Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      itsMe

      HawkScan v1.8.3 - Security Tool for Reconnaissance and Information Gathering on a website

      Recommended Posts

      Staff

      Hidden Content

        Give reaction to this post to see the hidden content.

      Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)

      This script uses “WafW00f” to detect the WAF in the first step.

      This script uses “Sublist3r” to scan subdomains.

      This script uses “waybacktool” to check in the waybackmachine.

      Features

           URL fuzzing and dir/file detection
           Test backup/old file on all the files found (index.php.bak, index.php~ …)
           Check header information
           Check DNS information
           Check whois information
           User-agent random or personal
           Extract files
           Keep a trace of the scan
           Check @mail in the website and check if @mails leaked
           CMS detection + version and vulns
           Subdomain Checker
          Backup system (if the script stopped, it take again in the same place)
           WAF detection
           Add personal prefix
          Auto-update script
           Auto or personal output of scan (scan.txt)
           Check Github
          Recursive dir/file
          Scan with an authentication cookie
           Option –profil to pass profil page during the scan
           HTML report
           Work it with py2 and py3
          Add option rate-limit if the app is unstable (–timesleep)
          Check-in waybackmachine
           Response error to WAF
          Check if DataBase firebaseio exist and accessible
          Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
           Search S3 buckets in source code page
           Testing bypass of waf if detected
           Testing if it’s possible scanning with “localhost” host

      Changelog v1.8.3

          Fixed: Bug in socketio module
          Fixed: Add size bytes during th error scan
          Added: Words in wordlist

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. How to use: (below is the .gif of 2.39mb which will take time to load depending on your Internet speed, so bear with me 🙂)
          Detail:
          This tool can bypass and repair file verification checks of all the versions of ZProtect HWID protected executables. It was originally posted in 52pojie forum in Chinese lang, also it didn't work on Windows 10. But I unpacked it (vmprotect), fixed the issue (WIN10) and translated it into English.
          All credit goes to Kido (developer of this tool)

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe
          CrackerJack is a Web GUI for Hashcat developed in Python.

          Hidden Content
          Give reaction to this post to see the hidden content. Architecture
          This project aims to keep the GUI and Hashcat independent. In a nutshell, here’s how it works:
              User uploads hashes select wordlist/rules/mask etc, and clicks “start”.
              Web server spawns a new screen.
                  Generates the hashcat command based on the settings.
                  Runs the command on the screen.
                  Monitors the screen’s output, parses it and displays it in the GUI.
          This allows CrackerJack to be future-proof as it ties to the input/output of Hashcat. Also, if the GUI is not working for whatever reason, hashcat will keep running.
          Features
              Minimal dependencies
                  Uses sqlite3, screen, and hashcat.
              Complete hashcat session management.
                  Start/stop/pause/restore running sessions.
                  Terminate cracking jobs after a specific date/time.
              Web interface for mask generation (?a?l?u).
              Web Push notifications when a password is cracked.
              Swagger 2.0 API.
              Create wordlists from already cracked passwords and feedback into the cracking session.
              Session history to track which attacks you have already performed.
              Multi-user support (local and/or LDAP).
              Wordlist/Mask/Rule support.
              Multiple theme support (Bootswatch).
              Straight-forward setup.
                  The entire configuration is via the GUI. No need for manually editing config files.
                  Run locally on Linux and Windows (WSL).
                  Install on a server using ansible scripts (Ubuntu 14/16/18 and CentOS 7/8).
                  Easy backups – all user data are in the ./data directory.
              Troubleshoot sessions via SSH.

          Hidden Content
          Give reaction to this post to see the hidden content. Limitations
              Not a solution for queueing jobs – it’s only for on-demand password cracking.
              Not meant to be a replacement for command-line usage. It’s complimentary and only supports basic and most common cracking tasks.
              Will not install any GPU drivers. The main assumption is that you have a cracking rig already set up and are looking for a Web GUI.
              Wordlists and rules should already be present in the system.
          Changelog v1.1.2
              [New] Added “Test Connection” feature to LDAP settings.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Disclaimer
          Any actions and or activities related to Zphisher is solely your responsibility. The misuse of this toolkit can result in criminal charges brought against the persons in question. The contributors will not be held responsible in the event any criminal charges be brought against any individuals misusing this toolkit to break the law.
          This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way.
          This Tool is made for educational purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then Get the hell out of here!
          It only demonstrates "how phishing works". You shall not misuse the information to gain unauthorized access to someones social media. However you may try out this at your own risk.

          Features
              Latest and updated login pages.
              Mask URL support
              Beginners friendly
              Docker support (checkout docker-legacy branch)
              Multiple tunneling options
                  Localhost
                  Ngrok (With or without hotspot)
                  Cloudflared (Alternative of Ngrok)

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Goblin for Phishing Exercise Tools
          Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy, it is possible to obtain information about a user without affecting the user’s operation perceptibly or to induce the user’s operation. The purpose of hiding the server-side can also be achieved by using a proxy. Built-in plug-in, through a simple configuration, quickly adjusts the content of the web page to achieve a better exercise effect.
          Features
              Support for caching static files to speed up access.
              Supports dumping all requests, dumping requests that match the rules.
              Support quick configuration through plug-ins to adjust inappropriate jumps or content.
              Support for implanting specific javascript code.
              Support for modifying the content of responses or goblin requests.
              Support hiding real IP by proxy.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service.
          Adding New Hash Algorithms
          The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes.
          Installing HashDB
          Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA. (pip install requests)
          Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes!

          Hidden Content
          Give reaction to this post to see the hidden content.