Search the Community

Test / itsMe [hide][Hidden Content]] Scan XWorm V3.1 [Hidden Content] Scan Sever [Hidden Content]

Baymax Patch Tools releases a hijacked DLL for the target process to load the functional module PYG.DLL, realizing dynamic patching of the target process. it not only supports dynamically modifying instructions and data of the target module, but also simulates the OD break function, which can modify the corresponding registers, flag registers and memory data of the registers pointing to memory after breaking the target module, so as to achieve cracking it without modifying the target file. It supports the following two kinds of patching functions: Search and Replace Patch, which can directly modify the instruction code or memory data in the process memory by locating the memory address through the feature code or offset address. Exception Breakpoint Patch, support the abnormal interrupt function of the simulated debugger, by setting and triggering the interrupt after modifying registers, memory and other data to achieve the purpose of modifying the program execution process and so on. The tool is protected by a shell, and the antivirus may misreport the tool and the patch file! Due to the use of the shell SDK, all components of the tool (including the generated patches) do not contain networking capabilities! The generated patches will not modify any files in the system when running (except for overwriting patch files). The generated patches will not modify any files in the system when running (except for overwriting patch files). The tool itself has a verification mechanism and will load only after the module is successfully verified at startup, but for security reasons, please be sure to download and use it from the official site. Function introduction Support creating hijacking and injecting patches to achieve cracking without modifying the target file support for patching processes with dynamic base addresses (ASLR) support patching multiple DLL modules of the target process Support patching different EXEs of the same patch support patching the memory data of a process at a specified address support for patching processes using feature code matching support setting API HOOK decoding for shelled programs before patching data support patching data after setting hardware breakpoint interrupt for the process support setting exception breakpoints to modify the memory pointed to by registers or registers after interrupting the process support setting conditional breakpoints for processes to determine whether to execute Patch according to the number of interrupts, register or memory values Support setting different conditional breakpoints for the same address to perform Patch on the interrupts that meet the conditions support extracting global variables from assembly instructions to store and modify them support for storing data and using stored data during process execution support patching the memory pointed to by the memory marker after interrupt support basic operations on data after interrupt support for reading patch data from ini file support to create memory keymaker support for creating debug patches to troubleshoot patch problems by yourself Baymax Patch toOls v3.1 2023.01.18 x86/x64 v3.1.0 Support multi-language function adjusted and optimized the UI, text descriptions, etc. to improve the interactive experience fix the problem of occasional failure to create patches (thanks to feedback from 沐子) patch module: optimize the problem of slow start-up due to loading many Dlls (thanks to feedback from 真小白) patch program: patch module also supports multi-language function address format conversion tool: adjust the UI, optimize the interaction feature code search tool: optimize the search algorithm, support the search string, search results to increase the segment information, attributes. thanks to the group of friends for their strong support and help to Baymax. 2023.01.30 x86 v3.1.3 x64 v3.1.2 Fix compatibility issues with Windows XP system caused by shell Fix a bug introduced in version 3.1: setting When Running to Oep to generate a non-debug version of Loader will cause the target process to start up and get stuck (thanks to fairycn for the feedback) Fix the bug of wrong display of QWORD data for x64 edit condition breakpoints Fix a bug that when editing old bpt projects, the parsing of entries containing conditional breakpoints was wrong (thanks to 737008227 for the feedback) [hide][Hidden Content]]

Hello Level23 fellows here is the clean leak of Advanced Android Rat Update of Craxs rat which was previously known as Cypher RAT. Since, original is Craxs Rat and all others such as Zenna and Spyroid are just skin changes and edits So , consider this as Craxs Rat v3.1 Any good cracker can crack it easily. Fingers croseed...! Functions (FEATURES) Lock Screen & Unlock it With PIN and Drawing Keylogger Record Everything offline - Auto Clicker: 1: Watch user Touches on screen 2: Record user Touches 3: Repeat User Touches - - - - - - • Quick install: Changed the Apk installing Process , now you can install the apk with 1 Permission "files" , and you can manually request other permissions later from Spyroid Rat Panel • Permissions Manager: - checking allowed/not allowed Permissions - Request Permissions • Builder: Add 2 New Options + 1 Page: - Quick install : Explained - Draw Over Apps (optional) - "Permission Page" : Select the Permissions you want to add to the apk , not for Asking • Remove apk sticky notifications by disableing keep alive on apk builder Optional Permissions now: - Send SMS - Read SMS - Read Contacts - Camera - Microphone - Location - Make Call - Read Accounts - Read Call Log - Change Wallpaper - add new option "self Distraction" to remove the apk & data (auto with super mod) - - - - - - + SCREEN READER This tool Helps you Read Content of the Screen something like "skeleton view or Scan View" , Watch video for more info -improve it to bypass black screen of banks and crypto app -add logo window to copy anything from screen easy -test it to bypass google authenticator app and get code -test it to bypass trust wallet and get secret phase easy + SEND SMS - improve "Send SMS" -send to multi number -send to list from file -send to all contact - add "recent notifications" to dashboard window - add "recent Calls" to dashboard window - Performance improvement - stability improvement -------------------- + Update injection : - support screen wakeup - support Permission manager - support screen shot - support lock screen - Fixed keylogger - request accessibility shows page insted of message - re-encrypt the apk Download Link: [hide][Hidden Content]] Zip Password : SpyroidRat.com

HYIP Lab is an advanced investment platform that works efficiently with all devices. This is a well-architect, powerful, secure, well-optimized, and SEO Friendly web application that comes to satisfy all investment platform owner needs. HYIP Lab is ready to use web script for the business owner who wants to run and promote their next HYIP Investment business flawlessly. [Hidden Content] [hide][Hidden Content]]

The Support Ticket System is an adequately designed ticket managing PHP system that facilitates a great user experience for your Clients / Customers / End-User. Accessible by multiple Agents and Admins, this tool helps in managing tickets generated by Clients / Customers / End-User. By adequately managed support you can close the generated tickets. [Hidden Content] [hide][Hidden Content]]

Grupo Pro is a PHP based Chat Room & Private Chat Script which includes a wide range of features like Unlimited Chat Rooms, One to One Chat, Language Manager, User Profiles, Group roles, Badges, Site Roles, Audio player, Site Adverts, Push Notifications, WordPress Integration, Profanity Filter, Landing Page and tons of other features. [Hidden Content] [hide][Hidden Content]]

Start your own SaaS platform that allows people to use their android mobile devices as SMS gateways, they can also send & receive WhatsApp chats. [Hidden Content] [hide][Hidden Content]]

uDork uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. It does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database). Changelog v3.1 Adapting uDork to the programming changes from Facebook to Meta. Removed the Perl library “libany-uri-escape-perl”. Speed has been improved, gaining 2 seconds between requests. [hide][Hidden Content]]

Pentest use: fileless-xec is used on the target machine to execute a binary file on an attacker-controlled machine Short story fileless-xec enable us to execute a remote binary on a local machine in one step without dropping them on disk simple usage fileless-xec <binary_url> execute binary with specified program name: fileless-xec -n /usr/sbin/sshd <binary_raw_url> retrieve remote binary using http3 protocol and execute it: fileless-xec -http3 <binary_raw_url> detach program execution from tty: setsid fileless-xec […] Changelog v3.1 Add icmp server: Transfer binary content with ICMP (used QueenSono) stdout and stdin in real-time for “unstealth” mode stdout in real time for windows executable [hide][Hidden Content]]

The betternet is a complete Internet Service Providers (ISP) Management solution. The new version of this application comes with tons of new features including Stripe payment, email notification, user auto disconnect with package expires, home page, service zone, role base access, customer manager, billing and payment invoice download and many more [Hidden Content] [hide][Hidden Content]]

After recent Google updates, it’s not enough to have good content, it must be well structured, designed, and organized for desktop and mobiles. And this is where you can get benefits from using Gutencon. It must-have plugin, swiss knife in wordpress which definitely increases profit from your site and gives you complete set of marketing and SEO tools directly in Gutenberg editor which is future of Wordpress. [Hidden Content] [hide][Hidden Content]]

PayMoney is an online payment gateway that ensures smooth and secure transactions. It will help to keep your account more secure & reliable. Enjoy safe online payments through PayMoney. This system is similar to larger payment services like PayPal or Stripe [Hidden Content] [hide][Hidden Content]]

Sngine is a PHP Social Network Platform is the best way to create your own social website or online community. Launch it in just 1 minute with ultimate features. It’s fast, secured, and it will be regularly updated. [Hidden Content] [hide][Hidden Content]]

WoWonder is a PHP Social Network Script, WoWonder is the best way to start your own social network website! WoWonder is fast, secured, and it will be regularly updated. [Hidden Content] [hide][Hidden Content]]

Killer Email Marketing Features You’ve Never Seen Before In Any Autoresponder System Yet. MailEngine Cracks Open The Inboxing Code & Makes Smaller List Marketers Successful Again [Hidden Content] [hide][Hidden Content]]

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Features Efficient: More than 20 plugins to automate post-exploitation tasks Run commands and browse filesystem, bypassing PHP security restrictions Upload/Download files between client and target Edit remote files through local text editor Run SQL console on target system Spawn reverse TCP shells Stealth: The framework is made by paranoids, for paranoids Nearly invisible by log analysis and NIDS signature detection Safe-mode and common PHP security restrictions bypass Communications are hidden in HTTP Headers Loaded payloads are obfuscated to bypass NIDS http/https/socks4/socks5 Proxy support Convenient: A robust interface with many crucial features Detailed help for any command or option (type help) Cross-platform on both the client and the server. Powerful interface with completion and multi-command support Session saving/loading feature & persistent history Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine Each setting, such as user-agent has a polymorphic mode Customisable environment variables for plugin interaction Provides a complete plugin development API Changelog v3.1 Implemented enhancements: Make warning message explicit when running plugin in non-connected mode #74 Show stack trace when VERBOSITY is True #73 get help for CMD when calling help CMD ARG #70 unexpected infinite autocompletion #68 help set \<VAR\>: display buffer type description #67 set should inform user that help set \<VAR\> is available #62 alias \<VAR\> None misses verbosity #59 Missing help set \<SETTING\> autocompletion #56 env: Confusing error message before exploited context #53 ./deps/ folder is archaic #41 Fixed bugs: phpsploit is not working properly #128 suidroot plugin makes invalid assumptions #105 crash: IndexError: list index out of range #101 lrun command always returns 0 #83 core.tunnel.exceptions.ResponseError: Php runtime error #81 core: read non-tty STDIN line-by-line #75 term colors: buggy message display #72 corectl display-http-requests: invalid log on POST method #65 alias can override existing command #60 isolate\_readline\_context\(\) don’t isolates readline history #54 Closed issues: Scripting support #138 add jonas lejon as contributor for his blog post #137 corectl display-http-requests not working when PROXY is set #135 I’m sure i set the backdoor file,but i can’t get windows shell again #120 a window shell trate mysql data #119 Doubt about the socks proxy5 #114 INSTALL.md should have install instructions #106 Add contributors list on README #88 help \<PLUGIN\> lacks plugin informations #85 ux: show missing dependency warnings at start #80 [hide][Hidden Content]]

All the scripts are gathered on the Internet and slightly modified by myself. You can use it under GPLv3. And all on your own risk. Any contributions can grant you TaoWu's internal version access in the near future. Note Base on Cobalt Strike3.x & Cobalt Strike4.x CHANGE LOG 3.1 (2020.8.7) Add Basic Info and Initial Info gathering to Information Discovery. Add CISCO ASA(CVE-2020-3452)、weblogic（CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2017-10271,CVE-2018-2628,CVE-2018-2893,CVE-2019-2725）POCs to Vulnerability. Add dazzleUP to Privilege Escalation. Add some interesting functions for mic recording and webcam shot. [hide][Hidden Content]]

Fern Wifi Cracker Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library. The program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks DISCLAIMER Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in one's own network with the aim of fixing the flaws detected, DO NOT use the program on networks for which you don't have permission, I am not responsible for whatever damage you cause by using this software. Supported operating systems The Software runs on any Linux machine with the programs prerequisites. The program has been tested to work on the following Linux based operating systems: KDE/GNOME BackTrack Linux BackBox Linux Prerequisites The following dependencies can be installed using the Debian package installer command on Debian based systems using apt-get install <program> or otherwise downloaded and installed manually Aircrack-NG Python 3.x Python-Scapy Python Qt5 Subversion Xterm Reaver (for WPS Attacks) Macchanger Features Fern Wifi Cracker currently supports the following features: WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack WPA/WPA2 Cracking with Dictionary or WPS based attacks Automatic saving of key in database on successful crack Automatic Access Point Attack System Session Hijacking (Passive and Ethernet Modes) Access Point MAC Address Geo Location Tracking Internal MITM Engine Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP) Update Support Fern Wifi Cracker v3.1 Bug Fixes Fixed bug when creating monitor interface [hide][Hidden Content]]

Commix (short for [comm]and njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header. Changelog Version 3.1 Fixed: Multiple bug-fixes regarding several reported unhandled exceptions. Added: A script “setup.py” has been added (i.e. easier installation). Revised: Improvement regarding checking if the provided value has boundaries (e.g. ‘param=/value/’). Revised: Improvement regarding dynamic code evaluation technique’s heurstic checks. Revised: Improvement regarding identifying the indicated web-page charset. Revised: Minor improvement regarding verbose mode (i.e. debug messages). Fixed: Bug-fix regarding Basic HTTP authentication. Revised: Minor improvement regarding redirection mechanism. Fixed: Bug-fix regarding defining wildcard character “*” in nested JSON objects. Revised: Minor improvement regarding Flatten_json (third party) module. Revised: Minor improvement regarding parsing nested JSON objects. Added: New tamper script “doublequotes.py” that adds double-quotes (“”) between the characters of the generated payloads (for *nix targets). Fixed: Bug-fix regarding parsing raw HTTP headers from a file (i.e. -r option). Revised: Improvements regarding data in the detailed message about occurred unhandled exception. Revised: Minor bug-fixes and improvements regarding HTTP authentication dictionary-based cracker. [hide][Hidden Content]]

Universal Reddit Scraper This is a universal Reddit scraper that can scrape Subreddits, Redditors, and comments on posts. Scrape speeds will be determined by the speed of your internet connection. Changelog v3.1 New in 3.1.0: Scrapes will now be exported to the scrapes/ directory within a subdirectory corresponding to the date of the scrape. These directories are automatically created for you when you run URS. Added log decorators that record what is happening during each scrape, which scrapes were ran, and any errors that might arise during runtime in the log file scrapes.log. The log is stored in the same subdirectory corresponding to the date of the scrape. Replaced bulky titles with minimalist titles for a cleaner look. Added color to terminal output. Improved naming convention for scripts. Integrating Travis CI and Codecov. Updated community documents located in the .github/ directory: BUG_REPORT, CONTRIBUTING, FEATURE_REQUEST, PULL_REQUEST_TEMPLATE, and STYLE_GUIDE Numerous changes to README. The most significant change was splitting and storing walkthroughs in docs/. [HIDE][Hidden Content]]

XeroChat, a multichannel marketing application, is an ultimate white-label SaaS software with an all-in-one solution for your business to grow. It offers all-powerful tools like Facebook Marketing (Messenger BOT, Comment BOT, Auto Comment Tools, etc.), E-commerce in Messenger, Social Media Posting (Facebook, YouTube, Twitter, LinkedIn, Pinterest, Reddit, Blogger, WordPress, etc.), SMS Marketing (Twilio, Plivo, Clickatell, Nexmo, AfricasTalking, Msg91, SemySMS, RouteSMS, Custom HTTP GET API integration.), Email Marketing (SMTP, Mailgun, Sendgrid, Mandrill, etc.), Search Marketing, Comparison Marketing, Analytical Marketing & many other features. Therefore, XeroChat is the best choice for your daily marketing solutions.. Demo: [Hidden Content] [Hidden Content]

Burp Bounty – Scan Check Builder This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. Examples of vulnerabilities that you can find So, the vulnerabilities identified, from which you can make personalized improvements are: Active Scan: XSS reflected and Stored SQL Injection error based Blind SQL injection Blind SQL injection time-based XXE Blind XXE SSRF CRLF Information disclosure Nginx off-by-slash vulnerability – From Orange Tsai Command injection Web cache poisoning Blind command injection Open Redirect Local File Inclusion Remote File Inclusion Path Traversal LDAP Injection XML Injection SSI Injection XPath Injection etc Passive Response Scan Security Headers Cookies attributes Endpoints extract Software versions Error strings In general any string or regular expression in the response. Passive Request Scan Interesting params and values In general any string or regular expression in the request. Changelog 3.1.0 20200407 Fixed 12 issues from github Better performance of the match algorithm “Path discovery” option has been improved Profiles adapted to the new version [HIDE][Hidden Content]]

Teleshadow3- Advanced Telegram Desktop Session Hijacker! Stealing desktop telegrams has never been so easy! Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use the session file? Just put tdata and telegram.exe in the same directory and open telegram.exe What features does it have? Bypass new security mechanisms Bypass Two-step verification! Bypass Inherent identity and need 5-digit verification code! Support SMTP Transport Support Telegram API Transport (With Proxy) Support FakeMessage Support Custom Icons Bypass A.V (Comming soon...) NOTE: Only official telegram desktops currently supported [HIDE][Hidden Content]]