Search the Community

Showing results for tags 'tool'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 213 results

  1. HawkScan Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains. This script uses “waybacktool” to check in waybackmachine. Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak, index.php~ …) Check header information Check DNS information Check whois information User-agent random or personal Extract files Keep a trace of the scan Check @mail in the website and check if @mails leaked CMS detection + version and vulns Subdomain Checker Backup system (if the script stopped, it take again in the same place) WAF detection Add personal prefix Auto-update script Auto or personal output of scan (scan.txt) Check Github Recursive dir/file Scan with an authentication cookie Option –profil to pass profil page during the scan HTML report Work it with py2 and py3 Add option rate-limit if the app is unstable (–timesleep) Check-in waybackmachine Response error to WAF Check if DataBase firebaseio exist and accessible Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30 Search S3 buckets in source code page Testing bypass of waf if detected Testing if it’s possible scanning with “localhost” host Changelog v1.5.3 – add setup.sh [hide][Hidden Content]]
  2. Bruter19 Advanced Brute Force Attack Tool. This tool has been developed for "ethical hacking course" students don't use it for illegal purposes. ADDED FEATURES IN V2.0 The Tool Supports Turkish Language Now The Tool Is Able To Generate Personalized Wordlist Now The Tool Is A Bit Faster Now FIXED BUGS IN V2.0 The tool was finding the wrong password in the long wordlists. It is fixed, the user is able to use long wordlists now. The tool was finding the wrong password every time you press ctrl+c. That issue is fixed now. The tool was failing when you inputed the wordlist path incorrectly. That issue is fixed now. Anonsurf was failing in the long wordlists. Now torghost is used in the tool. That issue is fixed now. [hide][Hidden Content]]
  3. This tool gives information about the phone number that you entered. What IS Moriarty? Advanced Information Gathering And Osint Tool Moriarty is a tool that tries to find good information about the phone number that you provieded; ->Tries To Find Owner Of The Number ->Tries To Find Risk Level Of The Number ->Tries To Find Location,Time Zone Of The Number,Carrier ->Tries To Find Social Media Platforms That The Number Is Registered ->Tries To Find Links About Phone Number ->Tries To Find Comments About Phone Number ->Sends Sms To Phone Number With Amazon Aws [hide][Hidden Content]]
  4. Stowaway is a Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes (multi-layer) PS: The files under demo folder are Stowaway’s beta version, it’s still functional, you can check the detail by README.md file under the demo folder This tool is limited to security research and teaching, and the user bears all legal and related responsibilities caused by the use of this tool! The author does not assume any legal and related responsibilities! Features Obvious node topology Clear information display of nodes and keep them permanently Active/passive connect mode between nodes Reverse connection between nodes through socks5 proxy Ssh tunnel mode Can be used on multiple platforms Multi-hop socks5 traffic proxy(Support UDP/TCP,IPV4/IPV6) Multi-hop ssh traffic proxy Remote interactive shell Upload/download functions Port Mapping(local to remote/remote to local) Port Reuse Open or Close all the services arbitrarily Authenicate each other between nodes Network traffic encryption with AES-256(CBC mode [hide][Hidden Content]]
  5. Domained – Multi Tool Subdomain Enumeration Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting. This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng. Download: [Hidden Content]
  6. A fast tool to scan CRLF vulnerability written in Go Changelog v1.2 Bump to 1.2.0 Update default concurrency to 25 (depends on escape lists) Trim double-quoted string safely escaped URLs Add escape lists [hide][Hidden Content]]
  7. HawkScan Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains. This script uses “waybacktool” to check in waybackmachine. Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak, index.php~ …) Check header information Check DNS information Check whois information User-agent random or personal Extract files Keep a trace of the scan Check @mail in the website and check if @mails leaked CMS detection + version and vulns Subdomain Checker Backup system (if the script stopped, it take again in the same place) WAF detection Add personal prefix Auto-update script Auto or personal output of scan (scan.txt) Check Github Recursive dir/file Scan with an authentication cookie Option –profil to pass profil page during the scan HTML report Work it with py2 and py3 Add option rate-limit if the app is unstable (–timesleep) Check-in waybackmachine Response error to WAF Check if DataBase firebaseio exist and accessible Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30 Search S3 buckets in source code page Testing bypass of waf if detected Testing if it’s possible scanning with “localhost” host Changelog v1.5.2 Try differents bypass for 403 code error Update dico.txt [hide][Hidden Content]]
  8. The phases of the development that will be described in detail are: set up the development environment with Mingw-w64 and LLVM shellcode injection with syscall inlining via NTDLL in-memory scraping (x86-64 only) user-land hooks removal from in-memory NTDLL to retrieve correct syscall numbers upgrade the shellcode injector to a full PE packer with Donut ensure the produced shellcode is always different at each build with sgn ensure the compiled loader is always different at each build with LLVM obfuscation implement some simple anti-debug tricks for the initial loader For the details of the techniques, please read the blog. [hide][Hidden Content]]
  9. A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Features Create a simple terminal instance For use on ALL APPLE OS's (macOS, OSX etc.) Undetected by anti-virus Undetectable by user Multi-threaded No dependencies (pure python) Persistent or non-persistent Retrieve any passwords Download and upload files undetected Get root via local privilege escalation Auto installer, simply run OSX-RAT on your target and the rest is handled automatically. Access to all phone data, files and chats from any apps [hide][Hidden Content]]
  10. Bypass anti-virus software lateral movement command execution test tool(No need 445 Port) Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted by Anti-virus software 100%, so we created WMIHACKER (Bypass anti-virus software lateral movement command execution test tool(No need 445 Port)). Main functions: 1. Command execution 2. File upload 3. File download [hide][Hidden Content]]
  11. not only Wordpress keyword Tool works as WordPress keyword suggestion tool which will help you know keywords people are using to search so that you can target, it also will help you target these keywords the right way by checking keyword density ensuring that your article is search engine friendly and keyword optimized. [Hidden Content] [hide][Hidden Content]]
  12. 0d1n Web security tool to make fuzzing at HTTP 0d1n is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At another point of view, this anomaly can be a vulnerability, These tests can follow web parameters, files, directories, forms, and others Why is this tool made in C language? C has a high delay time for writing and debugging, but no pain no gain, it has fast performance, in addition, the C language is run at any architecture like Mips, ARM and others… in the future can follow mobile implementations. Other benefits of C is that it has a good and high profile to write optimizations if you want to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, this is a good choice. Why you don’t use POO ? in this project I follow the”KISS” principle: [Hidden Content] It Simple C language has a lot of old school dudes like a kernel hacker. Changelog v2.7 Fix CORS Bug in load HTML (Now uses local HTTPD) Insert HTTPD with lib mongoose to load reports only for localhost Refactor the core of code Sort files by directory Create install resources in make file (tested on debian based distro) Change fork() to vfork() to gain performance Bug fix in console Read the readme.md Fix output results, to create directory for each log in /opt/0d1n/view… Remove wild pointer bugs [hide][Hidden Content]]
  13. Dark Fantasy v2.0.1 – Black Hat Hacking Tool Tools Included: ●Port Scanner: To know the open ports of a site. ●DDOS: To take down small websites with HTTP FLOOD. ●Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities) ●FTP Password Cracker: To hack file transferring of servers. ●Web Spider: To get all hidden urls for web application hacking. ●Email Scraper: To get all emails related to a webpage. ●IMDB Rating: Easy way to access the movie database. Use In VM Or RDP, Not Responsible For Anything Happens! Download Link: [Hidden Content]
  14. Obfuscar is a basic obfuscator for .NET assemblies. It uses massive overloading to rename metadata in .NET assemblies (including the names of methods, properties, events, fields, types, and namespaces) to a minimal set, distinguishable in most cases only by signature. For example, if a class contains only methods that accept different parameters, they can all be renamed ‘A’. If another method is added to the class that accepts the same parameters as an existing method, it could be named ‘a’. It makes the decompiled code very difficult to follow. Basically, Obfuscar scrambles the metadata in a set of assemblies. It renames everything to the minimal set of names that can be used to identify them, given signatures and type information. Since these new names are shorter than the old ones, it also dramatically shrinks the executable size. Feature Simple Configuration Hide everything private, while keeping everything public. You can achieve such simply via default settings. Name Obfuscation Hide class/method/property/event names that you don’t want to expose. This is irreversible. String Compression String contents can be compressed so that end users won’t easily learn them. However, this is reversible by certain tools. Changelog v2.2.27 Updated global tool project to target multiple platforms. [hide][Hidden Content]]
  15. It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration. Some notes: If you choose to use OOB or CDATA mode, XXExploiter will generate the necessary dtd to be included and will start a server to host them. Have in mind that if you use these options you should set the server address If you include content in the body of the XML have in mind that XML restricted characters like ‘<‘ may break the parsing so be sure to use CDATA or PHP’s base64encode Most of the languages limit the number of entity expansion, or the total length of the content expanded, so make sure you test XEE on your machine first, with the same conditions as the target. [hide][Hidden Content]]
  16. info Show target info like: id full name biography followed follow is it a business account? business category (if the target has a business account) is verified? addrs Return a list with address (GPS) tagged by the target in his photos. The list has a post, address, and date fields. followers Return a list with target followers with id, nickname and full name followings Return a list with users followed by target with id, nickname and full name hashtags Return a list with all hashtag used by target in his photos likes Return the total number of likes in target’s posts comments Return the total number of comments in target’s posts photodes Return a list with the description of the content of the target’s photos photos Download all target’s photos in the output folder. When you run the command, the script asks you how many photos you want to download. Type ENTER to download all photos available or type a number to choose how many photos you want to download. Run a command: photos captions Return a list of all captions used by target in his photos. mediatype Return the number of photos and video shared by the target propic Download target profile picture (HD if is available) Changelog v0.6 new wcommented command (#27) new target command added json dump also for captions command fix empty addrs bug (#12) added options as arguments (#24) new Instagram APIs (#26) minor improvement [hide][Hidden Content]]
  17. HawkScan Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains. This script uses “waybacktool” to check in waybackmachine. Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak, index.php~ …) Check header information Check DNS information Check whois information User-agent random or personal Extract files Keep a trace of the scan Check @mail in the website and check if @mails leaked CMS detection + version and vulns Subdomain Checker Backup system (if the script stopped, it take again in the same place) WAF detection Add personal prefix Auto-update script Auto or personal output of scan (scan.txt) Check Github Recursive dir/file Scan with an authentication cookie Option –profil to pass profil page during the scan HTML report Work it with py2 and py3 Add option rate-limit if the app is unstable (–timesleep) Check-in waybackmachine Response error to WAF Check if DataBase firebaseio exist and accessible Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30 Search S3 buckets in source code page Testing bypass of waf if detected Testing if it’s possible scanning with “localhost” host Changelog v1.5.1 New banner Fix bugs [hide][Hidden Content]]
  18. Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Known Issues Parsing Mimikatz dcsync (working on fix) Bypassing Antivirus and EDRs , you will need to maintain your payloads TODO Encrypted Communication Automated Lateral movement Automated Password Spraying Automated Hash Cracking [hide][Hidden Content]]
  19. ADBSploit A python-based tool for exploiting and managing Android devices via ADB. Functionalities v0.2 Added: Fixed setup and installation Extract Contacts Extract SMS Send SMS Recovery Mode Fastboot Mode Device Info Kill Process v0.1 List Devices Connect Devices TCPIP Forward Ports Airplane Managment Wifi Managment Sound Control List/Info Apps WPA Supplicant Extraction Install/Uninstall Apps Shutdown/Reboot Logs Start/Stop/Clear Apps Show Inet/MAC Battery Status Netstat Check/Unlock/Lock Screen Turn On/Off Screen Swipe Screen Screencapture Send Keyevent Open Browser URL Process List Dump Meminfo/Hierarchy [hide][Hidden Content]]
  20. [hide][Hidden Content]]
  21. itsMe

    Combo Tool v 2.0

    Added (Changelog): 1. New Custom Domain Email Extractor 2. Clean Combo (Combo Parsing) 3. Edu Mail Extractor (Improved) 4. Fast processing of files [hide][Hidden Content]]
  22. HawkScan Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains. This script uses “waybacktool” to check in waybackmachine. Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak, index.php~ …) Check header information Check DNS information Check whois information User-agent random or personal Extract files Keep a trace of the scan Check @mail in the website and check if @mails leaked CMS detection + version and vulns Subdomain Checker Backup system (if the script stopped, it take again in the same place) WAF detection Add personal prefix Auto-update script Auto or personal output of scan (scan.txt) Check Github Recursive dir/file Scan with an authentication cookie Option –profil to pass profil page during the scan HTML report Work it with py2 and py3 Add option rate-limit if the app is unstable (–timesleep) Check-in waybackmachine Response error to WAF Check if DataBase firebaseio exist and accessible Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30 Search S3 buckets in source code page Testing bypass of waf if detected Testing if it’s possible scanning with “localhost” host Changelog v1.5 Auto activate JS during scan if the webite is full JS (website 2.0) [hide][Hidden Content]]
  23. Break out the Box (BOtB) BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post-exploitation actions Provide capability when certain tools or binaries are not available in the Container Use BOtB’s capabilities with CI/CD technologies to test container deployments Perform the above in either a manual or an automated approach Current Capabilities Find and Identify UNIX Domain Sockets Identify UNIX domain sockets which support HTTP Find and identify the Docker Daemon on UNIX domain sockets or on an interface Analyze and identify sensitive strings in ENV and process in the ProcFS i.e /Proc/{pid}/Environ Identify metadata services endpoints i.e [Hidden Content], [Hidden Content] and [Hidden Content] Perform a container breakout via exposed Docker daemons Perform a container breakout via CVE-2019-5736 Hijack host binaries with a custom payload Perform actions in CI/CD mode and only return exit codes > 0 Scrape metadata info from GCP metadata endpoints Push data to an S3 bucket Break out of Privileged Containers Force BOtB to always return a Exit Code of 0 (useful for non-blocking CI/CD) Perform the above from the CLI arguments or from a YAML config file Perform reverse DNS lookup Identify Kubernetes Service Accounts secrets and attempt to use them Changelog v1.8 In this release, the following is addressed: Added @initree‘s Keyctl pwnage to extract entries from the Linux Kernel Keyring ([Hidden Content]) Modified the new Keyctl code to be multi-threaded to make use of Go workers to speed up enumeration [hide][Hidden Content]]
  24. Description: uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: [Hidden Content]). [hide][Hidden Content]]
  25. Skeleton is a Social Engineering tool attack switcher Type: Phishing Tool Websites languages: English, French Attack Switcher for phishing: Facebook, Linkedin, Twitter, Pinterest, Google, Instagram, Microsoft, Netflix, Paypal, Wordpress, Amazon, Ebay, CyberghostVPN, NordVPN, ExpressVPN, ZenmateVPN, PCS, N26, Roblox, Steam, Binance, Etoro, Bittrex, Coinbase. DISCLAMER: Program for educational purposes!!! Your account security is our top priority! Protect your account by enabling 2FA. Skeleton 1.7 Ver:.....1.7 coder:...KURO-CODE BugFix, Script revision Add: Paypal, Wordpress, Amazon, Ebay, CyberghostVPN, NordVPN, ExpressVPN, ZenmateVPN, PCS, N26, Roblox, Steam, Binance, Etoro, Bittrex, Coinbase [hide][Hidden Content]]