Sign in to follow this
Followers
0

Exploits Tor Browser 7.0.8 Information Disclosure
By
1337day-Exploits, in Updated Exploits
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Stargather
Stargather is fast GitHub repository stargazers information gathering tool that can scrapes:
Organization,
Location,
Email,
Twitter,
Followers,
Following,
Stars, and
Repositories count.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. HawkScan
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
This script uses “WafW00f” to detect the WAF in the first step.
This script uses “Sublist3r” to scan subdomains.
This script uses “waybacktool” to check in the waybackmachine.
Features
URL fuzzing and dir/file detection
Test backup/old file on all the files found (index.php.bak, index.php~ …)
Check header information
Check DNS information
Check whois information
User-agent random or personal
Extract files
Keep a trace of the scan
Check @mail in the website and check if @mails leaked
CMS detection + version and vulns
Subdomain Checker
Backup system (if the script stopped, it take again in the same place)
WAF detection
Add personal prefix
Auto-update script
Auto or personal output of scan (scan.txt)
Check Github
Recursive dir/file
Scan with an authentication cookie
Option –profil to pass profil page during the scan
HTML report
Work it with py2 and py3
Add option rate-limit if the app is unstable (–timesleep)
Check-in waybackmachine
Response error to WAF
Check if DataBase firebaseio exist and accessible
Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
Search S3 buckets in source code page
Testing bypass of waf if detected
Testing if it’s possible scanning with “localhost” host
Changelog v1.7
Added: Function “check_backup_domain” added, test before start “domain.zip/rar etc..”
Added: New option (-ffs) to force the first step of scan during the first running (waf, vhosts, wayback etc…)
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. The all-in-one Red Team browser extension for Web Pentesters
HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more.
With the extension you no longer need to search for payloads in different websites or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in pop up mode or in a whole tab in the Devtools part of the browser with F12.
Current functions:
Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell Spawning (TTY Shell Spawning)
XSS Payloads
Basic SQLi payloads
Local file inclusion payloads (LFI)
Base64 Encoder / Decoder
Hash Generator (MD5, SHA1, SHA256, SHA512)
Useful Linux commands (Port Forwarding, SUID)
Changelog v0.3.3
Adding persistence on the app (When you close the app it will now open at the same place)
URL Decoder
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. This program is a browser extension that can perform targeted keylogging on certain sites, as well as general keylogging.
By default, inside the "manifest.json" file, the "matches" key (inside of "content_scripts") is set to "<all_urls>" ... this, however, can be changed to any URL.
For example, putting in "*://roblox.com/login" instead of "<all_urls>" will only target that site.
Furthermore, the script execution can be changed to a background process for general keylogging, which will allow the script to collect keys even when not on a specific URL.
This is not necessary, and is probably more likely to increase "spam" text, but it will not delete unsent text when going to a new URL.
Overall, the more you decrease the send time (down to 1), the more text the program will grab per site. It will be messy and not well formatted, however.
Bot names are random numbers between 0 and 1, and keep track of users on a site (standard) or stay constant for an entire user session (background process).
The visible function of the extension will reside in "popup.html" and this file can be changed to create better trojans.
Only use this for testing purposes.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Pillager is designed to provide a simple means of leveraging Go’s strong concurrency model to recursively search directories for sensitive information in files. It does this by standing on the shoulders of a few giants. Once pillager finds files that match the specified pattern, the file is scanned using a series of concurrent workers that each take a line of the file from the job queue and hunt for sensitive pattern matches. The available pattern filters can be found on the hunt command’s help page.
Hidden Content
Give reaction to this post to see the hidden content.
-