Search the Community

Showing results for tags 'written'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 32 results

  1. Features Command line interface Cross-platform Multi-threaded HTTP(S), Socks4, Socks4a and Socks5 Customizable test URL Customizable timeouts (Proxy & Request) Remove proxy duplicates [hide][Hidden Content]]
  2. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Changelog v3.96 Fix the memory call problem for Frida. Fix missing parentheses in multi-conditional expressions. #60 Fix the problem of inconsistent variable names caused by parent and child classes in different basic blocks. Add the saving of the js code for Frida when the device is not connected. The control flow analysis algorithm is further optimized. Implement the automatic propagation function of the overloaded method name renaming for the subclass of any class/interface. #65 [hide][Hidden Content]]
  3. Disclaimer I, the creator, am not responsible for any actions, and or damages, caused by this software. You bear the full responsibility of your actions and acknowledge that this software was created for educational purposes only. This software's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use. By using this software, you automatically agree to the above. Data extraction: [→] AntiAnalysis (VirtualBox, SandBox, Debugger, VirusTotal, Any.Run) [→] Knock off IPLogger. [→] USB worm. [→] Clipper Crypto Wallet (BTC, Etherium, LiteCoin, Monero) [→] Clipper Card Bank (Visa, Mastercard, QIWI) [→] Clipper Wallet WebMoney (WMR, WMZ, WMU, WMX) [→] Clipper Wallet QIWI (Nick, Money Box, Number) [→] Clipper Wallet YandexMoney. [→] Clipper Wallet Payeer. [→] Clipper LINK (STEAM, MEGA DISK, Yandex Dis, DONAT ALERT) [→] Clipper LINK (STEAM, MEGA DISK, Yandex Dis, DONAT ALERT) [hide][Hidden Content]]
  4. About 365-Stealer is a tool written in Python3 which can be used in illicit consent grant attacks. When the victim grant his consent we get their Refresh Token which can be used to request multiple Tokens that can help us in accessing data like Mails, Notes, Files from OneDrive etc. Doing this manually will take a lot of time so this tool helps in automating the process. 365-Stealer comes with 2 interfaces: CLI - The CLI is purely written in python3. Web UI - The Web UI is written in PHP and it also leverages python3 for executing commands in background. Features Steals Refresh Token which can be used to grant new Access Tokens for at least 90 days. Can send mails with attachments from the victim user to another user. Creates Outlook Rules like forwarding any mail that the victim receives. Upload any file in victims OneDrive. Steal's files from OneDrive, OneNote and dump all the Mails including the attachments. 365-Stealer Management portal allows us to manage all the data of the victims. Can backdoor .docx file located in OneDrive by injecting macros and replace the file extension with .doc. All the data like Refresh Token, Mails, Files, Attachments, list of all the users in the victim's tenant and our Configuration are stored in database. Delay the request by specifying time in seconds while stealing the data Tool also helps in hosting the dummy application for performing illicit consent grant attack by using --run-app in the terminal or by using 365-Stealer Management. By using --no-stealing flag 365-Stealer will only steal token's that can be leverage to steal data. We can also request New Access Tokens for all the user’s or for specific user. We can easily get a new access token using --refresh-token, --client-id, --client-secret flag. Configuration can be done from 365-Stealer CLI or Management portal. The 365-Stealer CLI gives an option to use it in our own way and set up our own Phishing pages. Allow us to steal particular data eg, OneDrive, Outlook etc. by passing a --custom-steal flag. All the stolen data are saved in database.db file which we can share with our team to leverage the existing data, tokens etc. We can search emails with specific keyword, subject, user's email address or by filtering the emails containing attachments from the 365-Stealer Management portal. We can dump the user info from the target tenant and export the same to CSV. [hide][Hidden Content]]
  5. Cerbrutus Modular brute force tool written in Python, for very fast password spraying SSH, and FTP and in the near future other network services. COMING SOON: SMB, HTTP(s) POST, HTTP(s) GET, HTTP BASIC AUTH Thanks to @0dayctf, Rondons, Enigma, and 001 for testing and contributing [hide][Hidden Content]]
  6. Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features. Main Features Admin Permission Add App To White List Looks Like Browser Runs In Background Even App is Closed(May not work on some Devices) Accessibility Feature Support Android v5 - v10 No Port Forwarding Needed [hide][Hidden Content]]
  7. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Changelog v3.95 Fixed syntax error when executing a method [hide][Hidden Content]]
  8. Platypus A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Changelog v1.3.1 1. Fix version error in v1.3.0 2. Make version checking configurable [hide][Hidden Content]]
  9. Platypus A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Changelog v1.2.9 1. Add `Alias` command which gives a session a human friendly name 2. Solve conflicts on the sessions from the same machine 3. Direct nohup output to /dev/null [hide][Hidden Content]]
  10. The fastest dork scanner written in Go. Changelog c2460b4 Prep v1.0.0 - Fix #1 - Update action workflows 5d7e44b Refactoring main - Using go modules - Using auto-switch transport proxy (mubeng pkg) - Threading on querying 0fba389 Merge pull request #4 from Rishang/master 5876033 Fixed gologger msg errors 9a454e9 Update README 3ab7f2c Update issue templates [hide][Hidden Content]]
  11. This ia an simple and powerful stealer that steals victim credentials and send to your discord server... This File Steals: 1. Ip address 2. Screenshot 3. Discord token 4. Mac Address 5. System Information [hide][Hidden Content]]
  12. PE-Packer PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry. When running a packed PE file, the shell-entry will decrypt and load the original program as follows: Decrypting sections. Initializing the original import table. Relocation. Before packing, using some disassembly tools can disassemble the executable file to analyze the code, such as IDA Pro. [hide][Hidden Content]]
  13. An SSRF-Tool wrote in golang Features Wordlist Creation Inject in every parameter one by one Very fast speed Inject into paths Silent Mode Fetch endpoints from Javascript files Bruteforce parameters Find SSRF in those parameters Match multiple patterns in the response Fetch endpoints from Javascript files Bruteforce parameters Find SSRF in those parameters Match multiple patterns in the response Note Make sure when creating wordlists or finding ssrf with my tool that the domains are resolved. You can use: httpx httprobe massdns [hide][Hidden Content]]
  14. KratosKnife is a Advanced BOTNET Written in python 3 for Windows OS. Comes With Lot of Advanced Features such as Persistence & VM Detection Methods, Built-in Binder, etc Generator Features Encrypt Source Code Using AES 256 Bit Encryption Encrypt Source Code Using Base64 Encryption Packing Evil Exe Using UPX Packer Interactive Mode [Generator Ask Required Parameter] Debug Mode [Can Be Used In Debugging Payload] Persistence Payload 3 Powerfull Methods to Detect/Bypass VM (such as VirtualBox, VMware, Sandboxie) Built-in File Binder Useful Icons Inside icon Folder Virtual Machine Bypass Methods Includes Registry Check Processes and Files Check MAC Adderess Check Disclaimer This project was created only for good purposes and personal use. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM. [hide][Hidden Content]]
  15. Usage Mandark.Load( (string) host, (byte[]) payload, (string) arguments ); Requirements Make sure you compile to 64-bit [hide][Hidden Content]]
  16. Ransomeware written in Python3 How to use install the libraries: subprocess, cryptography, re, json, requests, pathlib install pyinstaller (pip install pyinstaller) run the builder THIS IS ONLY FOR EDUCATIONAL PURPOSES! I DO NOT TAKE RESPONSABILITY FOR THE USE OF THIS TOOL! [hide][Hidden Content]]
  17. GoSpider – Fast web spider wrote in Go Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from response source Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault Format output easy to Grep Support Burp input Crawl multiple sites in parallel Random mobile/web User-Agent Changelog v1.1.3 c59ef01 Upgrade v1.1.3 7b01017 Merge pull request #27 from rayhan0x01/patch-1 20f8238 removing lower case conversion of paths and parameters 656e12f Fix typo in -q options 9d7a0df Update release [hide][Hidden Content]]
  18. What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application but are still accessible by an attacker. feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network address, etc… This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration. Comparison w/ Similar Tools There are quite a few similar tools for forced browsing/content discovery. Burp Suite Pro, Dirb, Dirbuster, etc… However, in my opinion, there are two that set the standard: gobuster and ffuf. Both are mature, feature-rich, and all-around incredible tools to use. So, why would you ever want to use feroxbuster over ffuf/gobuster? In most cases, you probably won’t. ffuf in particular can do the vast majority of things that feroxbuster can, while still offering boatloads more functionality. Here are a few of the use-cases in which feroxbuster may be a better fit: You want a simple tool usage experience You want to be able to run your content discovery as part of some crazy 12 command unix pipeline extravaganza You want to scan through a SOCKS proxy You want auto-filtering of Wildcard responses by default You want recursion along with some other thing mentioned above (ffuf also does recursion) You want a configuration file option for overriding built-in default values for your scans [hide][Hidden Content]]
  19. Stealer + Clipper + Keylogger Stealer written on C#, logs will be sent to Telegram bot. Disclaimer I, the creator, am not responsible for any actions, and or damages, caused by this software. You bear the full responsibility of your actions and acknowledge that this software was created for educational purposes only. This software's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use. By using this software, you automatically agree to the above. Functions AntiAnalysis (VirtualBox, SandBox, Emulator, Debugger, VirusTotal, Any.Run) Steal system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics) Chromium based browsers (passwords, credit cards, cookies, history, autofill, bookmarks) Firefox based browsers (db files, cookies, history, bookmarks) Internet explorer/Edge (passwords) Saved wifi networks & scan networks around device (SSID, BSSID) File grabber (Documents, Images, Source codes, Databases, USB) Detect banking & cryptocurrency services in browsers Install keylogger & clipper Steam, Uplay, Minecraft session Desktop & Webcam screenshot ProtonVPN, OpenVPN, NordVPN Cryptocurrency Wallets Telegram sessions Pidgin accounts Discord tokens Filezilla hosts Process list Directories structure Product key Autorun module [hide][Hidden Content]] Scan
  20. Features Inject multiple payloads into all parameters Inject single payloads into all parameters Saves responses into output folder Displays Status Code & Response Length Can grep for patterns in the response Really fast Easy to setup [hide][Hidden Content]]
  21. Features Connection is encrypted using random RSA + AES key Multiple clients support Execute shell commands Download/Upload files Take screenshot Cross platform [hide][Hidden Content]]
  22. Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Interactive operation: 1.cross-references for strings, classes, methods and fields; 2.searching for strings, classes methods and fields; 3.comments for java code; 4.rename for methods,fields and classes; 5.save the analysis results in gda db file. … Utilities for Assisted Analysis: 1.extracting DEX from ODEX; 2.extracting DEX from OAT; 3.XML Decoder; 4.algorithm tool; 5.device memory dump; … New features: 1.Brand new dalvik decompiler in c++ with friendly GUI; 2.Support python script 3.packers Recognition; 4.Multi-DEX supporting; 5.making and loading signature of the method 6.Malicious Behavior Scanning by API chains; 7.taint analysis to preview the behavior of variables; 8.taint analysis to trace the path of variables; 9.de-obfuscate; 10.API view with x-ref; 11.Association of permissions with modules; Changelog v3.79 Fixed some problems. Decompile support for .jar files, class .files and .aar files. A rule-based static vulnerability scanner is added. Add the APK file forensics analysis tool. Fixed a bug in variable renaming. Dump tool adds custom dump. Further, optimize intelligent renaming. [hide][Hidden Content]]
  23. cf-check Check a Host is Owned by Cloudflare. [hide][Hidden Content]]
  24. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… New features: 1.Brand new dalvik decompiler in c++ with friendly GUI; 2.Support python script 3.packers Recognition; 4.Multi-DEX supporting; 5.making and loading signature of the method 6.Malicious Behavior Scanning by API chains; 7.taint analysis to preview the behavior of variables; 8.taint analysis to trace the path of variables; 9.de-obfuscate; 10.API view with x-ref; 11.Association of permissions with modules; Changelog v3.78 A lot of bugs fixed, GDAE Professional Edition was released. Provide the option of method Merge mode and separation mode. Fix the problem that the memory module cannot be dump in 64-bit system. Implement the vulnerability detection based on rule expression. Fix the aspect ratio of the window . Change and optimize color management to support various topics. Optimize the GUI, adjust the internal layout of some windows, and repair some GUI problems, making the operation more comfortable. Add the search function (Ctrl + F) to the dump device. Merge the multi Dex in the tree box. The default combination mode on the class display can be switched to separate mode by right-clicking. Add line number, module tag, and jump tag (under SmalI). Right-click to switch. Strengthen the structured algorithm to make the code more readable. De-duplicate the results of malscan. Adapt to the widescreen. Add basic information to view. [Hidden Content]
  25. GoSpider GoSpider – Fast web spider wrote in Go Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from response source Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault Format output easy to Grep Support Burp input Crawl multiple sites in parallel Random mobile/web User-Agent [Hidden Content]