary process (cmd.exe default). [hide][Hidden Content]]
  20. black-widow is one of the most useful, powerful, and complete offensive penetration testing tools. It provides easy ways to execute many kinds of information gatherings and attacks. Fully Open Source Written in Python Continuously updated and extended [hide][Hidden Content]]
  21. A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the –proxies switch, it acts just like any other multi-threaded SSH brute-forcing script. When the –proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launches all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to be rate-limited by the target host. [hide][Hidden Content]]
  22. Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on variety of target types with many available features & tools. For more information checkout the documentation [hide][Hidden Content]]
  23. Fast and Powerful Uninstaller for Complete Removal of Programs Thorough removal of unwanted apps Real-time installation monitor Control apps that run at system startup Portable, multilingual and beautifully designed Remove unwanted software, make your computer clean and even faster with an effective, powerful and easy-to-use Windows app Uninstall Wizard Completely remove unwanted software by removing leftover file system & registry items Batch Uninstall Uninstall or perform Force Removal of multiple selected apps Install Tracker Install apps with real-time tracing. View and record which files/registry items are created Startup Manager Find, add or remove apps that automatically start when Windows starts Force Removal Uninstall stubborn apps that cannot be removed using standard uninstaller Portable Mode Run Uninstall Tool from a USB drive on multiple PCs [Hidden Content] [hide][Hidden Content]]
  24. Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on a variety of target types with many available features & tools. Use Cases These enumerations processes can be used for offensive & defensive cyber operations, Bug-Bounty hunting & Research. Multiple techniques are normally used by multiple tools to attain this goal. sub3suite combines these different techniques and provides you with multiple capability tools into one suite for effective enumeration both manually and automatically. General Concepts Passive Subdomain Enumeration. Active Subdomain Enumeration. OSINT (Open-source intelligence). OSINT Information gathering. Target Mapping. Subdomain Enumeration Subdomain enumeration is the process of finding sub-domains for one or more domains. It helps to broader the attack surface, and find hidden applications and forgotten subdomains. why subdomain enumeration? Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization. Sub-domain enumeration increases the chance of finding vulnerabilities. The sub-domain enumeration helps us in finding the web applications that might be forgotten/left unattended by the organization for maintenance or other reasons and may lead to the disclosure of critical vulnerabilities. Passive Subdomain Enumeration For passive subdomain enumeration, the subdomains are obtained from a third party without directly connecting to the target’s infrastructures. These 3rd parties gather and store open information gathered from devices connected to the internet and contain an interface to share this data e.gAPI . Passive sources include VirusTotal, shodan, host, SecurityTrails, etc. Multiple tools are available For this purpose. Open source tools like theHarvester & amass are among the most popular in this field. sub3suite has an OSINT tool that can be used for passive subdomain enumeration able to pull data from 50+ osint sources in a matter of seconds & gives users the ability to manipulate this data to their liking. [hide][Hidden Content]]
  25. [Hidden Content]
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.