Search the Community

Showing results for tags 'v2.0'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me










Found 65 results

  1. SocialPwned SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin, and Twitter to find the possible credential leaks in PwnDB. The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness. SocialPwned uses different modules: Instagram: Making use of the unofficial Instagram API from @LevPasha, different methods were developed to obtain the emails published by users. An Instagram account is required. Linkedin: Using @tomquirk’s unofficial Linkedin API, different methods were developed to obtain a company’s employees and their contact information (email, twitter or phone). In addition, it is possible to add the employees found to your contacts, so that you can later have access to their network of contacts and information. A Linkedin account is required. Twint: Using Twint from @twintproject you can track all the Tweets published by a user looking for some email. A Twitter account is not necessary. PwnDB: Inspired by the tool PwnDB created by @davidtavarez a module has been developed that searches for all credential leaks from the emails found. In addition, for each email, a POST request is made to HaveIBeenPwned to find out the source of the leak. Changelog v2.0 Docker Implementation GHunt Module Dehashed Module Output Enhancement Web Scraping Fix in HaveIBeenPwned Fixed several bugs [hide][Hidden Content]]
  2. Crimson Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks. It uses many open source tools, most of them are available for download from github. It consists of three partially interdependent modules: crimson_recon – automates the process of domain reconnaissance. crimson_target – automates the process of urls reconnaissance. crimson_exploit – automates the process of bug founding. crimson_recon This module can help you if you have to test big infrastructure or you are trying to earn some bounties in * domain. It includes many web scraping and bruteforcing tools. crimson_target This module covers one particular domain chosen by you for testing. It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools. crimson_exploit This module uses a number of tools to automate the search for certain bugs in a list of urls. Changelog v2.0 From now on, Crimson acts as a docker container and the script is no longer supported (Although, it should still works on Linux Mint) Much of the code has been rewritten and improved. Added, script to scripts directory Added Ciphey tool words directory has been improved Added new options to all three modules to make them more “elastic”. Added rustscan in place of masscan crimson_recon: Added optional flags to this module, which are shown below: -x # Domain bruteforcing (with words/dns wordlist) -v # Virtual host discovering -p # TCP ports scanning (1-65535) -u # UDP ports scanning (nmap default ports) -b # Third level subdomain bruteforcing -y # Proxy urls.txt and live.txt to Burp ( crimson_target Added optional flags to this module, which are shown below: -p # TCP (1-65535) / UDP (nmap default) ports scanning -a # Automatic deletion of possible false-positive endpoints after brute forcing with ffuf (this option needs more tests) -y # Proxy urls.txt and ffuf.txt to Burp ( A lot of modifications in the script New workflow – check the documentation guidelines. crimson_exploit The script was rewritten New tools being added, check scripts directory! Faster CVE scanning [hide][Hidden Content]]
  3. itsMe

    DS Searcher v2.0

    Note: Password you enter is hidden just enter password and press enter it will logined [hide] KEY: @DSCONFIGS [Hidden Content]]
  4. itsMe

    Socialx-Project V2.0

    What is Social_X: Social_X is a Social Engineering And Remote Access Trojan Tool. You can generate png/jpg/docx/xml etc. looking exe files. Social_X is a penetration testing tool. [hide][Hidden Content]]
  5. itsMe

    Teardroid Php Rat v2.0

    its easy to use android php rat the best part is no port forwarding needed also work as ransomware [hide][Hidden Content]]
  6. Nebula Nebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is built with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or automation engines like Ansible, Terraform, Chef, etc. Currently covers: S3 Bucket name bruteforce IAM, EC2, S3, STS, and Lambda Enumeration IAM, EC2, STS, and S3 exploitation SSM Enumeration + Exploitation Custom HTTP User-Agent Enumerate Read Privileges (working on write privs) Reverse Shell No creds Reconnaisance There are currently 67 modules covering: Reconnaissance Enumeration Exploit Cleanup Reverse Shell Changelog v2.0 STS AssumeRoleWithWebIdentity Reconnaissance TCP Reverse Shell (Draft) Reverse Shell check_env that checks the environment of the victim system Updated getuid that checks IAM:GetUser, IAM:ListAttachedUserPolicies and IAM:GetPolicy Now it gets the credentials from ¬/.aws [hide][Hidden Content]]
  7. HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). Changelog v2.0 UI reconstruction: more intuitive, support for adding category tags and sorting headers; Configuration reconstruction: Converted from JSON format file to YAML format Scope refinement: from the support request message, response message, and all messages to support request message, response message, all messages, request header, request body, response header, and response body Controllable configuration: you can customize the URI suffixes you don’t want to match [hide][Hidden Content]]
  8. What? Arkhota is a web (HTTP/S) brute forcer for Android. Why? A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations here's Arkhota. [hide][Hidden Content]]
  9. ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, utilizing a technique to flush an EDR’s hook out the system DLLs running in the process’s memory. This works because we know the EDR’s hooks are placed when a process is spawned. ScareCrow can target these DLLs and manipulate them in memory by using the API function VirtualProtect, which changes a section of a process’ memory permissions to a different value, specifically from Execute–Read to Read-Write-Execute. When executed, ScareCrow will copy the bytes of the system DLLs stored on disk in C:\Windows\System32\. These DLLs are stored on disk “clean” of EDR hooks because they are used by the system to load an unaltered copy into a new process when it’s spawned. Since EDR’s only hook these processes in memory, they remain unaltered. ScareCrow does not copy the entire DLL file, instead only focuses on the .text section of the DLLs. This section of a DLL contains the executable assembly, and by doing this ScareCrow helps reduce the likelihood of detection as re-reading entire files can cause an EDR to detect that there is a modification to a system resource. The data is then copied into the right region of memory by using each function’s offset. Each function has an offset which denotes the exact number of bytes from the base address where they reside, providing the function’s location on the stack. In order to do this, ScareCrow changes the permissions of the .text region of memory using VirtualProtect. Even though this is a system DLL, since it has been loaded into our process (that we control), we can change the memory permissions without requiring elevated privileges. Once these the hooks are removed, ScareCrow then utilizes custom System Calls to load and run shellcode in memory. ScareCrow does this even after the EDR hooks are removed to help avoid being detected by non-userland hooked-based telemetry gathering tools such as Event Tracing for Windows (ETW) or other event logging mechanisms. These custom system calls are also used to perform the VirtualProtect call to remove the hooks placed by EDRs, described above, to avoid being detected an any EDR’s anti-tamper controls. This is done by calling a custom version of the VirtualProtect syscall, NtProtectVirtualMemory. ScareCrow utilizes Golang to generate these loaders and then assembly for these custom syscall functions. ScareCrow loads the shellcode into memory by first decrypting the shellcode, which is encrypted by default using AES encryption with a decryption and initialisation vector key. Once decrypted and loaded, the shellcode is then executed. Depending on the loader options specified ScareCrow will set up different export functions for the DLL. The loaded DLL also does not contain the standard DLLmain function which all DLLs typically need to operate. The DLL will still execute without an issue because the process we load into will look for those export functions and not worry about DLLMain being there. During the creation process of the loader, ScareCrow utilizes a library for blending into the background after a beacon calls home. This library does two things: Code signs the Loader: Files that are signed with code signing certificates are often put under less scrutiny, making it easier to be executed without being challenged, as files signed by a trusted name are often less suspicious than others. Most antimalware products don’t have the time to validate and verify these certificates (now some do but typically the common vendor names are included in a whitelist) ScareCrow creates these certificates by using a go package version of the tool limelighter to create a pfx12 file. This package takes an inputted domain name, specified by the user, to create a code signing certificate for that domain. If needed, you can also use your own code signing certificate if you have one, using the valid command-line option. Spoof the attributes of the loader: This is done by using syso files which are a form of embedded resource files that when compiled along with our loader, will modify the attribute portions of our compiled code. Prior to generating a syso file, ScareCrow will generate a random file name (based on the loader type) to use. Once chosen this file name will map to the associated attributes for that file name, ensuring that the right values are assigned. Changelog v2.0 New Features Introduced ETW bypass mechanisms to prevent ETW events from being generated. Introduced unhooked process Injection techniques to unhook an EDR from the injected process. Added a flag to allow a custom set of JSON for Attribute Spoofing. Add a new list of DLLs for the WScript loader option. Added anti-attribution controls in binary mode. Bug Fixes Fixed some command line bugs. Updated help menu & README. [hide][Hidden Content]]
  10. HackBar (Burpsuite Plugin) HackBar is a sidebar that assists you with web application security testing, it’s aim is to help make those tedious tasks a little bit easier. Feature MD5, SHA1, SHA256 Hashing Algorithms ROT13 Encoding/Decoding Base64 Encoding/Decoding URL Encoding/Decoding Hex Encoding/Decoding Binary Encoding/Decoding Load, split and execute HTTP requests, This also includes the ability to manipulate POST data and your Referer Extract links from the current page Strip spaces and slashes from strings as well as reversing them XSS assistance (String.fromCharCode generation, HTML Characters and XSS Alert generation) Auto-XSS (Scrapes possible parameters and tests them for XSS (either using a Custom payload or a Polygot)) SQL Injection Assistance Changelog v2.0 Shifted to gradle from NetBeans Bug Fix [hide][Hidden Content]]
  11. Main Features & some Extras! Responsive Design with unlimited Skin & Background Color combinations Bootstrap 3.0 with {less} (style.less is compiled automatically!) Backend Page Builder based on WPBakery Page Builder (1) Custom Plethora Shortcodes and VC Row Settings WooThemes Flexslider custom integration WooCommerce Ready to build a simple e-shop WPML Ready to create a multilingual Website Before & After Image Compare Shortcode Enhanced Theme Settings, based on Redux Framework Feature Activation/Deactivation System. Prevent loading of components that you don’t use in your website! Parallax Backgrounds & Flexible Blog presentation Enhanced Header Panel with Color | Image | Video | Slider | Map backgrounds, available for all pages & posts Portfolio with Grid or Masonry view and Category Filters Twitter Feed, Mailchimp & Flickr Integration Google Fonts & Maps Integration Translation Ready SEO Friendly Clean Code Cross Browser Compatibility, HTML5 / CSS3 Tested by W3C Validator Advanced in-Source Comments for extra developer assistance Contact Form 7 Compatible [Hidden Content] [hide][Hidden Content]]
  12. Original Source Code [hide][Hidden Content]]
  13. itsMe

    3xtract-APK V2.0

    Extract inside apps data like URL,IP ADDRESS, E-MAIL,STRINGS, PARAMETERS etc. [+] Uses Command ==> apt install apktool ==> cd 3xtract-APK ==> chmod +x * ==> ./ APKTOOL files.apk [+] Made by Ghosthub [+] Version 2.0 [hide][Hidden Content]]
  14. Crypto-yank is a clipboard stealer that monitors for crypto addresses and replaces them with your own. Features: Written in Python 3 Support For: Bitcoin (Legacy & Segwit),Etherum,Dash,Doge,Ripple and Monero. Easy setup script. Specific crypto replacement. Comprised of regex to find and match addresses. Logging to log.txt About: crypto-yank is a clipboard stealer that replaces crypto-currency addresses found in the clipboard with your malicious address. When no address is found crypto-yank remains dormant until it finds a match. [hide][Hidden Content]]
  15. Give a Mask to Phishing URL like a PRO MaskPhish is a simple script to hide phishing URL under a normal looking URL( or [hide][Hidden Content]]
  16. itsMe

    BlackUpload v2.0

    BlackUpload is an Anonymus File Uploader Script with Multi File Upload Support It comes with more than 20 features and you can set up it in less than 5 minutes. Features Simple to use and implement 4 Protection levels Mime Type Extensions Size Forbidden names Out Of The Box Functions Bootstrap and jQuery over CDN Multi-File Upload Support BlackUpload PHP Class 20+ Features [hide][Hidden Content]]
  17. Features Paradoxia Console Feature Description Easy to use Paradoxia is extremely easy to use, So far the easiest rat! Root Shell - Automatic Client build Build Paradoxia Client easily with or without the icon of your choice. Multithreaded Multithreaded Console server, You can get multiple sessions. Toast Notifications Desktop notification on new session Configurable Settings Configurable values in paradoxia.ini Kill Sessions Kill Sessions without getting in sesssion. View Session information View Session information without getting in Session. Paradoxia Client Feature Description Stealth Runs in background. Full File Access Full access to the entire file system. Persistence Installs inside APPDATA and has startup persistence via Registry key. Upload / Download Files Upload and download files. Screenshot Take screenshot. Mic Recording Record Microphone. Chrome Password Recovery Dump Chrome Passwords using Reflective DLL (Does not work on latest version) :shipit: Keylogger Log Keystrokes and save to file via Reflective DLL. Geolocate Geolocate Paradoxia Client. Process Info Get Process information. DLL Injection Reflective DLL Injection over Socket, Load your own Reflective DLL, OR use ones available here. Power off Power off the Client system. Reboot Reboot the client system. MSVC + MINGW Support Visual studio project is also included. Reverse Shell Stable Reverse Shell. Small Client Maximum size is 30kb without icon. [hide][Hidden Content]]
  18. What’s PAKURI Sometimes, penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is a semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools using only the numeric keypad, just like a game. It is also a good entry tool for beginners. They can use PAKURI to learn the flow to penetration testing without struggling with a confusing command line/tools. Abilities of “PAKURI”. Intelligence gathering. Vulnerability analysis. Visualize. Brute Force Attack. Exploitation. Your benefits. By using our PAKURI, you will benefit from the following. For redteam: (a) Red Teams can easily perform operations such as information enumeration and vulnerability scanning. (b) Visualizing the survey results is possible only with the numeric keypad. For blueteam: (c) The Blue Team can experience a dummy attack by simply operating the numeric keypad even they do not have any penetration testing skill. For beginner: (d) PAKURI has been created to support the early stages of penetration testing. These can be achieved with what is included in Kali-Tools. It can be useful for training the entry level pentesters. NOTE If you are interested, please use them in an environment under your control and at your own risk. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legal liability for your action. Features Scan enum4linux Nikto Nmap OpenVAS Skipfish sslscan SSLyze Exploit BruteSpray Metasploit Visualize Faraday CUI-GUI switching PAKURI can be operated with CUI and does not require a high-spec machine, so it can be operated with Raspberry Pi Changelog v1.1.1 This is PAKURI version 2, presented at BlackHat Asia 2020 Arsenal [hide][Hidden Content]]
  19. dEEpEst

    Recox v2.0

    Recox v2.0 The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a sophisticated attack. RecoX automates several functions and saves a significant amount of time that requires throughout a manual penetration test. Video: [Hidden Content] Download: [Hidden Content]
  20. SubDomainizer SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascript present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and a similar case for cloudfront. It also scans inside the given folder which contains your files. Cloud Storage Services Supported: SubDomainizer can find URL for following cloud storage services: 1. Amazon AWS services (cloudfront and S3 buckets) 2. Digitalocean spaces 3. Microsoft Azure 4. Google Cloud Services 5. Dreamhost 6. RackCDN. Changelog v2.0 SANs Feature: Added a feature to find Subject Alternative Names for already found subdomains from different sources. Two options can be used with -san argument i.e. all or same. same will find only subdomains for TLD of the URL. all will find all (sub)domains having the same SAN for a given subdomain. Secret Location Feature: Added a feature to display the location of secrets. Inline in case if secret(s) found within the page (used in -u argument) URL of file in case if secret(s) found on External JS file or Github URL or File path (in case of the folder). [hide][Hidden Content]]
  21. [hide][Hidden Content]]
  22. Description A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS / ...), supports custom modules, and includes some commonly used penetration modules. ChangeLog release v2.0 : -fix Fix the problem of path errors caused by backslashes when uploading files in the file management office -fix Long-term testing in various scenarios in the real environment, fixing some hidden problems, and now more stable +support Support for lower kernel version systems +support Environment variables are automatically set at startup +support Delete sensitive env records at startup +support The background service process can be linked to the init process at startup +support Increase session spawn function +support Increase the function of session setting environment variables +support Increase the privilege escalation function of session getsystem +support Increase session analysis function to handle multiple merge tasks +support Increase Mac & Linux lateral movement function [hide][Hidden Content]]
  23. ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point. Notes: ADCollector is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too much at the early Recon stage. Functions implemented in ADCollector are ideal for enumeration in a large Enterprise environment with lots of users/computers, without generating lots of traffic and taking a large amount of time. It only focuses on extracting useful attributes/properties/ACLs from the most valuable targets instead of enumerating all available attributes from all the user/computer objects in the domain. You will definitely need PowerView to do more detailed enumeration later. The aim of developing this tool is to help me learn more about Active Directory security in a different perspective as well as to figure out what’s behind the scenes of those PowerView functions. I just started learning .NET with C#, the code could be really terrible~ It uses S.DS namespace to retrieve domain/forest information from the domain controller(LDAP server). It also utilizes S.DS.P namespace for LDAP searching. Enumeration Current Domain/Forest information Domains in the current forest (with domain SIDs) Domain Controllers in the current domain [GC/RODC] (with ~~IP, OS Site and ~~Roles) Domain/Forest trusts as well as trusted domain objects[SID filtering status] Privileged users (currently in DA and EA group) Unconstrained delegation accounts (Excluding DCs) Constrained Delegation (S4U2Self, S4U2Proxy, Resources-based constrained delegation) MSSQL/Exchange/RDP/PS Remoting SPN accounts User accounts with SPN set & password does not expire account Confidential attributes () ASREQROAST (DontRequirePreAuth accounts) AdminSDHolder protected accounts Domain attributes (MAQ, minPwdLength, maxPwdAge lockoutThreshold, gpLink[group policies that linked to the current domain object]) LDAP basic info(supportedLDAPVersion, supportedSASLMechanisms, domain/forest/DC Functionality) Kerberos Policy Interesting ACLs on the domain object, resolving GUIDs (User-defined object in the future) Unusual DCSync Accounts Interesting ACLs on GPOs Interesting descriptions on user objects Sensitive & Not delegate account Group Policy Preference cpassword in SYSVOL/Cache Effective GPOs on the current user/computer Restricted groups Nested Group Membership Changelog v2.0 1. Complete Rewrite (more extensible) 2. Add Interactive Menu with command line choice 3. Use direct API call to enumerate Trust relationship 4. Update Applied GPO Enumeration with Security Filtering and WMI Filtering (WMIFilter needs to be checked manually) 5. Add LDAP DNS Record Enumeration 6. RunAs: Run ADCollector under another user context 7. Flexible SPN Scan, DNS Records, Nested Group Membership, ACL Enumeration 8. Add NetSessionEnum, NetLocalGroupGetMembers and NetWkstaUserEnum [hide][Hidden Content]]
  24. [hide][Hidden Content]]
  25. Description: uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from (Google Hacking Database: [Hidden Content]). [hide][Hidden Content]]