Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      itsMe

      Xerror: fully automated pentesting tool

      Recommended Posts

      Staff

      Hidden Content

        Give reaction to this post to see the hidden content.

      Xerror is an automated penetration tool, which will helps security professionals and nonprofessionals to automate their pentesting tasks. Xerror will do all tests and, at the end generate two reports for executives and analysts.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites

      Join the conversation

      You can post now and register later. If you have an account, sign in now to post with your account.
      Note: Your post will require moderator approval before it will be visible.

      Guest
      Reply to this topic...

      ×   Pasted as rich text.   Paste as plain text instead

      ×   Your link has been automatically embedded.   Display as a link instead

      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.
          Requirements
          Tested with Parrot & Debian Operating Systems and Windows 10

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What IS Moriarty?
              Advanced Information Gathering And Osint Tool
              Moriarty is a tool that tries to find good information about the phone number that you provieded;
          ->Tries To Find Owner Of The Number
          ->Tries To Find Risk Level Of The Number
          ->Tries To Find Location,Time Zone Of The Number,Carrier
          ->Tries To Find Social Media Platforms That The Number Is Registered
          ->Tries To Find Links About Phone Number
          ->Tries To Find Comments About Phone Number
          ->Sends Sms To Phone Number With Amazon Aws

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. OneForAll is a powerful subdomain collection toolsubdomain collection
          The importance of information collection in penetration testing is self-evident. Subdomain collection is an essential and very important part of information collection. At present, there are many open-source tools for subdomain collection on the Internet, but there are always some of the following problems:
              Not powerful enough,there are not enough interfaces to collect subdomains automatically, and there are no functions such as automatic subdomain resolve, verification, FUZZ, and information expansion.
              Not friendly enough,although the command line module is more convenient, but when there are a lot of optional parameters and the operation to be implemented is complex, using command line mode is a bit unfriendly. If there is a good interaction, With a highly operable front end, the experience will be much better.
              Lack of maintenance,Many tools have not been updated once in years, what issues and PR are, do not exist.
              Efficiency issues,do not take advantage of multi-process, multi-threading and asynchronous cooperation technology, the speed is slow.
          Features
              Powerful collection capability,For more information, please see collection module description.
                  Collect subdomains using certificate transparency (there are currently 6 modules: censys_api,certspotter,crtsh,entrust,google,spyse_api)
                  General check collection subdomains (there are currently 4 modules: domain transfer vulnerability exploitationaxfr, cross-domain policy file cdx, HTTPS certificate cert, content security policy csp, robots file robots, and sitemap file sitemap. Check NSEC record, NSEC3 record and other modules will be added later).
                  Collect subdomains using web crawler files (there are currently 2 modules: archirawl, commoncrawl, which is still being debugged and needs to be added and improved).
                  Collect subdomains using DNS datasets (there are currently 23 modules: binaryedge_api, bufferover, cebaidu, chinaz, chinaz_api, circl_api, dnsdb_api, dnsdumpster, hackertarget, ip138, ipv4info_api, netcraft, passivedns_api, ptrarchive, qianxun, rapiddns, riddler, robtex, securitytrails_api, sitedossier, threatcrowd, wzpc, ximcx)
                  Collect subdomains using DNS queries (There are currently 5 modules: collecting subdomains srv by enumerating common SRV records and making queries, and collecting subdomains by querying MX,NS,SOA,TXT records in DNS records of domain names).
                  Collect subdomains using threat intelligence platform data (there are currently 6 modules: alienvault, riskiq_ api, threatbook_ api, threatkeeper , virustotal, virustotal_ api, which need to be added and improved).
                  Use search engines to discover subdomains (there are currently 18 modules: ask, baidu, bing, bing_api, duckduckgo, exalead, fofa_api, gitee, github, github_api, google, google_api, shodan_api, so, sogou, yahoo, yandex, zoomeye_api), except for special search engines in the search module. General search engines support automatic exclusion of search, full search, recursive search.
              Support subdomain blasting,This module has both conventional dictionary blasting and custom fuzz mode. It supports batch blasting and recursive blasting, and automatically judges pan-parsing and processing.
              Support subdmain verification,default to enable subdomain verification, automatically resolve subdomain DNS, automatically request subdomain to obtain title and banner, and comprehensively determine subdomain survival.
              Support subdomain takeover,By default, subdomain takeover risk checking is enabled. Automatic subdomain takeover is supported (only Github, remains to be improved at present), and batch inspection is supported.
              Powerful processing feature,The found subdomain results support automatic removal, automatic DNS parsing, HTTP request detection, automatic filtering of valid subdomains, and expansion of Banner information for subdomains. The final supported export formats are rst, csv, tsv, json, yaml, html, xls, xlsx, dbf, latex, ods.
              Very fast,collection module uses multithreaded calls, blasting module uses massdns, the speed can at least reach 10000pps under the default configuration, and DNS parsing and HTTP requests use asynchronous multiprogramming in subdomain verification. Multithreaded check subdomain takeover risk.
              Good experience,Each module has a progress bar, and the results of each module are saved asynchronously.

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease.
          Features
          FinalRecon provides detailed information such as :
              Header Information
              Whois
              SSL Certificate Information
              Crawler
              DNS Enumeration
                  A, AAAA, ANY, CNAME, MX, NS, SOA, TXT Records
                  DMARC Records
              Subdomain Enumeration
                  Data Sources
                      BuffOver
                      crt.sh
                      ThreatCrowd
                      AnubisDB
                      ThreatMiner
              Traceroute
                  Protocols
                      UDP
                      TCP
                      ICMP
              Directory Searching
              Port Scan
                  Fast
                  Top 1000 Ports
                  Open Ports with Standard Services
              Export
                  Formats
                      txt
                      xml
                      csv
          Changelog v1.1.1
              paths fixed, subdomain enum optimized, new apis

          Hidden Content
          Give reaction to this post to see the hidden content.