-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. RapidScan – The Multi-Tool Web Vulnerability Scanner
It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.
Features
one-step installation.
executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismeroetc executes under one entity.
saves a lot of time, indeed a lot of time!.
checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.
vulnerability definitions guide you what the vulnerability actually is and the threat it can pose. (under development)
remediations tell you how to plug/fix the found vulnerability. (under development)
executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)
artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)
Vulnerability Checks
✔️ DNS/HTTP Load Balancers & Web Application Firewalls.
✔️ Checks for Joomla, WordPress, and Drupal
✔️ SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
✔️ Commonly Opened Ports.
✔️ DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
✔️ Sub-Domains Brute Forcing.
✔️ Open Directory/File Brute Forcing.
✔️ Shallow XSS, SQLi, and BSQLi Banners.
✔️ Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).
& more coming up…
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. SocialPwned
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin, and Twitter to find the possible credential leaks in PwnDB.
The purpose of this tool is to facilitate the search for vulnerable targets during the phase of Footprinting in Ethical Hacking. It is common for employees of a company to publish their emails in social networks, either professional or personal, so if these emails have their credentials leaked, it is possible that the passwords found have been reused in the environment to be audited. If it’s not the case, at least you would have an idea of the patterns that follow this target to create the passwords and be able to perform other attacks with a higher level of effectiveness.
SocialPwned uses different modules:
Instagram: Making use of the unofficial Instagram API from @LevPasha, different methods were developed to obtain the emails published by users. An Instagram account is required.
Linkedin: Using @tomquirk’s unofficial Linkedin API, different methods were developed to obtain a company’s employees and their contact information (email, twitter or phone). In addition, it is possible to add the employees found to your contacts, so that you can later have access to their network of contacts and information. A Linkedin account is required.
Twint: Using Twint from @twintproject you can track all the Tweets published by a user looking for some email. A Twitter account is not necessary.
PwnDB: Inspired by the tool PwnDB created by @davidtavarez a module has been developed that searches for all credential leaks from the emails found. In addition, for each email, a POST request is made to HaveIBeenPwned to find out the source of the leak.
Changelog v2.0
Docker Implementation
GHunt Module
Dehashed Module
Output Enhancement
Web Scraping Fix in HaveIBeenPwned
Fixed several bugs
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Crimson
Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks.
It uses many open source tools, most of them are available for download from github.
It consists of three partially interdependent modules:
crimson_recon – automates the process of domain reconnaissance.
crimson_target – automates the process of urls reconnaissance.
crimson_exploit – automates the process of bug founding.
🔻crimson_recon
This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools.
🔻crimson_target
This module covers one particular domain chosen by you for testing.
It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools.
🔻crimson_exploit
This module uses a number of tools to automate the search for certain bugs in a list of urls.
Changelog v2.0
From now on, Crimson acts as a docker container and the install.sh script is no longer supported
(Although, it should still works on Linux Mint)
Much of the code has been rewritten and improved.
Added project_valuation.sh, crimson_mass_nmap.py script to scripts directory
Added Ciphey tool
words directory has been improved
Added new options to all three modules to make them more “elastic”.
Added rustscan in place of masscan
crimson_recon:
Added optional flags to this module, which are shown below:
-x # Domain bruteforcing (with words/dns wordlist)
-v # Virtual host discovering
-p # TCP ports scanning (1-65535)
-u # UDP ports scanning (nmap default ports)
-b # Third level subdomain bruteforcing
-y # Proxy urls.txt and live.txt to Burp (127.0.0.1:8080)
crimson_target
Added optional flags to this module, which are shown below:
-p # TCP (1-65535) / UDP (nmap default) ports scanning
-a # Automatic deletion of possible false-positive endpoints after brute forcing with ffuf (this option needs more tests)
-y # Proxy urls.txt and ffuf.txt to Burp (127.0.0.1:8080)
A lot of modifications in the script
New workflow – check the documentation guidelines.
crimson_exploit
The script was rewritten
New tools being added, check scripts directory!
Faster CVE scanning
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Learn Computer Basics as a Complete Beginners to Start Using a Computer Correctly.
What you'll learn
Computer Basics of Both Desktop & Laptop Computers!
The Brief History of Computers!
Find Out What the Buttons Do on a Computer and How to Use Them!
Get Set Up on a Computer!
How to Access/Use the Internet!
Protecting Your Computer (Offline and Online)!
Where to Search Your Questions Online!
How to Use Email Online!
Learn about Social Media and How to Use It!
Requirements
There are no specific requirements needed to take this course.
Description
Confused and frustrated over trying to figure out computers?
The GOOD NEWS is YOU don't have to be!
In this course, I (Brennan, your instructor) will take you step by step through all of the most important information you need to know as a beginner.
That includes desktop and laptop computers! If you're not sure what the difference is between the two, no worries!
This course is designed for complete beginners that are looking to learn how to use a computer correctly. No confusing advanced lessons here - instead step by step instructional videos that guide you each step of the way.
Now the only thing left to do in order to improve your computer skills is to enroll in this course today!
Computers are here to stay, and being able to stay connected to friends and family is just one of the many fantastic abilities that computers give us.
If you're interested in learning the basics, along with the ability to stay connected to friends and family online through computers, enroll in this course today!
============================
INSTRUCTOR BACKGROUND
I've been an entrepreneur for 10+ years, and have taught over 50,000 students how to improve their own skills. I've become an eBay Powerseller and Amazon Best Selling Author and actively consult with multiple 6, 7, and 8 figure businesses. From what I've learned from these experiences, I'd love to share the knowledge with you.
My goal is to help as many people as possible by teaching each student everything I know about each topic. I teach to ensure each student leaves each of my courses feeling like they've learned something new.
============================
GET ONE-ON-ONE HELP
You can get my help and advice at any time - simply message me through Udemy! Regardless if you're just starting your course or have been done for months, I'm happy to help you.
============================
AMAZING VALUE: LEARN FROM 10+ YEARS OF EXPERIENCE ALL IN JUST A COUPLE HOURS!
The information that you'll learn in this course can be either learned from many years of experience, or you can learn valuable skills all best summarized within a couple of hours of time. Is it really worth taking hundreds or even thousands of hours of your time to learn this information by yourself? The choice is yours to make.
============================
PROVEN STRATEGIES TO GROW YOUR BUSINESS
All strategies that I share are either from my personal experience or are well-proven strategies based on industry experts.
============================
WHY TAKE THIS COURSE?
Simply put, save time, save money, and learn valuable skills that you can implement into your life (for the rest of your life). Learn from others that have done it before you, and learn what has proven to work best for them. Don't do it all by yourself!
============================
CERTIFICATE OF COMPLETION WHEN YOU FINISH THE COURSE
When you complete 100% of the videos in this course, you'll be emailed a certificate of completion by Udemy!
============================
MONEY BACK GUARANTEE
The course comes with a Udemy-backed, 30-day money-back guarantee so you can try this course absolutely risk-free. This is not just a guarantee, it's my personal promise to you that you will improve your skills after completing this course.
Invest in your future. Enroll now.
Who this course is for:
Anyone who is looking to learn the very beginner basics of how to use a computer & the internet. (Beginner level).
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Extracts all passwords in the browsers: Google Chrome, Brave, Opera & Microsoft Edge also steals some system info.
Hidden Content
Give reaction to this post to see the hidden content.
-
