Search the Community

Showing results for tags 'toolkit'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 26 results

  1. airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods Assisted Handshake file capturing Cleaning and optimizing Handshake captured files Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule-based) Evil Twin attacks (Rogue AP) Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS) Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap) Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip) Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF) Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd) Optional MAC spoofing for all Evil Twin attacks WPS features WPS scanning (wash). Self-parameterization to avoid “bad FCS” problem Custom PIN association (bully and reaver) Pixie Dust attacks (bully and reaver) Bruteforce PIN attacks (bully and reaver) Parameterizable timeouts Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update Integration of the most common PIN generation algorithms WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.) Compatibility with many Linux distributions (see Requirements section) Easy targeting and selection in every section Drag and drop files on console window for entering file paths Dynamic screen resolution detection and windows auto-sizing for optimal viewing Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired Multilanguage support and autodetect OS language feature (see Supported Languagessection) Help hints in every zone/menu for easy use Auto-update. Script checks for newer version if possible Docker container for easy and quick deployment Http proxy auto detection for updates Changelog v10.01 Removed deprecated ifconfig and iwconfig commands and dependencies Fixed error on enterprise certificates validation Added autoselection for secondary interface if only one existing Airmon compatibility check system refactored Fixed error in default paths trophy files for ettercap/bettercap [HIDE][Hidden Content]]
  2. CQTOOLS The New Ultimate Hacking Toolkit Black Hat Asia 2019 CQURE Team has prepared tools used during penetration testing and packed those in a toolkit named CQTools. This toolkit allows to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team. CQURE was the first team that did full reverse engineering of DPAPI (Data Protection Application Programming Interface) and prepared the first public tool that allows monitoring WSL (Windows Subsystem for Linux) feature. CQURE_BHAsia19_Paula_Januszkiewicz_slides from ZuzannaKornecka Download: [Hidden Content]
  3. Pown Pown.js is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in Pown is in fact a standalone NPM module allowing greater degree of reuse and flexibility. Creating new modules is a matter of publishing to NPM and tagging it with the correct tags. The rest is handled automatically. [HIDE][Hidden Content]]
  4. Includes Phishing, Accounts Checking, Spamming, Email Clone, GPS attack, Cookie Hijacking etc. pp Check Account Checker YouTube Tutorial [Hidden Content] Download: [HIDE][Hidden Content]]
  5. AntiSpy A powerful anti rootkit toolkit AntiSpy is a free but powerful anti virus and rootkits toolkit. It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks. With its assistance,you can easily spot and neutralize malwares hidden from normal detectors. Development IDE: Visual Studio 2008 Userspace: MFC WDK: WDK7600 Third-party Library: Codejock toolkit pro Code Structure AntiSpy_Root_Dir ├── LICENSE ├── README.md ├── doc (AntiSpy introduction files) │ ├── Readme.txt │ └── 说明.txt ├── icon │ └── icon.ico ├── src │ ├── Antispy (AntiSpy main project) │ │ ├── Common (The common structs&defines,used by userspace&kernel) │ │ ├── SpyHunter (Userspace project,written in MFC) │ │ ├── SpyHunter.sln (VS2008 solution file) │ │ └── SpyHunterDrv (Kernel project) │ └── ResourceEncrypt (Encryption tool project) │ ├── ResourceEncrypt (Encrypt driver and other resources) │ ├── ResourceEncrypt.sln (VS2008 solution file) │ └── clear.bat └── tools ├── ResourceEncrypt.exe └── TestTools.exe (Used to test the functionality of Antispy) Features Currently,the following features are available(including but not limited to): Process Manager Display system process and thread basic informations. Detect hidden processes,threads,process modules. Terminate, suspend and resume processes and threads. View and manipulate process handles,windows and memory regions. View and manipulate process hotkeys,privileges,and timers. Detect and restore process hooks incluing inline hooks,patches,iat and eat hooks. Inject dll,dump process memory. Create debug dump,include mini dump and full dump. Kernel Module Viewer Display kernel module basic information,include image base,size,driver object,and so on. Detect hidden kernel modules. Unload kernel modules. Dump kernel image memory. Display and delete system driver service informations. Hook Detector Detect and restore SSDT,Shadow SSDT,sysenter and int2e hooks. Detect and restore FSD and keyboard disptach hooks. Detect and restore kernel code hooks including kernel inline hooks,patches,iat and eat hooks. Detect and restore message hooks,both global and local. Detect and restore kernel ObjectType hooks. Display Interrupt Descriptor Table(IDT). Other Kernel Information Viewer View and remove kernel notifications. View filters for common devices include disk,volume,keyboard and network devices. View IO timers,DPC timers,system threads,and so on. Registry Manager View and edit system registry. Detect hidden registry entries using live registry hive analysis. File Manager Display file basic information,include file name,size,attributes,and so on. Detect hidden files. View and delete locked files and folders. Service Manager Display system services basic informations. Control services status. Modify services startup type. Autorun Manager Display almost all kinds of system autorun types. Enable,disable or permanently delete autoruns. Network Viewer Display current network connections,include TCP and UDP informations. View and delete IE plugins and context menu. Display winsock providers(LSP). View and edit hosts file. Other Tools Hex Editor - View and edit memory,include ring3 process memory and ring0 system memory. Disassembler - Like OllyDBG,support ring3 process memory and ring0 system memory. Settings Custom color settings. User Interfaces Process Tree Process Menu Network File Manager AutoRun Manager Download: [HIDE][Hidden Content]]
  6. itsMe

    Proxy ToolKit v1.3

    Proxy Scanner and Scraper A program that: Scans proxies determining their performance (latency), type (HTTP or SOCKS), anonymity level (L1-L3) Scrapes proxies off a given URL list Harvests URLs using the BING search engine based on date (optional) for the most recent proxies [HIDE][Hidden Content]]
  7. airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods Assisted Handshake file capturing Cleaning and optimizing Handshake captured files Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule-based) Evil Twin attacks (Rogue AP) Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS) Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap) Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip) Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF) Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd) Optional MAC spoofing for all Evil Twin attacks WPS features WPS scanning (wash). Self-parameterization to avoid “bad FCS” problem Custom PIN association (bully and reaver) Pixie Dust attacks (bully and reaver) Bruteforce PIN attacks (bully and reaver) Parameterizable timeouts Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update Integration of the most common PIN generation algorithms WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.) Compatibility with many Linux distributions (see Requirements section) Easy targeting and selection in every section Drag and drop files on console window for entering file paths Dynamic screen resolution detection and windows auto-sizing for optimal viewing Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired Multilanguage support and autodetect OS language feature (see Supported Languagessection) Help hints in every zone/menu for easy use Auto-update. Script checks for newer version if possible Docker container for easy and quick deployment Http proxy auto detection for updates Changelog v10 Added plugins system Added example plugin: Missing dependencies auto-installation for some distros (Kali, Parrot, BlackArch) Improvements for Evil Twin on captive portal detection for newer devices Missing 5GHz channels added Github pull request template added and issue templates updated Fixed error on hex2ascii conversion for some WEP passwords [HIDE][Hidden Content]]
  8. Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below suffer from a remote code execution vulnerability. View the full article
  9. Introduction: UFONet - is a toolkit designed to launch DDoS and DoS attacks. + See these links for more info: - CWE-601:Open Redirect - OWASP:URL Redirector Abuse UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. + [01/2018] - UFONet (v1.2 "HackRon") slides: (.pdf) + [12/2016] - UFONet (v0.8 "Ninja DDoS Nation") slides: (.pdf) [HIDE][Hidden Content]]
  10. itsMe

    WebApp Pentest toolkit

    Tools Listeners HTTP Server DNS Server TCP Server POSTMessage Hooker Websocket Hooker Analysis HTTP/JS-Files/Binary Analyze Analyze Files (Binary, Metadata, Text files, Js sinks) Net Tools Get DNS Records Resolve Hosts Reverse IPs Passive DNS DNS History Text Tools Text Processing Block construct Format generator pattern creation Encrypt/Decrypt data Hash Identification Crackers Payload Generators Encoders/Decoders Poc Generators (Python, Bash, HTML) Recon Get Websites ScreenShots GET Subdomains (Scrabbing, Minning, DNS-brute-force, Http-brute-force) Site categorizer s3/GC bucket enumeration Github Lister Ip History Scanners Detect Misconfiguration Port/vulnerability/ssl scanner Vulnerability Exploiters Waf Detection Scrabbers Download Android apps (APK) Travis-CI logs fetching if the app is not working properly, Download this archive dlls.zip and extract the dll files, put them in the application folder, beside the executable file Some notes: This tool is meant primarily for bug hunters (especially beginners). This tool is not backdoored with any malicious software/tracking. This tool contains bugs more than features so use it carefully. Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design, consider using many threads, this will be replaced with another solution. Memory is not carefully managed so be careful, do not use all the tools at the same time. Do not use it illegally Tools starting with _ are not built yet, I added buttons to remember writing them so I could build them in future, hence no need to reverse engineer the tool in order to enable them, if you have time feel free to do it no problem. Many third-parties are used without permission no APIS used. The source code is not published because the tool is a beta and the code is ugly and worse than my handwriting. The project is planned to be open-source with the first release. Suggestions are deeply welcome. Credits are reserved for all authors and third-parties. [HIDE][Hidden Content]]
  11. Features: Retrieve your lost or deleted files including contacts, text messages, contacts, call history and documents from Android devices or SD card. Restore deleted or lost photos, music, videos and WhatsApp file and get them back from your Android with this android data recovery tool. Backup and manage your Android data (including lost or deleted files) on your Windows computer or Mac easily with the USB cable. Recover deleted files on Android from many situations including files deleting, system crashing, forgotten password, rooting error, etc. OS: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP CPU: 1GHz Intel/AMD CPU or above RAM: 1GB RAM or more Hard Disk Space: 200 MB and above free space [Hidden Content] [Hidden Content]
  12. dEEpEst

    HackerTarget ToolKit

    HackerTarget ToolKit Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open source intelligence with the worlds best open source security scanning tools, we enable your attack surface discovery. With the ability for Internet assets to be deployed in seconds, the attack surface is more dynamic and ever growing. This very fact makes mapping your external network footprint a hard problem. We aim to provide solutions to solve this problem. Start with our tools for domain and IP address data, then pivot to mapping the exposure with hosted open source scanners. We have developed a linux terminal tool using python programming language through an api which we received from ! [Hidden Content]
  13. airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods Assisted Handshake file capturing Cleaning and optimizing Handshake captured files Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule-based) Evil Twin attacks (Rogue AP) Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS) Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap) Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip) Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF) Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd) Optional MAC spoofing for all Evil Twin attacks WPS features WPS scanning (wash). Self-parameterization to avoid “bad FCS” problem Custom PIN association (bully and reaver) Pixie Dust attacks (bully and reaver) Bruteforce PIN attacks (bully and reaver) Parameterizable timeouts Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update Integration of the most common PIN generation algorithms WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.) Compatibility with many Linux distributions (see Requirements section) Easy targeting and selection in every section Drag and drop files on console window for entering file paths Dynamic screen resolution detection and windows auto-sizing for optimal viewing Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired Multilanguage support and autodetect OS language feature (see Supported Languagessection) Help hints in every zone/menu for easy use Auto-update. Script checks for newer version if possible Docker container for easy and quick deployment Http proxy auto detection for updates Changelog 9.21 Fixed non-closing windows on some DoS pursuit mode attacks Added retrocompatibility for mdk3, added option in .airgeddonrc file to handle it Fixed bug on WEP all-in-one attack (Fake Auth) for SSIDs containing spaces Fixed repeated enterprise plain passwords captured on trophy files Added custom certificates creation for enterprise attacks Fixed error on BeEF attack using tmux [HIDE][Hidden Content]]
  14. Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is open-source software that is completely free for anyone to use. Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”! Changelog v0.8 This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come. RBAC Support This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information here. Users API Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API here. Added Docker Support We’ve added a Dockerfile so that you can build Gophish in a container. We’ll be uploading an official Docker image at gophish/gophish shortly. Code Refactoring While this isn’t a user-facing change, it’s a big one. We’ve refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly. Those are the big changes, but that’s certainly not everything! You can find a full changelog here. [HIDE][Hidden Content]]
  15. Copyright 2019 The Social-Engineer Toolkit (SET) Written by: David Kennedy (ReL1K) Company: TrustedSec DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, Features The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio. Bugs and enhancements For bug reports or enhancements, please open an issue here. Supported platforms Linux Mac OS X [HIDE][Hidden Content]]
  16. The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET has quickly become a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K) and with a lot of help from the community, it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be focused attacks against a person or organization used during a penetration test. SET is a menu-driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social engineering penetration tests and supported heavily within the security community. The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one bestseller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni. Changelog v8.0.1 * fix an issue when using import on web clone * fix an issue when using hta attack vector would just put you out to main menu [HIDE][Hidden Content]]
  17. itsMe

    De4dot Toolkit

    .NET deobfuscator and unpacker de4dot 2 de4dot 3 de4dot 3.1 de4dot 4.9 de4dot 5 de4dot ModeBS de4dotModeProxy de4dot InvancitoOz [HIDE][Hidden Content]]
  18. YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL – Versions and cipher suites supported; common issues. Information Disclosure – Checks for common information leaks. Presence of Files or Directories – Checks for files or directories that could indicate a security issue. Common Vulnerabilities Missing Security Headers This is meant to provide an easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the –proxy parameter). Changelog v0.8.0b4 Various improvements Like a Gem: pip3 install yawast Via Docker: docker pull adamcaudill/yawast It’s strongly recommended that you review the installation documentation, to make sure you have the proper dependencies. Tests The following tests are performed: (Generic) Info Disclosure: X-Powered-By header present (Generic) Info Disclosure: X-Pingback header present (Generic) Info Disclosure: X-Backend-Server header present (Generic) Info Disclosure: X-Runtime header present (Generic) Info Disclosure: Via header present (Generic) Info Disclosure: PROPFIND Enabled (Generic) TRACE Enabled (Generic) X-Frame-Options header not present (Generic) X-Content-Type-Options header not present (Generic) Content-Security-Policy header not present (Generic) Public-Key-Pins header not present (Generic) X-XSS-Protection disabled header present (Generic) SSL: HSTS not enabled (Generic) Source Control: Common source control directories present (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml (Generic) Presence of sitemap.xml (Generic) Presence of WS_FTP.LOG (Generic) Presence of RELEASE-NOTES.txt (Generic) Presence of readme.html (Generic) Missing cookie flags (Secure, HttpOnly, and SameSite) (Generic) Search for files (14,169) & common directories (21,332) (Apache) Info Disclosure: Module listing enabled (Apache) Info Disclosure: Server version (Apache) Info Disclosure: OpenSSL module version (Apache) Presence of /server-status (Apache) Presence of /server-info (Apache Tomcat) Presence of Tomcat Manager (Apache Tomcat) Presence of Tomcat Host Manager (Apache Tomcat) Tomcat Manager Weak Password (Apache Tomcat) Tomcat Host Manager Weak Password (Apache Tomcat) Tomcat version detection via invalid HTTP verb (Apache Tomcat) Tomcat PUT RCE (CVE-2017-12617) (Apache Struts) Sample files which may be vulnerable (IIS) Info Disclosure: Server version (ASP.NET) Info Disclosure: ASP.NET version (ASP.NET) Info Disclosure: ASP.NET MVC version (ASP.NET) Presence of Trace.axd (ASP.NET) Presence of Elmah.axd (ASP.NET) Debugging Enabled (nginx) Info Disclosure: Server version (PHP) Info Disclosure: PHP version CMS Detection: Generic (Generator meta tag) [Real detection coming as soon as I get around to it…] SSL Information: Certificate details Certificate chain Supported ciphers Maximum requests using 3DES in a single connection DNS CAA records Checks for the following SSL issues are performed: Expired Certificate Self-Signed Certificate MD5 Signature SHA1 Signature RC4 Cipher Suites Weak (< 128 bit) Cipher Suites SWEET32 Certain DNS information is collected: IP Addresses IP Owner/Network (via api.iptoasn.com) TXT Records MX Records NS Records CAA Records (with CNAME chasing) Common Subdomains (2,354 subdomains) – optional, via --subdomains SRV Records – optional, via --srv In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others. [HIDE][Hidden Content]]
  19. PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. PivotSuite as a Server : If the compromised host is directly accessable (Forward Connection) from Our pentest machine, Then we can run pivotsuite as a server on compromised machine and access the different subnet hosts from our pentest machine, Which was only accessable from compromised machine. PivotSuite as a Client : If the compromised host is behind a Firewall / NAT and isn't directly accessable from our pentest machine, Then we can run pivotsuite as a server on pentest machine and pivotsuite as a client on compromised machine for creating a reverse tunnel (Reverse Connection). Using this we can reach different subnet hosts from our pentest machine, which was only accessable from compromised machine. Key Features: Supported Forward & Reverse TCP Tunneling Supported Forward & Reverse socks5 Proxy Server UDP over TCP and TCP over TCP Protocol Supported Corporate Proxy Authentication (NTLM) Supported Inbuilt Network Enumeration Functionality, Eg. Host Discovery, Port Scanning, OS Command Execution PivotSuite allows to get access to different Compromised host and their network, simultaneously (Act as C&C Server) Single Pivoting, Double Pivoting and Multi-level pivoting can perform with help of PivotSuite. PivotSuite also works as SSH Dynamic Port Forwarding but in the Reverse Direction. Advantage Over Other tools: Doesn't required admin/root access on Compromised host PivotSuite also works when Compromised host is behind a Firewall / NAT, When Only Reverse Connection is allowed. No dependency other than python standard libraries. No Installation Required UDP Port is accessable over TCP [HIDE][Hidden Content]]
  20. 0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux os system at the same time with high performance, without spending time looking inside the terminal or text file for what is found, mongoose shorten this way by allowing you to send this information directly into web application friendly interface through easy API endpoint. project is divided into two sections server & agent . server has been coded with PHP(codeigniter) you need to install this application into your preferred environment, you can use it online or on your localhost. user is free to choice .also contribution to enhancing features are most welcomed. Agent has been coded as ELF with Lazarus Free Pascal will be released with (32, 64 bit) while executing Agent on targeted system with all required parameters. user is free to decide whether willing to communicate with Server App to store results and explore them easily . or he can also run this tool without Web API Connection. Agent Features High performance , stability , Output results Generated while executing no delays Ability to execute most of functions with intelligent techniques . results are being sent to Quick Web API Exception Handling . inbuilt Json Data set for publicly disclosed Exploits . Fast As Mongoose [Hidden Content]
  21. jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/key file Identifying weak keys via a High-speed Dictionary Attack Forging new token header and payload values and creating a new signature with the key or via another attack method [HIDE][Hidden Content]]
  22. CQURE Team has prepared tools used during penetration testing and packed those in a toolkit named CQTools. This toolkit allows to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team. CQURE was the first team that did full reverse engineering of DPAPI (Data Protection Application Programming Interface) and prepared the first public tool that allows monitoring WSL (Windows Subsystem for Linux) feature. This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments. Come and have a look at how our CQTools can boost your penetration testing experience! [Hidden Content]
  23. [HIDE][Hidden Content]] These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the source code and learn from that. Habu - Installation on Kali Linux > [Hidden Content] Some techniques implemented in the current version are: ARP Poisoning ARP Sniffing DHCP Discover DHCP Starvation Fake FTP Server LAND Attack SNMP Cracking Subdomains Identification SSL/TLS Certificate Cloner SYN Flooding TCP Flags Analysis TCP ISN Analysis TCP Port Scan Username check on social networks Virtual Hosts Identification Web Techonologies Identification Dependencies Habu requires Python3 and the following packages: beautifulsoup4 click cryptography dnspython lxml prompt_toolkit pygments regex requests requests-cache scapy-python3 websockets matplotlib (Optional, only needed if you want to make some graphs)
  24. What can you do with Facebook Social ToolKit ? (A) Free Removal Tools 1. Unlike All Facebook Pages At Once: This tool allows you to unlike all Facebook pages at once, thus it helps to improve your timeline and removes unnecessary posts from timeline. 2. Unfriend All Friends At Once: If you have decided to close your Facebook account then this tool can help you to remove all Facebook friends before you deactivate your account. 3. Unfollow All Facebook Friends At Once: If you don 't want to see posts from your friends or if you want to see posts of selective friends then this tool can help you. 4. Delete All Comments At Once: This tool can help you to get rid of abusive and irrelevant comments posted on your status update. 5. Reject All Friend Requests At Once: If you receive too many friend requests and if you have reached your friend request limit then this tool can help you to reject all friend requests. 6. Unfollow All Facebook Groups At Once: This tool will remove unnecessary posts from groups joined by Facebook users without leaving Facebook groups . 7. Remove Facebook Page Likes: If you have decided to close your Facebook page and delete it then this tool can help you to remove likes from a Facebook page. 8. Remove All Facebook Groups: If you are annoyed by the number of notifications you receive from Facebook groups then this tool can help you to leave all Facebook groups. Cancel All Pending Friend Requests: Free Facebook Tools 1. Facebook ID Extractor: Facebook ID extractor allows you to extract IDs of your profiles, groups, events and Facebook pages for free.All you need to do is enter the URL and click on the extract ID button. 2. Invite Your Friends To Like Your Page: This tool automates the process of inviting your friends to like your page and helps you to get more likes on your Facebook page. 3. Invite Your Friends To Join Your Group: This tool adds all friends as group members and helps you to increase the number of group members to make your.This tool is made to make your group more active. 4. Accept All Friend Requests At Once: Sometime we receive too many friend requests and clicking on confirm button can become a painful job.This tool automates the process of accepting all friend requests, in a three simple clicks you can accept thousands of friend requests. 5.E vent Invitation Tool: Inviting all friends to your Facebook event can become a painful job if you have more than 1000 thousand Facebook friends.Event invitation tool is made to automate the process of inviting all friends to your Facebook event. 6. Send Multiple Friend Requests At once: This tool allows you to send multiple friend requests to your Facebook friends.In a single click you can send many friend requests. 7. Suggest Your Friends To Another Friend: This tool allows you to suggest your Facebook friends to add another Facebook friend.If your friend recently joined Facebook and you want to let other friends know about him then this tool can be useful. 8. Facebook Video Downlaoder: This tool generates a download link for public Facebook videos.All you need to do is enter the URL of the Facebook video and click on generate download link button.After that user can visit the download link and press CTRL + S to save the video on their hard drive. Premium Facebook Tools These are premium automation tools with advanced functionality and these tools are reserved on for premium users.To purchase a premium license please use the links given in the extension box. 1. Facebook Group Member Tagger: Facebook group member tagger is not working but previously it was used to mention all group members in comments so that they will be informed about the post. 2. Facebook Group Transfer: This tool allow users to transfer membership their Facebook groups to their friends. 3. Post On Multiple Groups At Once: This tool allows users to post on multiple Facebook groups at once. 4. Post On Own Facebook Pages: This tool allows page admins to share same message or link on all Facebook pages administered by that page admin. 5. Claim As Group Admin: This tool allows you to become admin of public Facebook groups that have no admins. 6. Add All Friends As Group Admin: This tool allows you to add all Facebook friends as group member and then makes them admin of the group one by one. 7. Group Admin Transfer: This allows you to transfer ownership of your Facebook groups to your friend. 8. Message All Friends At Once: This tool allows you to send messages and stickers to your Facebook friends. 9. Post On Liked Pages: This tool allows you to post on pages liked by Facebook user. 10. Join Multiple Groups Using Group Ids: This tool allows you to become member of multiple Facebook groups, in order to become member of multiple Facebook groups you need to provide a list of group IDs separated by commas. (D) Premium Extraction Tools Premium extraction tools are advanced automation tool made to retrieve information about your Facebook friends, Facebook Groups and Facebook Pages.These tools are reserved only for premium members, make sure you have purchased a premium license key to use these tools. 1. Extract Facebook Page Fan IDs: This tool allows you extract IDs of your page fans, extracted result can be used as a target in ad campaign. 2. Extract Group Email: Facebook allows you to post on all Facebook groups using their group email, this tool will allow you to generate a list of group emails to use for sending emails. 3. Extract Friends ' Emails : Some Facebook friends don 't share their email address publicly. We can use Facebook email to contact them using their email address. Emails sent to their Facebook email will be transferred into their primary email inbox. 4. Extract Friend IDs: This tool allows you to generate a list of IDs of your Facebook friends which can be saved into a CSV file, later it can be used as a target audience in Facebook ad campaign. 5. Extract Group IDs: This tool allows you to generate a list of group IDs which cna be used in other automation tools. 6. Extract User Likes: This tools gives you a list of IDs of Facebook pages liked by a Facebook user. 7. Extract Group Member IDs: This tool allows you to generate a list of IDs of Facebook group members which can be used as a target audience in a Facebook ad camping. 8. Extract Group Member Emails: This tool allows you to get email address of Facebook friends to send emails to their Facebook email.Extracted emails can be used as a target audience in Facebook ad campaign. 9. Extract Phone Numbers Of Facebook Friends: This tool allows you to collect public phone numbers of your Friends.These phone numbers can be used to add your Facebook friends on whatsapp or it can be used as a target audience in Facebook ad campaign. Facebook Social Toolkit also allows you to hide last seen on Facebook for Facebook messages. How can i install it ?! Go to READ ME Notepad on the folder. the instructions will be there. Download: [HIDE][Hidden Content]] Password: level23hacktools.com
  25. Bashark Post exploitation toolkit written in pure Bash Table of Contents Introduction Usage Features Demo License Introduction Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark's help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to heuristic and behavioural analysis Built-in aliases of often used shell commands Extends system shell with post-exploitation oriented functionalities Stealthy, with custom cleanup routine activated on exit Easily extensible (add new commands by creating Bash functions) Full tab completion Demo License This software is under MIT License [hide][Hidden Content]]