Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'written'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. contents this is the server side code written in nodejs for screenshotting Tor websites. The code itself is just a puppeteer that connects to tor websites through a TOR proxy (which I setup on a different server. See the image below for instructions on how to setup a tor proxy) Its written as a docker img that fetches a list of tor sites from Amazon DynamoDB (you can replace this with SQL), then crawls each one and takes screenshot of them all. Stores it on S3 then exists. This project was run once a day on Azure Container Instances. the lambdasubmitsite.js is redundant actually and can be ignore. Its a rest endpoint (aws lambda) to receive user submitted Tor sites. setup tor proxy in the code you can see the following line const config_tor_proxies = ["18.130.24.239:56826", "18.130.24.239:56824"] I setup two instances of Tor and port 56826 and 56824. One is also sufficient. [Hidden Content]
  2. What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application but are still accessible by an attacker. feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network address, etc… This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration. Changelog v2.9.2 changed default value for --extract-links to true => added --dont-extract-links to turn off the new default behavior by @epi052 in #834 can load a wordlist from its url over http/https by @epi052 in #834 updated README with alternative installation methods for brew and chocolatey by @aancw in #824 fixed divide by zero error by @epi052 in #834 added check for forced recursion when directory listing detected by @epi052 in #834 [hide][Hidden Content]]
  3. Check a Host is Owned by Cloudflare. Changelog v2.0.2 0294f02 db: Update DB (#15) 94219b3 db: Update DB (#14) [hide][Hidden Content]]
  4. Check a Host is Owned by Cloudflare. Changelog v2.0.1 c70510a db: Update DB (#12) aec3b29 scripts: Parse all instead (proxied possibility) (fix #8) [hide][Hidden Content]]
  5. pdfrip is a fast multithreaded PDF password cracking utility written in Rust with support for wordlist-based dictionary attacks, date and number range bruteforcing, and a custom query builder for password formats. Features Fast: Performs about 50-100k+ passwords per second utilising full CPU cores. Custom Query Builder: You can write your own queries like STRING{69-420} with the -q option which would generate a wordlist with the full number range. Date Bruteforce: You can pass in a year as the input with the -d option which would bruteforce all 365 days of the year in DDMMYYYY format which is a pretty commonly used password format for PDFs. Number Bruteforce: Just give a number range like 5000-100000 with the -n option and it would bruteforce with the whole range. [hide][Hidden Content]]
  6. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the conversion of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Changelog v4.0 Fix the bug that all nodes were deleted when searching the class tree Fix the bug that inheritance methods or members cannot cross-reference #91 Fix the problem that the parameters/return-value are not displayed during data flow analysis #91 Fix the problem about the python plug-in #92 The constant propagation algorithm is optimized to correct the error of code output #90 Optimize the expression output and correct several errors of code output #90 The variable declaration and expression are further optimized Fix some crash bugs. Add translation utility for strings (with Google and Youdao). [hide][Hidden Content]]
  7. cf-check Check a Host is Owned by Cloudflare. Changelog v1.0.4 1052d71 chore: Words d4f35d0 fix: Nil pointer derefer 6933a71 Add Go modules [hide][Hidden Content]]
  8. A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Python SDK Reverse shell as a service (Pop a reverse shell in multiple languages without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Start servers automatically Port forwarding Initialize from configuration file Web UI v1.5.0 Latest **Notice** This temite version is INCOMPATIBLE with earlier versions (v1.4.*) But, the termite would be able to upgrade itself automatically from now on. **New features** 1. Support shell execution in termite 2. Support file reading and writing in termite 3. Support termite upgrading automatically 4. Redesign opcodes in termite protocol **Bug fix** 1. Fix termite double connection [hide][Hidden Content]]
  9. cf-check Check a Host is Owned by Cloudflare. Changelog v1.0.3 e9917ec Merge pull request #5 from six2dez/patch-1 6807cd3 Updated CF Ip list [hide][Hidden Content]]
  10. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Changelog v3.97 A lot of novel optimizations and some updates have been added, and A lot of bugs have been fixed. In particular, the loading and analysis speed has been increased 3+ times faster than the old one. Double-clicking an interface method in an interface class, all implementations of the interface method will be displayed The memory limit is broken through and some problems caused by it is fixed Resource parsing and decompilation of resource classes are added The associated function of the permission module is disabled by default and can be enabled through the menu > View > PermissionRef The loading and parsing algorithms of classes, methods in the file are greatly optimized. DX tool is integrated into GDA. Optimizing the color configuration manager. Optimizing the Deobfuscation(much faster than the old) and fixing several bugs Loading analysis timeout prompt is added. The conversion of 64-bit integer data among with hexadecimal, hexadecimal, octal, character is added, and fix the problem that negative numbers cannot be converted correctly. The traversal algorithms of AllStrings and AppStringsare optimized to greatly improve the parsing speed. Add native methods and interfaces traversal function(pro). Optimize the display of callgraph of classes and methods. Resource file sensitive information detection is added to SensitiveInfo(pro). Optimize the search speed of string cross-reference. [hide][Hidden Content]]
  11. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Changelog v3.96 Fix the memory call problem for Frida. Fix missing parentheses in multi-conditional expressions. #60 Fix the problem of inconsistent variable names caused by parent and child classes in different basic blocks. Add the saving of the js code for Frida when the device is not connected. The control flow analysis algorithm is further optimized. Implement the automatic propagation function of the overloaded method name renaming for the subclass of any class/interface. #65 [hide][Hidden Content]]
  12. Cerbrutus Modular brute force tool written in Python, for very fast password spraying SSH, and FTP and in the near future other network services. COMING SOON: SMB, HTTP(s) POST, HTTP(s) GET, HTTP BASIC AUTH Thanks to @0dayctf, Rondons, Enigma, and 001 for testing and contributing [hide][Hidden Content]]
  13. GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Changelog v3.95 Fixed syntax error when executing a method [hide][Hidden Content]]
  14. Platypus A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Changelog v1.3.1 1. Fix version error in v1.3.0 2. Make version checking configurable [hide][Hidden Content]]
  15. Platypus A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Changelog v1.2.9 1. Add `Alias` command which gives a session a human friendly name 2. Solve conflicts on the sessions from the same machine 3. Direct nohup output to /dev/null [hide][Hidden Content]]
  16. The fastest dork scanner written in Go. Changelog c2460b4 Prep v1.0.0 - Fix #1 - Update action workflows 5d7e44b Refactoring main - Using go modules - Using auto-switch transport proxy (mubeng pkg) - Threading on querying 0fba389 Merge pull request #4 from Rishang/master 5876033 Fixed gologger msg errors 9a454e9 📘 Update README 3ab7f2c 🐞 Update issue templates [hide][Hidden Content]]
  17. PE-Packer PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry. When running a packed PE file, the shell-entry will decrypt and load the original program as follows: Decrypting sections. Initializing the original import table. Relocation. Before packing, using some disassembly tools can disassemble the executable file to analyze the code, such as IDA Pro. [hide][Hidden Content]]
  18. An SSRF-Tool wrote in golang Features Wordlist Creation Inject in every parameter one by one Very fast speed Inject into paths Silent Mode Fetch endpoints from Javascript files Bruteforce parameters Find SSRF in those parameters Match multiple patterns in the response Fetch endpoints from Javascript files Bruteforce parameters Find SSRF in those parameters Match multiple patterns in the response Note Make sure when creating wordlists or finding ssrf with my tool that the domains are resolved. You can use: httpx httprobe massdns [hide][Hidden Content]]
  19. GoSpider – Fast web spider wrote in Go Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from response source Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault Format output easy to Grep Support Burp input Crawl multiple sites in parallel Random mobile/web User-Agent Changelog v1.1.3 c59ef01 Upgrade v1.1.3 7b01017 Merge pull request #27 from rayhan0x01/patch-1 20f8238 removing lower case conversion of paths and parameters 656e12f Fix typo in -q options 9d7a0df Update release [hide][Hidden Content]]
  20. What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application but are still accessible by an attacker. feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network address, etc… This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration. Comparison w/ Similar Tools There are quite a few similar tools for forced browsing/content discovery. Burp Suite Pro, Dirb, Dirbuster, etc… However, in my opinion, there are two that set the standard: gobuster and ffuf. Both are mature, feature-rich, and all-around incredible tools to use. So, why would you ever want to use feroxbuster over ffuf/gobuster? In most cases, you probably won’t. ffuf in particular can do the vast majority of things that feroxbuster can, while still offering boatloads more functionality. Here are a few of the use-cases in which feroxbuster may be a better fit: You want a simple tool usage experience You want to be able to run your content discovery as part of some crazy 12 command unix pipeline extravaganza You want to scan through a SOCKS proxy You want auto-filtering of Wildcard responses by default You want recursion along with some other thing mentioned above (ffuf also does recursion) You want a configuration file option for overriding built-in default values for your scans [hide][Hidden Content]]
  21. Stealer + Clipper + Keylogger Stealer written on C#, logs will be sent to Telegram bot. Disclaimer I, the creator, am not responsible for any actions, and or damages, caused by this software. You bear the full responsibility of your actions and acknowledge that this software was created for educational purposes only. This software's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use. By using this software, you automatically agree to the above. Functions AntiAnalysis (VirtualBox, SandBox, Emulator, Debugger, VirusTotal, Any.Run) Steal system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics) Chromium based browsers (passwords, credit cards, cookies, history, autofill, bookmarks) Firefox based browsers (db files, cookies, history, bookmarks) Internet explorer/Edge (passwords) Saved wifi networks & scan networks around device (SSID, BSSID) File grabber (Documents, Images, Source codes, Databases, USB) Detect banking & cryptocurrency services in browsers Install keylogger & clipper Steam, Uplay, Minecraft session Desktop & Webcam screenshot ProtonVPN, OpenVPN, NordVPN Cryptocurrency Wallets Telegram sessions Pidgin accounts Discord tokens Filezilla hosts Process list Directories structure Product key Autorun module [hide][Hidden Content]] Scan
  22. Features Inject multiple payloads into all parameters Inject single payloads into all parameters Saves responses into output folder Displays Status Code & Response Length Can grep for patterns in the response Really fast Easy to setup [hide][Hidden Content]]
  23. Features Connection is encrypted using random RSA + AES key Multiple clients support Execute shell commands Download/Upload files Take screenshot Cross platform [hide][Hidden Content]]
  24. Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java is a decompiler based on the Smali code. They have their own shortcomings, such as the Java decompiler depends on the convert of dex2jar. For complex, obfuscated or packed apks, there is a problem of translation failure. smali2java decompiles Smali code which should be translated from DEX with apktool, so it increases the difficulty and error rate, and decreases the speed of manual analysis. In addition, their interaction is poor, which increases the difficulty of manual analysis. Although the commercial Jeb has better interactivity, it is easy to death when analyzing a large-sized APP with the Multidex, and it is very expensive for me… Interactive operation: 1.cross-references for strings, classes, methods and fields; 2.searching for strings, classes methods and fields; 3.comments for java code; 4.rename for methods,fields and classes; 5.save the analysis results in gda db file. … Utilities for Assisted Analysis: 1.extracting DEX from ODEX; 2.extracting DEX from OAT; 3.XML Decoder; 4.algorithm tool; 5.device memory dump; … New features: 1.Brand new dalvik decompiler in c++ with friendly GUI; 2.Support python script 3.packers Recognition; 4.Multi-DEX supporting; 5.making and loading signature of the method 6.Malicious Behavior Scanning by API chains; 7.taint analysis to preview the behavior of variables; 8.taint analysis to trace the path of variables; 9.de-obfuscate; 10.API view with x-ref; 11.Association of permissions with modules; Changelog v3.79 Fixed some problems. Decompile support for .jar files, class .files and .aar files. A rule-based static vulnerability scanner is added. Add the APK file forensics analysis tool. Fixed a bug in variable renaming. Dump tool adds custom dump. Further, optimize intelligent renaming. [hide][Hidden Content]]
  25. cf-check Check a Host is Owned by Cloudflare. [hide][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.