Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-01-04 23:59:56 |
Meilleur EDR du marché (Beotm) & # 8211;Outil de détection de point de terminaison et de réponse à la réponse Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool (lien direct) |
BestDroftheMarket est un outil EDR (détection et réponse de point de terminaison) conçu pour servir de terrain de test
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground |
Tool
|
|
★★★
|
|
2023-05-28 15:04:35 |
Padre & # 8211;Outil de padding Oracle Attack Exploiter padre – Padding Oracle Attack Exploiter Tool (lien direct) |
Padre est un outil d'attaque Oracle exploiteur et padding avancé qui peut être déployé par rapport au cryptage en mode CBC.
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption. |
Tool
|
|
★★
|
|
2023-03-20 16:19:22 |
DataSurgeon – Extract Sensitive Information (PII) From Logs (lien direct) |
DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges. |
Tool
|
|
★★
|
|
2022-12-29 07:36:08 |
HardCIDR – Network CIDR and Range Discovery Tool (lien direct) |
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test. |
Tool
|
|
★★★
|
|
2022-04-29 17:32:59 |
Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage (lien direct) |
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms.
Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken.
Read the rest of Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage now! Only available at Darknet.
|
Tool
|
|
|
|
2022-01-23 17:15:41 |
CFRipper – CloudFormation Security Scanning & Audit Tool (lien direct) |
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.
You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.
CFRipper should be part of your CI/CD pipeline. It runs just before a CloudFormation stack is deployed or updated and if the CloudFormation script fails to pass the security check it fails the deployment and notifies the team that owns the stack.
Read the rest of CFRipper – CloudFormation Security Scanning & Audit Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2022-01-05 09:55:56 |
CredNinja – Test Credential Validity of Dumped Credentials or Hashes (lien direct) |
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning for port 445 first, or you can use ââscanâ). It will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host.
Read the rest of CredNinja – Test Credential Validity of Dumped Credentials or Hashes now! Only available at Darknet.
|
Tool
|
|
|
|
2021-12-29 17:05:47 |
assetfinder – Find Related Domains and Subdomains (lien direct) |
assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more.
assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info:
crt.sh
certspotter
hackertarget
threatcrowd
wayback machine
dns.bufferover.run
facebook â Needs FB_APP_ID and FB_APP_SECRET environment variables set (https://developers.facebook.com/) and you need to be careful with your appâs rate limits
virustotal â Needs VT_API_KEY environment variable set (https://developers.virustotal.com/reference)
findsubdomains â Needs SPYSE_API_TOKEN environment variable set (the free version always gives the first response page, and you also get â25 unlimited requestsâ) â (https://spyse.com/apidocs)
Sources to be implemented:
http://api.passivetotal.org/api/docs/
https://community.riskiq.com/ (?)
https://riddler.io/
http://www.dnsdb.org/
https://certdb.com/api-documentation
Usage of assetfinder to Find Related Domains and Subdomains
The usage is very simple with only one option basically, to limit the search to subdomains only â by default it will scan for all associated domains and subdomains.
Read the rest of assetfinder – Find Related Domains and Subdomains now! Only available at Darknet.
|
Tool
|
|
|
|
2021-08-30 18:53:57 |
Karkinos – Beginner Friendly Penetration Testing Tool (lien direct) |
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a âSwiss Army Knifeâ for pen-testing and/or hacking CTFâs.
Karkinos Beginner Friendly Penetration Testing Tool Features
Encoding/Decoding characters
Encrypting/Decrypting text or files
Reverse shell handling
Cracking and generating hashes
How to Install Karkinos Beginner Friendly Penetration Testing Tool
Dependencies are:
Any server capable of hosting PHP
Tested with PHP 7.4.9
Tested with Python 3.8
Make sure it is in your path as:
Windows: python
Linux: python3
If it is not, please change the commands in includes/pid.php
Pip3
Raspberry Pi Zero friendly :) (crack hashes at your own risk)
Then:
git clone https://github.com/helich0pper/Karkinos.git
cd Karkinos
pip3 install -r requirements.txt
cd wordlists && unzip passlist.zip You can also unzip it manually using file explorer.
Read the rest of Karkinos – Beginner Friendly Penetration Testing Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2021-07-06 16:16:57 |
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory (lien direct) |
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.
It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path.
Features of Aclpwn.Py Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.Py currently has the following features:
Direct integration with BloodHound and the Neo4j graph database (fast pathfinding)
Supports any reversible ACL based attack chain (no support for resetting user passwords right now)
Advanced pathfinding (Dijkstra) to find the most efficient paths
Support for exploitation with NTLM hashes (pass-the-hash)
Saves restore state, easy rollback of changes
Can be run via a SOCKS tunnel
Written in Python (2.7 and 3.5+), so OS independent
Installation of Aclpwn.py ACL Based Privilege Escalation
Aclpwn.py is compatible with both Python 2.7 and 3.5+.
Read the rest of Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory now! Only available at Darknet.
|
Tool
|
|
|
|
2021-03-04 17:16:01 |
APT-Hunter – Threat Hunting Tool via Windows Event Log (lien direct) |
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected.
The target audience for APT-Hunter is threat hunters, incident response professionals or forensic investigators.
Read the rest of APT-Hunter – Threat Hunting Tool via Windows Event Log now! Only available at Darknet.
|
Threat
Tool
|
|
|
|
2021-01-01 10:59:21 |
GKE Auditor – Detect Google Kubernetes Engine Misconfigurations (lien direct) |
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities.
The tool consists of individual modules called Detectors, each scanning for a specific vulnerability.
Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations
Installation
git clone https://github.com/google/gke-auditor
cd ./gke-auditor/
./build.sh
Usage
The tool has to be built by running the build.sh script first.
Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet.
|
Tool
|
Uber
|
|
|
2020-12-07 13:15:28 |
zANTI – Android Wireless Hacking Tool Free Download (lien direct) |
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download.
This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
Features of zANTI Android Wireless Hacking Tool
This network auditor comes along with a rather simple interface compared to other solutions and running its tasks is pretty straightforward.
Read the rest of zANTI – Android Wireless Hacking Tool Free Download now! Only available at Darknet.
|
Tool
|
|
|
|
2020-11-03 10:03:00 |
Trape – OSINT Analysis Tool For People Tracking (lien direct) |
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.
Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.
Read the rest of Trape – OSINT Analysis Tool For People Tracking now! Only available at Darknet.
|
Tool
|
|
|
|
2020-10-07 04:18:46 |
trident – Automated Password Spraying Tool (lien direct) |
The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.
trident was designed and built to fulfill several requirements and to provide:
the ability to be deployed on several cloud platforms/execution providers
the ability to schedule spraying campaigns in accordance with a target's account lockout policy
the ability to increase the IP pool that authentication attempts originate from for operational security purposes
the ability to quickly extend functionality to include newly-encountered authentication platforms
Using trident Password Spraying Tool
Usage:
trident-cli campaign [flags]
Flags:
-a, --auth-provider string this is the authentication platform you are attacking (default "okta")
-h, --help help for campaign
-i, --interval duration requests will happen with this interval between them (default 1s)
-b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
-p, --passfile string file of passwords (newline separated)
-u, --userfile string file of usernames (newline separated)
-w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)
Example output:
$ trident-client results
+----+-------------------+------------+-------+
| ID | USERNAME | PASSWORD | VALID |
+----+-------------------+------------+-------+
| 1 | alice@example.org | Password1!
Read the rest of trident – Automated Password Spraying Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-09-23 17:13:02 |
tko-subs – Detect & Takeover Subdomains With Dead DNS Records (lien direct) |
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.
What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?
This tool allows you:
To check whether a subdomain can be taken over because it has:
a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.
Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.
|
Tool
|
|
|
|
2020-08-17 08:03:23 |
Arcane – Tool To Backdoor iOS Packages (iPhone ARM) (lien direct) |
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.
How Arcane Tool To Backdoor iOS Package Works
It's possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the preinst, postinst, prerm, and postrm files.
Read the rest of Arcane – Tool To Backdoor iOS Packages (iPhone ARM) now! Only available at Darknet.
|
Tool
|
|
|
|
2020-07-27 14:50:13 |
SharpHose – Asynchronous Password Spraying Tool (lien direct) |
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. The tool takes into consideration the domain password policy, including fine-grained password policies, in an attempt to avoid account lockouts.
Read the rest of SharpHose – Asynchronous Password Spraying Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-05-27 17:41:21 |
Quasar RAT – Windows Remote Administration Tool (lien direct) |
Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring.
It aims to provide high stability and an easy-to-use user interface and is a free, open source tool.
Features of Quasar RAT Windows Remote Administration Tool
The main features that can be found in Quasar are:
TCP network stream (IPv4 & IPv6 support)
Fast network serialization (Protocol Buffers)
Compressed (QuickLZ) & Encrypted (TLS) communication
UPnP Support
Task Manager
File Manager
Startup Manager
Remote Desktop
Remote Shell
Remote Execution
System Information
Registry Editor
System Power Commands (Restart, Shutdown, Standby)
Keylogger (Unicode Support)
Reverse Proxy (SOCKS5)
Password Recovery (Common Browsers and FTP Clients)
Using Quasar Windows Remote Administration Tool
1.
Read the rest of Quasar RAT – Windows Remote Administration Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-05-18 16:56:26 |
Pingcastle – Active Directory Security Assessment Tool (lien direct) |
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level with a methodology based on a risk assessment and maturity framework. It does not aim at a perfect evaluation but rather as an efficiency compromise.
The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org.
CMMI is a well known methodology from the Carnegie Mellon university to evaluate the maturity with a grade from 1 to 5, PingCastle has adapated CMMI to Active Directory security.
Read the rest of Pingcastle – Active Directory Security Assessment Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-04-30 14:46:33 |
Second Order – Subdomain Takeover Scanner Tool (lien direct) |
Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way.
Using Second Order Subdomain Takeover Scanner Tool
Command line options:
-base string
Base link to start scraping from (default "http://127.0.0.1")
-config string
Configuration file (default "config.json")
-debug
Print visited links in real-time to stdout
-output string
Directory to save results in (default "output")
Example:
go run second-order.go -base https://example.com -config config.json -output example.com -concurrency 10
Config File for Second Order Subdomain Takeover Scanner Tool
Example configuration file included (config.json)
Headers: A map of headers that will be sent with every request.
Read the rest of Second Order – Subdomain Takeover Scanner Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-04-14 16:14:56 |
Binwalk – Firmware Security Analysis & Extraction Tool (lien direct) |
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images.
Features of Binwalk Firmware Security Analysis & Extraction Tool
Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems
File Extraction – You can tell binwalk to extract any files that it finds in the firmware image
Entropy Analysis – Can help identify interesting sections of data inside a firmware image
String Search – Allows you to search the specified file(s) for a custom string
There are also various filters such as by CPU architecture, number of instructions, include filter, exclude filter,
Installation of Binwalk Firmware Security Analysis & Extraction Tool
Download binwalk:
$ wget https://github.com/ReFirmLabs/binwalk/archive/master.zip
$ unzip master.zip
Install binwalk; if you have a previously installed version of binwalk, it is suggested that you uninstall it before upgrading:
$ (cd binwalk-master && sudo python setup.py uninstall && sudo python setup.py install)
Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):
$ sudo ./binwalk-master/deps.sh
If you are not a Debian user, or if you wish to install only selected dependencies, see the INSTALL documentation for more details.
Read the rest of Binwalk – Firmware Security Analysis & Extraction Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-03-31 15:20:31 |
zBang – Privileged Account Threat Detection Tool (lien direct) |
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations and red teamers can utilize zBang to identify potential attack vectors and improve the security posture of the network.
The results can be analyzed with the graphic interface or by reviewing the raw output files.
The tool is built from five different scanning modules:
ACLight scan – discovers the most privileged accounts that must be protected, including suspicious Shadow Admins.
Read the rest of zBang – Privileged Account Threat Detection Tool now! Only available at Darknet.
|
Threat
Tool
|
|
|
|
2020-03-29 07:14:18 |
Memhunter – Automated Memory Resident Malware Detection (lien direct) |
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving the threat hunter analysis process and remediation times.
It's a self contained binary that can be deployed and managed at scale, does not use memory dumps and relies purely on memory inspection to do its work. It also does not require any complex infrastructure to deploy.
The tool was designed as a replacement of memory forensic volatility plugins such as malfind and hollowfind.
Read the rest of Memhunter – Automated Memory Resident Malware Detection now! Only available at Darknet.
|
Threat
Malware
Tool
|
|
|
|
2020-03-24 15:48:52 |
Sandcastle – AWS S3 Bucket Enumeration Tool (lien direct) |
Sandcastle is a Python-based Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations.
Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.), you first create a bucket in one of the AWS Regions. You can then upload any number of objects to the bucket.
Read the rest of Sandcastle – AWS S3 Bucket Enumeration Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-02-26 16:36:00 |
Astra – API Automated Security Testing For REST (lien direct) |
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs.
Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API), so it's easy for anyone to integrate this into CI/CD pipeline.
Read the rest of Astra – API Automated Security Testing For REST now! Only available at Darknet.
|
Tool
|
|
|
|
2020-02-19 15:22:49 |
Judas DNS – Nameserver DNS Poisoning Attack Tool (lien direct) |
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain.
The magic comes with Judas's rule configurations which allow you to change DNS responses depending on source IP or DNS query type. This allows an attacker to configure a malicious nameserver to do things like selectively re-route inbound email coming from specified source IP ranges (via modified MX records), set extremely long TTLs to keep poisoned records cached, and more.
Read the rest of Judas DNS – Nameserver DNS Poisoning Attack Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2020-02-10 14:05:43 |
OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery (lien direct) |
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
Information Gathering Techniques Used by OWASP Amass for DNS Enumeration and More
The main functionality of Amass is as follows:
DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional)
Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo
Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT
APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML
Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback
Usage of Amass for DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The Amass tool has several subcommands shown below for handling your Internet exposure investigation.
Read the rest of OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery now! Only available at Darknet.
|
Guideline
Tool
|
Yahoo
|
|
|
2020-01-29 09:27:23 |
Cameradar – Hack RTSP Video Surveillance CCTV Cameras (lien direct) |
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
The main features of Cameradar are:
Detect open RTSP hosts on any accessible target host
Detect which device model is streaming
Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
Launch automated dictionary attacks to get the username and password of the cameras
Retrieve a complete and user-friendly report of the results
Using Cameradar to Hack RTSP Video Cameras
"-t, --targets": Set target.
Read the rest of Cameradar – Hack RTSP Video Surveillance CCTV Cameras now! Only available at Darknet.
|
Hack
Tool
|
|
|
|
2019-12-19 15:06:54 |
WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords (lien direct) |
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine. This tool will help you in a Wifi penetration testing and could also be useful when performing red team assessments or internal infrastructure engagements.
Each option in the tool generates the “.txt” file as an output, if you run the tool multiple times, the output gets appended to the previous results.
Read the rest of WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords now! Only available at Darknet.
|
Tool
|
|
|
|
2019-12-02 07:09:50 |
truffleHog – Search Git for High Entropy Strings with Commit History (lien direct) |
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy checking has also been added.
truffleHog --regex --entropy=False https://github.com/dxa4481/truffleHog.git
or
truffleHog file:///user/dxa4481/codeprojects/truffleHog/
truffleHog will go through the entire commit history of each branch, and check each diff from each commit, and check for secrets.
Read the rest of truffleHog – Search Git for High Entropy Strings with Commit History now! Only available at Darknet.
|
Tool
|
|
|
|
2019-11-01 15:21:01 |
Sooty – SOC Analyst All-In-One CLI Tool (lien direct) |
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
The main goal of Sooty is to perform as much of the routine checks as possible which allows the analyst more time to spend on deeper analysis.
Features of Sooty SOC Analyst CLI Tool
Sanitise URL's to be safe to send in emails
Perform reverse DNS and DNS lookups
Perform reputation checks from:
VirusTotal
BadIP's
Abuse IPDB
Check if an IP address is a TOR exit node
Decode Proofpoint URL's, UTF-8 encoded URLS, Office SafeLink URL's and Base64 Strings
Get file hashes and compare them against VirusTotal (see requirements)
Perform WhoIs Lookups
Check Usernames and Emails against HaveIBeenPwned to see if a breach has occurred.
Read the rest of Sooty – SOC Analyst All-In-One CLI Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2019-10-07 07:46:46 |
LambdaGuard – AWS Lambda Serverless Security Scanner (lien direct) |
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code.
LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results.
Read the rest of LambdaGuard – AWS Lambda Serverless Security Scanner now! Only available at Darknet.
|
Tool
|
|
|
|
2019-09-23 05:59:19 |
exe2powershell – Convert EXE to BAT Files (lien direct) |
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
This will convert any binary file (*.exe) to a BAT file, the resulting BAT file contains only echo commands followed by a PowerShell command to re-create the original binary file.
This kind of tool can be useful during a pen-test when you want to trigger a shell without any upload feature.
Read the rest of exe2powershell – Convert EXE to BAT Files now! Only available at Darknet.
|
Tool
|
|
|
|
2019-08-28 06:11:05 |
Stardox – Github Stargazers Information Gathering Tool (lien direct) |
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else's repository stargazers details.
GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it's natural to wonder what's driving interest.
Read the rest of Stardox – Github Stargazers Information Gathering Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2019-07-11 15:10:02 |
Mosca – Manual Static Analysis Tool To Find Bugs (lien direct) |
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
There are various 'egg' modules which contain patterns to scan for, it can scan through files recursively limited by file extension and logs results to an XML text file.
It's also fairly easy to extend and add your own modules/eggs/languages.
Manual Static Analysis Tool Language Support
Languages it can scan for vulnerabilities are:
ASP
C
C#
Java
JavaScript
PHP
Ruby
Swift
You can download Mosca here:
Mosca-master.zip
Or read more here.
Read the rest of Mosca – Manual Static Analysis Tool To Find Bugs now! Only available at Darknet.
|
Tool
|
|
|
|
2019-07-01 06:35:00 |
Slurp – Amazon AWS S3 Bucket Enumerator (lien direct) |
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.
Blackbox (external)
In this mode, you are using the permutations list to conduct scans.
Read the rest of Slurp – Amazon AWS S3 Bucket Enumerator now! Only available at Darknet.
|
Tool
|
|
|
|
2019-03-05 10:34:01 |
DeepSound – Audio Steganography Tool (lien direct) |
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract secret files directly from audio files or audio CD tracks.
This audio steganography tool can be used as copyright marking software for wave, flac, wma, ape, and audio CD.
DeepSound also support encrypting secret files using AES-256(Advanced Encryption Standard) to improve data protection. The application additionally contains an easy to use Audio Converter Module that can encode several audio formats (FLAC, MP3, WMA, WAV, APE) to others (FLAC, MP3, WAV, APE).
Read the rest of DeepSound – Audio Steganography Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2019-02-25 03:50:05 |
GoBuster – Directory/File & DNS Busting Tool in Go (lien direct) |
GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.
The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..
… something that didn't have a fat Java GUI (console FTW).
… to build something that just worked on the command line.
… something that did not do recursive brute force.
Read the rest of GoBuster – Directory/File & DNS Busting Tool in Go now! Only available at Darknet.
|
Tool
|
|
|
|
2019-01-20 07:26:00 |
Domained – Multi Tool Subdomain Enumeration (lien direct) |
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.
This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.
Domains Subdomain Enumeration Tools Leveraged
Subdomain Enumeraton Tools:
Sublist3r
enumall
Knock
Subbrute
massdns
Recon-ng
Amass
SubFinder
Reporting + Wordlists:
EyeWitness
SecList (DNS Recon List)
LevelUp All.txt Subdomain List
Domained Subdomain Enumeration Tool Usage
--install/--upgrade Both do the same function – install all prerequisite tools
--vpn Check if you are on VPN (update with your provider)
--quick Use ONLY Amass and SubFinder
--bruteall Bruteforce with JHaddix All.txt List instead of SecList
--fresh Delete old data from output folder
--notify Send Pushover or Gmail Notifications
--active EyeWitness Active Scan
--noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS
Subdomain Enumeration Examples
First Steps are to install required Python modules and tools:
sudo pip install -r ./ext/requirements.txt
sudo python domained.py --install
Example 1 – Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)
python domained.py -d example.com
Example 2: – Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN
python domained.py -d example.com -b -p --vpn
Example 3: – Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)
python domained.py -d example.com -b --bruteall
Example 4: – Uses subdomain example.com and only Amass and SubFinder
python domained.py -d example.com --quick
Example 5: – Uses subdomain example.com, only Amass and SubFinder and notification
python domained.py -d example.com --quick --notify
Example 6: – Uses subdomain example.com with no EyeWitness
python domained.py -d example.com --noeyewitness
Note: --bruteall must be used with the -b flag
You can download Domained here:
domained-master.zip
Or read more here.
Read the rest of Domained – Multi Tool Subdomain Enumeration now! Only available at Darknet.
|
Tool
|
|
|
|
2018-12-16 20:17:00 |
Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI (lien direct) |
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
To get it up and running make sure you do:
apt-get install qt4-dev-tools
Running Gerix Wireless 802.11 Hacking Tool
$ python gerix.py
You can download Gerix here:
gerix-wifi-cracker-master.zip
Or read more here.
Read the rest of Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI now! Only available at Darknet.
|
Tool
|
|
|
|
2018-11-23 13:47:00 |
WepAttack – WLAN 802.11 WEP Key Hacking Tool (lien direct) |
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.
What is a WEP Key?
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Read the rest of WepAttack – WLAN 802.11 WEP Key Hacking Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2018-10-29 15:38:02 |
CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains (lien direct) |
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
You missed AXFR technique didn't you? (Open DNS zone transfers), so how does it work? CTFR does not use dictionary attack or brute-force attacks, it just helps you to abuse Certificate Transparency Logs.
What is Certificate Transparency?
Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections.
Read the rest of CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains now! Only available at Darknet.
|
Tool
|
|
|
|
2018-10-20 09:13:02 |
testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws (lien direct) |
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
testssl.sh is pretty much portable/compatible. It is working on every Linux, Mac OS X, FreeBSD distribution, on MSYS2/Cygwin (slow). It is supposed also to work on any other unixoid systems. A newer OpenSSL version (1.0) is recommended though.
Read the rest of testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws now! Only available at Darknet.
|
Tool
|
|
|
|
2018-08-20 07:49:04 |
dcipher – Online Hash Cracking Using Rainbow & Lookup Tables (lien direct) |
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
The capacity to programmatically crack passwords is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible.
In this case dcipher uses online hash checking services, which have extremely large Rainbow Table sets of pre-computed hashes, to rapidly find hash collisions.
Read the rest of dcipher – Online Hash Cracking Using Rainbow & Lookup Tables now! Only available at Darknet.
|
Tool
|
|
|
|
2018-08-06 09:30:05 |
Cangibrina – Admin Dashboard Finder Tool (lien direct) |
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists, Google, Nmap and robots.txt.
It is multi-threaded, supports modifying your user agent, using a TOR proxy, custom dorks, Nmap integration and can use both DuckDuckGo and Google.
Cangibrina Admin Dashboard Finder Requirements
Python 2.7
mechanize
PySocks
beautifulsoup4
html5lib
Nmap
TOR
Cangibrina Usage to Find Admin Dashboards
usage: cangibrina.py [-h] -u U [-w W] [-t T] [-v] [--ext EXT] [--user-agent]
[--tor] [--search] [--dork DORK] [--nmap [NMAP]]
Fast and powerful admin finder
optional arguments:
-h, --help show this help message and exit
-u U target site
-w W set wordlist (default: wl_medium)
-t T set threads number (default: 5)
-v enable verbose
--ext EXT filter path by target extension
--user-agent modify user-agent
--sub-domain search for sub domains instead of directories
--tor set TOR proxy
--search use google and duckduckgo to search
--dork DORK set custom dork
--nmap [NMAP] use nmap to scan ports and services
There are other specific tools in this area like WPScan for WordPress and DruPwn for Drupal – and in those cases the dashboard URLs are already known.
Read the rest of Cangibrina – Admin Dashboard Finder Tool now! Only available at Darknet.
|
Tool
|
|
|
|
2018-07-30 16:08:05 |
Enumall – Subdomain Discovery Using Recon-ng & AltDNS (lien direct) |
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki.
Setting up Enumall for Subdomain Discovery
Install recon-ng from Source, clone the Recon-ng repository:
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git
Change into the Recon-ng directory:
cd recon-ng
Install dependencies:
pip install -r REQUIREMENTS
Link the installation directory to /usr/share/recon-ng
ln -s /$recon-ng_path /usr/share/recon-ng
Optionally (highly recommended) download:
– AltDNS
– A good subdomain bruteforce list (example here)
Create the config.py file and specify the path to Recon-ng and AltDNS as it showed in config_sample.py.
Read the rest of Enumall – Subdomain Discovery Using Recon-ng & AltDNS now! Only available at Darknet.
|
Tool
|
|
|
|
2018-07-21 09:25:01 |
RidRelay – SMB Relay Attack For Username Enumeration (lien direct) |
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
How RidRelay SMB Relay Attack Works
RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It takes these steps:
Spins up an SMB server and waits for an incoming SMB connection
The incoming credentials are relayed to a specified target, creating a connection with the context of the relayed user
Queries are made down the SMB connection to the lsarpc pipe to get the list of domain usernames.
Read the rest of RidRelay – SMB Relay Attack For Username Enumeration now! Only available at Darknet.
|
Tool
|
|
|
|
2018-07-07 19:11:04 |
NetBScanner – NetBIOS Network Scanner (lien direct) |
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
For every computer located by this NetBIOS scanner, the following information is displayed:
IP Address
Computer Name
Workgroup or Domain
MAC Address
Network adapter manufacturer (from MAC address).
NetBScanner also shows whether a computer is a Master Browser.
Read the rest of NetBScanner – NetBIOS Network Scanner now! Only available at Darknet.
|
Tool
|
|
|
|
2018-06-27 15:15:04 |
Metta – Information Security Adversarial Simulation Tool (lien direct) |
Metta is an information security preparedness tool in Python to help with adversarial simulation, this can help you check various detection and control capabilities within your organisation.
This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.
Read the rest of Metta – Information Security Adversarial Simulation Tool now! Only available at Darknet.
|
Tool
|
|
|