Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-09-06 18:12:01 |
HiddenWall – Create Hidden Kernel Modules (lien direct) |
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers. It supports custom rules with netfilter (block ports, hidden mode, rootkit functions etc).
The motivation is basically another layer of protection, much like a hidden firewall – setting securelevel to 2 on BSD would have a similar effect.
In a typical attack, the bad actor can alter your IPTables or UFW rules – with HiddenWall you still have another layer that can block external access because it hooks directly into netfilter from kernel land.
Read the rest of HiddenWall – Create Hidden Kernel Modules now! Only available at Darknet.
|
|
|
|
|
2019-08-30 18:50:00 |
Anteater – CI/CD Security Gate Check Framework (lien direct) |
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of nominated strings, filenames, binaries, deprecated functions, staging environment code/credentials etc.
It's main function is to block content based on regular expressions.
Anything that can be specified with regular expression syntax, can be sniffed out by Anteater. You tell Anteater exactly what you don't want to get merged, and anteater looks after the rest.
How Anteater CI/CD Security Gate Check Framework Works
If Anteater finds something, it exits with a non-zero code which in turn fails the build of your CI tool, with the idea that it would prevent a pull request merging.
Read the rest of Anteater – CI/CD Security Gate Check Framework now! Only available at Darknet.
|
|
|
|
|
2019-08-28 06:11:05 |
Stardox – Github Stargazers Information Gathering Tool (lien direct) |
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else's repository stargazers details.
GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it's natural to wonder what's driving interest.
Read the rest of Stardox – Github Stargazers Information Gathering Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2019-08-23 15:08:02 |
ZigDiggity – ZigBee Hacking Toolkit (lien direct) |
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
ZigBee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.
Read the rest of ZigDiggity – ZigBee Hacking Toolkit now! Only available at Darknet.
|
|
|
|
|
2019-07-26 23:47:02 |
RandIP – Network Mapper To Find Servers (lien direct) |
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
RandIP – Network Mapper Features
HTTP and HTTPS enumeration
Python enumeration exploits
SSH enumeration exploits
Logger and error-code handler
SSH and Telnet Timeouts to prevent blocking
SSH Enumerations work in tandem
You can download RandIP here:
randip-master.zip
Or read more here.
Read the rest of RandIP – Network Mapper To Find Servers now! Only available at Darknet.
|
|
|
|
|
2019-07-18 13:21:03 |
Nipe – Make Tor Default Gateway For Network (lien direct) |
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.
Tor enables users to surf the internet, chat and send instant messages anonymously, and is used by a wide variety of people for both licit and illicit purposes.
Read the rest of Nipe – Make Tor Default Gateway For Network now! Only available at Darknet.
|
|
|
|
|
2019-07-11 15:10:02 |
Mosca – Manual Static Analysis Tool To Find Bugs (lien direct) |
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
There are various 'egg' modules which contain patterns to scan for, it can scan through files recursively limited by file extension and logs results to an XML text file.
It's also fairly easy to extend and add your own modules/eggs/languages.
Manual Static Analysis Tool Language Support
Languages it can scan for vulnerabilities are:
ASP
C
C#
Java
JavaScript
PHP
Ruby
Swift
You can download Mosca here:
Mosca-master.zip
Or read more here.
Read the rest of Mosca – Manual Static Analysis Tool To Find Bugs now! Only available at Darknet.
|
Tool
|
|
|
|
2019-07-01 06:35:00 |
Slurp – Amazon AWS S3 Bucket Enumerator (lien direct) |
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.
Blackbox (external)
In this mode, you are using the permutations list to conduct scans.
Read the rest of Slurp – Amazon AWS S3 Bucket Enumerator now! Only available at Darknet.
|
Tool
|
|
|
|
2019-06-27 15:47:03 |
US Government Cyber Security Still Inadequate (lien direct) |
Surprise, surprise, surprise – an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
US Government security has often been called into question but we'd hope in 2019 it would have gotten better and at least everyone would have adopted the anti-virus solution introduced in 2013..
A committee report (PDF) examining a decade of internal audits this week concluded that outdated systems, unpatched software, and weak data protection are so widespread that it's clear American bureaucrats fail to meet even basic security requirements.
Read the rest of US Government Cyber Security Still Inadequate now! Only available at Darknet.
|
|
|
|
|
2019-06-24 14:52:05 |
BloodHound – Hacking Active Directory Trust Relationships (lien direct) |
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.
Read the rest of BloodHound – Hacking Active Directory Trust Relationships now! Only available at Darknet.
|
|
|
|
|
2019-04-30 08:06:03 |
SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells (lien direct) |
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.
Contents of SecLists
Each section has tonnes of content including the below:
Discovery lists (DNS, SNMP, Web content)
Fuzzing Payloads (Databases, LFI, SQLi, XSS)
Password lists (Common credentials, cracked hashes, honeypot captures, leaked lists)
Data Pattern lists
Payload files (Zip bombs, flash, images)
Username lists (Honeypot captures)
Web shells
Install SecLists
Zip
wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip
Git (Small)
git clone --depth 1 https://github.com/danielmiessler/SecLists.git
Git (Complete)
git clone git@github.com:danielmiessler/SecLists.git
You can access all the lists here:
https://github.com/danielmiessler/SecLists
Read the rest of SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells now! Only available at Darknet.
|
|
|
|
|
2019-03-05 10:34:01 |
DeepSound – Audio Steganography Tool (lien direct) |
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract secret files directly from audio files or audio CD tracks.
This audio steganography tool can be used as copyright marking software for wave, flac, wma, ape, and audio CD.
DeepSound also support encrypting secret files using AES-256(Advanced Encryption Standard) to improve data protection. The application additionally contains an easy to use Audio Converter Module that can encode several audio formats (FLAC, MP3, WMA, WAV, APE) to others (FLAC, MP3, WAV, APE).
Read the rest of DeepSound – Audio Steganography Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2019-02-27 06:43:02 |
What are the MOST Critical Web Vulnerabilities in 2019? (lien direct) |
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
Well luckily for you Acunetix compiles an annual web application vulnerability report which is a fairly hefty piece of analysis on data gathered from the previous year. This is compiled from the automated web and network perimeter scans run on the Acunetix Online platform, over a 12 month period, across more than 10,000 scan targets.
Read the rest of What are the MOST Critical Web Vulnerabilities in 2019? now! Only available at Darknet.
|
Vulnerability
|
|
|
|
2019-02-25 03:50:05 |
GoBuster – Directory/File & DNS Busting Tool in Go (lien direct) |
GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.
The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..
… something that didn't have a fat Java GUI (console FTW).
… to build something that just worked on the command line.
… something that did not do recursive brute force.
Read the rest of GoBuster – Directory/File & DNS Busting Tool in Go now! Only available at Darknet.
|
Tool
|
|
|
|
2019-02-04 05:52:02 |
BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy (lien direct) |
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads (software updates for example) from vendors that don't validate data integrity.
The Backdoor Factory allows you to patch binaries with shell-code so combining that with mitmproxy, which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types – gives you BDFProxy.
Read the rest of BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy now! Only available at Darknet.
|
Patching
|
|
|
|
2019-01-20 07:26:00 |
Domained – Multi Tool Subdomain Enumeration (lien direct) |
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.
This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.
Domains Subdomain Enumeration Tools Leveraged
Subdomain Enumeraton Tools:
Sublist3r
enumall
Knock
Subbrute
massdns
Recon-ng
Amass
SubFinder
Reporting + Wordlists:
EyeWitness
SecList (DNS Recon List)
LevelUp All.txt Subdomain List
Domained Subdomain Enumeration Tool Usage
--install/--upgrade Both do the same function – install all prerequisite tools
--vpn Check if you are on VPN (update with your provider)
--quick Use ONLY Amass and SubFinder
--bruteall Bruteforce with JHaddix All.txt List instead of SecList
--fresh Delete old data from output folder
--notify Send Pushover or Gmail Notifications
--active EyeWitness Active Scan
--noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS
Subdomain Enumeration Examples
First Steps are to install required Python modules and tools:
sudo pip install -r ./ext/requirements.txt
sudo python domained.py --install
Example 1 – Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)
python domained.py -d example.com
Example 2: – Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN
python domained.py -d example.com -b -p --vpn
Example 3: – Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)
python domained.py -d example.com -b --bruteall
Example 4: – Uses subdomain example.com and only Amass and SubFinder
python domained.py -d example.com --quick
Example 5: – Uses subdomain example.com, only Amass and SubFinder and notification
python domained.py -d example.com --quick --notify
Example 6: – Uses subdomain example.com with no EyeWitness
python domained.py -d example.com --noeyewitness
Note: --bruteall must be used with the -b flag
You can download Domained here:
domained-master.zip
Or read more here.
Read the rest of Domained – Multi Tool Subdomain Enumeration now! Only available at Darknet.
|
Tool
|
|
|
|
2018-12-19 16:00:03 |
Acunetix Vulnerability Scanner For Linux Now Available (lien direct) |
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Following extensive customer research, it became clear to us that a number of customers and security community professionals preferred to run on Linux. Tech professionals have long chosen Linux for their servers and computers due to its robust security. However, in recent years, this open source operating system has become much more user-friendly.
Read the rest of Acunetix Vulnerability Scanner For Linux Now Available now! Only available at Darknet.
|
Vulnerability
|
|
|
|
2018-12-16 20:17:00 |
Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI (lien direct) |
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
To get it up and running make sure you do:
apt-get install qt4-dev-tools
Running Gerix Wireless 802.11 Hacking Tool
$ python gerix.py
You can download Gerix here:
gerix-wifi-cracker-master.zip
Or read more here.
Read the rest of Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI now! Only available at Darknet.
|
Tool
|
|
|
|
2018-11-28 19:02:02 |
Malcom – Malware Communication Analyzer (lien direct) |
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources.
This comes handy when analyzing how certain malware species try to communicate with the outside world.
Malcom Malware Communication Analyzer Features
Malcom can help you:
Detect central command and control (C&C) servers
Understand peer-to-peer networks
Observe DNS fast-flux infrastructures
Quickly determine if a network artifact is 'known-bad'
The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network.
Read the rest of Malcom – Malware Communication Analyzer now! Only available at Darknet.
|
Malware
|
|
|
|
2018-11-23 13:47:00 |
WepAttack – WLAN 802.11 WEP Key Hacking Tool (lien direct) |
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.
What is a WEP Key?
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Read the rest of WepAttack – WLAN 802.11 WEP Key Hacking Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2018-11-14 12:09:01 |
Eraser – Windows Secure Erase Hard Drive Wiper (lien direct) |
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Eraser is a Windows focused hard drive wiper and is currently supported under Windows XP (with Service Pack 3), Windows Server 2003 (with Service Pack 2), Windows Vista, Windows Server 2008, Windows 7,8 ,10 and Windows Server 2012.
Read the rest of Eraser – Windows Secure Erase Hard Drive Wiper now! Only available at Darknet.
|
|
|
|
|
2018-11-01 17:31:05 |
Web Security Stats Show XSS & Outdated Software Are Major Problems (lien direct) |
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users' web applications and web services during the last 3 years.
Data-based stats like these, which are not based on surveys, can be pretty useful – at least to get a broad overview of what is going on. These statistics also serve a solid purpose – they help all developers, security professionals and anyone who works with web applications better understand what might be going wrong.
Read the rest of Web Security Stats Show XSS & Outdated Software Are Major Problems now! Only available at Darknet.
|
|
|
|
|
2018-10-29 15:38:02 |
CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains (lien direct) |
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
You missed AXFR technique didn't you? (Open DNS zone transfers), so how does it work? CTFR does not use dictionary attack or brute-force attacks, it just helps you to abuse Certificate Transparency Logs.
What is Certificate Transparency?
Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections.
Read the rest of CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains now! Only available at Darknet.
|
Tool
|
|
|
|
2018-10-20 09:13:02 |
testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws (lien direct) |
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
testssl.sh is pretty much portable/compatible. It is working on every Linux, Mac OS X, FreeBSD distribution, on MSYS2/Cygwin (slow). It is supposed also to work on any other unixoid systems. A newer OpenSSL version (1.0) is recommended though.
Read the rest of testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws now! Only available at Darknet.
|
Tool
|
|
|
|
2018-10-17 15:05:05 |
Four Year Old libssh Bug Leaves Servers Wide Open (lien direct) |
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
The bug is in the not so widely used libSSH library, not to be confused with libssh2 or OpenSSH – which are very widely used.
There's a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server.
Read the rest of Four Year Old libssh Bug Leaves Servers Wide Open now! Only available at Darknet.
|
|
|
|
|
2018-10-15 14:17:02 |
CHIPSEC – Platform Security Assessment Framework For Firmware Hacking (lien direct) |
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell.
You can use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants.
Read the rest of CHIPSEC – Platform Security Assessment Framework For Firmware Hacking now! Only available at Darknet.
|
|
|
|
|
2018-10-11 15:30:05 |
How To Recover When Your Website Got Hacked (lien direct) |
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
Acunetix has come out with a very useful post with a checklist of actions to take and items to prepare to help you triage and react in the event of a compromise on one of your servers or websites.
Read the rest of How To Recover When Your Website Got Hacked now! Only available at Darknet.
|
|
|
|
|
2018-10-08 15:17:04 |
HTTrack – Website Downloader Copier & Site Ripper Download (lien direct) |
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
HTTrack Website Downloader & Site Ripper
HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting all the HTML, images, and other files from the server to your computer.
HTTrack arranges the original site's relative link-structure, which allows you to simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link as if you were viewing it online.
Read the rest of HTTrack – Website Downloader Copier & Site Ripper Download now! Only available at Darknet.
|
|
|
|
|
2018-10-04 10:12:03 |
sshLooter – Script To Steal SSH Passwords (lien direct) |
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in rather than via strace which is not so reliable.
It also comes with an installation script install.sh to install all dependencies on a target host machine.
ssHLooter was inspired to steal SSH passwords via another script using Python to implement a PAM module to log failed attempts, the author just had to change the location where passwords were logged.
Read the rest of sshLooter – Script To Steal SSH Passwords now! Only available at Darknet.
|
|
|
|
|
2018-08-30 06:09:05 |
Intercepter-NG – Android App For Hacking (lien direct) |
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
Specifically referring to Intercepter-NG Console Edition which works on a range of systems including NT, Linux, BSD, MacOSX, IOS and Android.
The Windows version is the one with the most powerful feature-set, but the Android app is fairly handy too.
Read the rest of Intercepter-NG – Android App For Hacking now! Only available at Darknet.
|
|
|
|
|
2018-08-20 07:49:04 |
dcipher – Online Hash Cracking Using Rainbow & Lookup Tables (lien direct) |
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
The capacity to programmatically crack passwords is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible.
In this case dcipher uses online hash checking services, which have extremely large Rainbow Table sets of pre-computed hashes, to rapidly find hash collisions.
Read the rest of dcipher – Online Hash Cracking Using Rainbow & Lookup Tables now! Only available at Darknet.
|
Tool
|
|
|
|
2018-08-11 16:01:03 |
HTTP Security Considerations – An Introduction To HTTP Basics (lien direct) |
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
HTTP is the protocol that powers the web and to penetrate via a web service it pays to have a good solid foundational understanding of HTTP, how it works and the common response codes – many of which can lead to some kind of vulnerability which is exploitable.
Read the rest of HTTP Security Considerations – An Introduction To HTTP Basics now! Only available at Darknet.
|
Guideline
Vulnerability
|
|
|
|
2018-08-06 09:30:05 |
Cangibrina – Admin Dashboard Finder Tool (lien direct) |
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists, Google, Nmap and robots.txt.
It is multi-threaded, supports modifying your user agent, using a TOR proxy, custom dorks, Nmap integration and can use both DuckDuckGo and Google.
Cangibrina Admin Dashboard Finder Requirements
Python 2.7
mechanize
PySocks
beautifulsoup4
html5lib
Nmap
TOR
Cangibrina Usage to Find Admin Dashboards
usage: cangibrina.py [-h] -u U [-w W] [-t T] [-v] [--ext EXT] [--user-agent]
[--tor] [--search] [--dork DORK] [--nmap [NMAP]]
Fast and powerful admin finder
optional arguments:
-h, --help show this help message and exit
-u U target site
-w W set wordlist (default: wl_medium)
-t T set threads number (default: 5)
-v enable verbose
--ext EXT filter path by target extension
--user-agent modify user-agent
--sub-domain search for sub domains instead of directories
--tor set TOR proxy
--search use google and duckduckgo to search
--dork DORK set custom dork
--nmap [NMAP] use nmap to scan ports and services
There are other specific tools in this area like WPScan for WordPress and DruPwn for Drupal – and in those cases the dashboard URLs are already known.
Read the rest of Cangibrina – Admin Dashboard Finder Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2018-07-30 16:08:05 |
Enumall – Subdomain Discovery Using Recon-ng & AltDNS (lien direct) |
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki.
Setting up Enumall for Subdomain Discovery
Install recon-ng from Source, clone the Recon-ng repository:
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git
Change into the Recon-ng directory:
cd recon-ng
Install dependencies:
pip install -r REQUIREMENTS
Link the installation directory to /usr/share/recon-ng
ln -s /$recon-ng_path /usr/share/recon-ng
Optionally (highly recommended) download:
– AltDNS
– A good subdomain bruteforce list (example here)
Create the config.py file and specify the path to Recon-ng and AltDNS as it showed in config_sample.py.
Read the rest of Enumall – Subdomain Discovery Using Recon-ng & AltDNS now! Only available at Darknet.
|
Tool
|
|
|
|
2018-07-21 09:25:01 |
RidRelay – SMB Relay Attack For Username Enumeration (lien direct) |
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
How RidRelay SMB Relay Attack Works
RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It takes these steps:
Spins up an SMB server and waits for an incoming SMB connection
The incoming credentials are relayed to a specified target, creating a connection with the context of the relayed user
Queries are made down the SMB connection to the lsarpc pipe to get the list of domain usernames.
Read the rest of RidRelay – SMB Relay Attack For Username Enumeration now! Only available at Darknet.
|
Tool
|
|
|
|
2018-07-07 19:11:04 |
NetBScanner – NetBIOS Network Scanner (lien direct) |
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
For every computer located by this NetBIOS scanner, the following information is displayed:
IP Address
Computer Name
Workgroup or Domain
MAC Address
Network adapter manufacturer (from MAC address).
NetBScanner also shows whether a computer is a Master Browser.
Read the rest of NetBScanner – NetBIOS Network Scanner now! Only available at Darknet.
|
Tool
|
|
|
|
2018-06-27 15:15:04 |
Metta – Information Security Adversarial Simulation Tool (lien direct) |
Metta is an information security preparedness tool in Python to help with adversarial simulation, this can help you check various detection and control capabilities within your organisation.
This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.
Read the rest of Metta – Information Security Adversarial Simulation Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2018-06-24 07:30:02 |
Powershell-RAT – Gmail Exfiltration RAT (lien direct) |
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.
It claims to not need Administrator access and is not currently detected by Anti-virus software.
Read the rest of Powershell-RAT – Gmail Exfiltration RAT now! Only available at Darknet.
|
|
|
|
|
2018-06-20 15:37:02 |
SCADA Hacking – Industrial Systems Woefully Insecure (lien direct) |
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants, refineries and all kinds of other powerful and dangerous things.
The latest talk given on the subject shows with just 4 lines of code and a small hardware drop device a SCADA based facility can be effectively DoSed by sending repeated shutdown commands to suscpetible systems.
Read the rest of SCADA Hacking – Industrial Systems Woefully Insecure now! Only available at Darknet.
|
|
|
|
|
2018-06-18 15:34:02 |
airgeddon – Wireless Security Auditing Script (lien direct) |
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Airgeddon Wireless Security Auditing Features
Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks)
Full support for 2.4Ghz and 5Ghz band
Assisted Handshake file capturing
Cleaning and optimizing Handshake captured files
Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based) based on aircrack, crunch and hashcat tools.
Read the rest of airgeddon – Wireless Security Auditing Script now! Only available at Darknet.
|
|
|
|
|
2018-05-23 01:52:05 |
Acunetix v12 – More Comprehensive More Accurate & 2x Faster (lien direct) |
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites.
With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.
Read the rest of Acunetix v12 – More Comprehensive More Accurate & 2x Faster now! Only available at Darknet.
|
|
|
|
|
2018-05-18 22:03:03 |
CloudFrunt – Identify Misconfigured CloudFront Domains (lien direct) |
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions. This effectively allows for domain hijacking.
How CloudFrunt Works For Misconfigured CloudFront
CloudFront is a Content Delivery Network (CDN) provided by Amazon Web Services (AWS). CloudFront users create “distributions” that serve content from specific sources (an S3 bucket, for example).
Each CloudFront distribution has a unique endpoint for users to point their DNS records to (ex.
Read the rest of CloudFrunt – Identify Misconfigured CloudFront Domains now! Only available at Darknet.
|
|
|
|
|
2018-05-10 10:25:05 |
Airbash – Fully Automated WPA PSK Handshake Capture Script (lien direct) |
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP).
Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng.
Read the rest of Airbash – Fully Automated WPA PSK Handshake Capture Script now! Only available at Darknet.
|
|
|
|
|
2018-05-05 09:13:03 |
XXEinjector – Automatic XXE Injection Tool For Exploitation (lien direct) |
XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.
Usage of XXEinjector XXE Injection Tool
XXEinjector actually has a LOT of options, so do have a look through to see how you can best leverage this type of attack. Obviously Ruby is a prequisite to run the tool.
Read the rest of XXEinjector – Automatic XXE Injection Tool For Exploitation now! Only available at Darknet.
|
|
|
|
|
2018-05-03 16:51:01 |
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack (lien direct) |
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 years delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public – Massive Yahoo Hack – 500 Million Accounts Compromised.
Yahoo! has been having a rocky time for quite a few years now and just recently has sold Flickr to SmugMug for an undisclosed amount, I hope that at least helps pay off some of the fine.
Read the rest of Yahoo! Fined 35 Million USD For Late Disclosure Of Hack now! Only available at Darknet.
|
|
Yahoo
|
|
|
2018-05-01 15:36:05 |
Drupwn – Drupal Enumeration Tool & Security Scanner (lien direct) |
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
Drupwn Drupal Enumeration Tool Hacking Features
Drupwn can be run, using two separate modes which are enum and exploit. The enum mode allows performing enumerations whereas the exploit mode allows checking and exploiting CVEs.
Enum mode
User enumeration
Node enumeration
Default files enumeration
Module enumeration
Theme enumeration
Cookies support
User-Agent support
Basic authentication support
Request delay
Enumeration range
Logging
Exploit mode
Vulnerability checker
CVE exploiter
For scanning Drupal sites there is also:
– Droopescan – Plugin Based CMS Security Scanner
You can download Drupwn here:
drupwn-master.zip
Or read more here.
Read the rest of Drupwn – Drupal Enumeration Tool & Security Scanner now! Only available at Darknet.
|
|
|
|
|
2018-04-28 18:31:00 |
MyEtherWallet DNS Hack Causes 17 Million USD User Loss (lien direct) |
Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.
The hack itself could have been MUCH bigger as it actually involved compromising 1300 Amazon AWS Route 53 DNS IP addresses, fortunately though only MEW was targetted resulting in the damage being contained in the cryptosphere (as far as we know anyway).
Read the rest of MyEtherWallet DNS Hack Causes 17 Million USD User Loss now! Only available at Darknet.
|
|
|
|
|
2018-04-23 17:08:04 |
StaCoAn – Mobile App Static Analysis Tool (lien direct) |
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
This tool will look for interesting lines in the code which can contain:
Hardcoded credentials
API keys
URL's of API's
Decryption keys
Major coding mistakes
This tool was created with a big focus on usability and graphical guidance in the user interface.
Read the rest of StaCoAn – Mobile App Static Analysis Tool now! Only available at Darknet.
|
|
|
|
|
2018-04-16 17:48:04 |
snallygaster – Scan For Secret Files On HTTP Servers (lien direct) |
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a security risk.
Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities.
snallygaster HTTP Secret File Scanner Features
This is an overview of the tests provided by snallygaster.
Read the rest of snallygaster – Scan For Secret Files On HTTP Servers now! Only available at Darknet.
|
|
|
|
|
2018-04-06 17:42:02 |
Portspoof – Spoof All Ports Open & Emulate Valid Services (lien direct) |
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port. As a result, any attackers port scan results will become fairly meaningless and will require hours of effort to accurately identify which ports have real services on and which do not.
The tool is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system.
Read the rest of Portspoof – Spoof All Ports Open & Emulate Valid Services now! Only available at Darknet.
|
|
|
|