What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-09-19 11:12:39 | AWSBucketDump – AWS S3 Security Scanning Tool (lien direct) |  AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files. It's similar to a subdomain brute-forcing tool but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.
Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool.
Read the rest of AWSBucketDump – AWS S3 Security Scanning Tool now! Only available at Darknet.
|
|||
|
2017-09-17 18:36:02 | nbtscan Download – NetBIOS Scanner For Windows & Linux (lien direct) |  nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network, and this is the first step in the finding of open shares.
It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one.
What is nbtscan?
NETBIOS is commonly known as the Windows “Network Neighborhood†protocol, and (among other things), it provides a name service that listens on UDP port 137.
Read the rest of nbtscan Download – NetBIOS Scanner For Windows & Linux now! Only available at Darknet.
|
|||
|
2017-09-14 18:14:00 | Equifax Data Breach – Hack Due To Missed Apache Patch (lien direct) |  The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
The original statement about the breach is as follows for those that weren't up to date with it, which came out Sept 7th (4 months AFTER the breach happened).
Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S.
Read the rest of Equifax Data Breach – Hack Due To Missed Apache Patch now! Only available at Darknet.
|
Equifax | ||
|
2017-09-12 14:13:19 | Seth – RDP Man In The Middle Attack Tool (lien direct) |  Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection in order to extract clear text credentials.
It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.
Usage of Seth RDP Man In The Middle Attack Tool
Run it like this:
$ ./seth.sh
Unless the RDP host is on the same subnet as the victim machine, the last IP address must be that of the gateway.
Read the rest of Seth – RDP Man In The Middle Attack Tool now! Only available at Darknet.
|
|||
|
2017-09-08 19:31:51 | dcrawl – Web Crawler For Unique Domains (lien direct) |  dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names.
How does dcrawl work?
dcrawl takes one site URL as input and detects all a href= links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the same way, branching out to more URLs found in links on each site's body.
dcrawl Web Crawler Features
Branching out only to predefined number of links found per one hostname.
Read the rest of dcrawl – Web Crawler For Unique Domains now! Only available at Darknet.
|
|||
|
2017-09-07 07:45:03 | Time Warner Hacked – AWS Config Exposes 4M Subscribers (lien direct) |  What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4 Million subscribers.
This follows not long after the Instagram API leaking user contact information and a few other recent leaks involving poorly secured Amazon AWS S3 buckets and I'd hazard a guess that it won't be the last.
Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.
Read the rest of Time Warner Hacked – AWS Config Exposes 4M Subscribers now! Only available at Darknet.
|
|||
|
2017-09-05 13:05:28 | Wikto Scanner Download – Web Server Security Tool (lien direct) |  Wikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
It's Nikto for Windows basically with some extra features written in C# and requires the .NET framework.
What is Wikto
Wikto is not a web application scanner. It is totally unaware of the application (if any) that's running on the web site.
Read the rest of Wikto Scanner Download – Web Server Security Tool now! Only available at Darknet.
|
|||
|
2017-09-01 13:35:07 | Reaver Download – Hack WPS Pin WiFi Networks (lien direct) |  Reaver download below, this tool has been designed to be a robust and practical tool to hack WPS Pin WiFi Networks using WiFi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
It has been tested against a wide variety of access points and WPS implementations.
The original Reaver implements an online brute force attack against, as described in here [PDF]. reaver-wps-fork-t6x version 1.6b is a community forked version, which has included various bug fixes and additional attack method (the offline Pixie Dust attack).
Read the rest of Reaver Download – Hack WPS Pin WiFi Networks now! Only available at Darknet.
|
|||
|
2017-08-31 14:24:09 | Instagram Leak From API Spills High Profile User Info (lien direct) |  Another high profile Instagram leak, this time no there's actual tangible repercussions other than it could possibly link to the recent Justin Bieber nudes leaked via a compromise of Selena Gomez's account.
There isn't a whole lot of details about what actually happened, in terms of what went wrong with the API? A wild guess would be some kind of authentication or token bug in the API that allowed you to access certain information about other users that you weren't supposed to be able to get access to.
Read the rest of Instagram Leak From API Spills High Profile User Info now! Only available at Darknet.
|
|||
|
2017-08-30 09:34:52 | GitMiner – Advanced Tool For Mining Github (lien direct) | GitMiner is an Advanced search tool for automation in Github, it enables mining Github for useful or potentially dangerous information or for example specific vulnerable or useful WordPress files. This tool aims to facilitate mining the code or snippets on Github through the site's search page. What is Mining Github? GitHub is a web-based Git […] | |||
|
2017-08-25 16:54:43 | FIR (Fast Incident Response) – Cyber Security Incident Management Platform (lien direct) | FIR (Fast Incident Response) is a cyber security incident management platform designed for agility and speed. It allows for easy creation, tracking, and reporting of cybersecurity incidents. In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network, and […] | |||
|
2017-08-23 16:44:42 | Bitcoin Anonymity Compromised By Most Vendors (lien direct) | Cryptocurrency is getting a lot of press lately and some researchers dug a little bit deeper in Bitcoin anonymity as it's a touted selling point for most cryptocurrencies. It's not a problem with Bitcoin itself, or any other coin, more the fact that shopping cart implementations and analytics systems aren't built with the anonymity of […] | |||
|
2017-08-22 14:03:36 | NoSQLMap – Automated NoSQL Exploitation Tool (lien direct) | NoSQLMap is an open source Python-based automated NoSQL exploitation tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases. It is also intended to attack web applications using NoSQL in order to disclose data from the database. Presently the tool's exploits are focused around MongoDB, but […] | |||
|
2017-08-18 16:34:21 | UACMe – Defeat Windows User Account Control (UAC) (lien direct) | UACme is a compiled, C-based tool which contains a number of methods to defeat Windows User Account Control commonly known as UAC. It abuses the built-in Windows AutoElevate backdoor and contains 41 methods. The tool requires an Admin account with the Windows UAC set to default settings. Usage Run executable from command line: akagi32 [Key] […] | |||
|
2017-08-17 10:31:19 | What You Need To Know About Server Side Request Forgery (SSRF) (lien direct) | SSRF or Server Side Request Forgery is an attack vector that has been around for a long time, but do you actually know what it is? Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used […] | |||
|
2017-08-15 00:27:30 | SAML Raider – SAML2 Security Testing Burp Extension (lien direct) | SAML Raider is a Burp Suite extension for SAML2 security testing, it contains two core functionalities – Manipulating SAML Messages and managing X.509 certificates. The extension is divided into two parts, a SAML message editor and a certificate management tool. Features Message Editor Features of the SAML Raider message editor: Sign SAML Messages Sign SAML […] | |||
|
2017-08-12 14:56:58 | faker.js – Tool To Generate Fake Data For Testing (lien direct) | faker.js is a tool to generate fake data in Node.js and in the browser, it has a lot of different data types to enable you to generate very customised and complete sets of fake or mock data for testing purposes. It also supports multiple languages and locales and can generate a lot of data types […] | |||
|
2017-08-11 16:28:50 | Should US Border Cops Need a Warrant To Search Devices? (lien direct) | The answer from me is, OF COURSE, f&ck yes. They can't search your home, car and anywhere else in the country, they would need a warrant to search devices too. A case by the EFF (Electronic Frontier Foundation) is heading to the Fifth Circuit Court of Appeals in the US to find out what should […] | |||
|
2017-08-08 14:03:45 | jSQL – Automatic SQL Injection Tool In Java (lien direct) | jSQL is an automatic SQL Injection tool written in Java, it's lightweight and supports 23 kinds of database. It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux. Features Automatic injection of 23 kinds of databases: Access CockroachDB […] | |||
|
2017-08-04 10:14:41 | Jack – Drag & Drop Clickjacking Tool For PoCs (lien direct) | Jack is a Drag and Drop web-based Clickjacking Tool for the assistance of development in PoCs made with static HTML and JavaScript. Jack is web based and requires either a web server to serve its HTML and JS content or can be run locally. Typically something like Apache will suffice but anything that is able […] | |||
|
2016-08-11 09:10:10 | Bug Bounties Reaching $500,000 For iOS Exploits (lien direct) | No description | |||
|
2016-08-08 17:13:07 | CuckooDroid – Automated Android Malware Analysis (lien direct) | No description | |||
|
2016-08-05 10:41:59 | Telegram Hack – Possible Nation State Attack By Iran (lien direct) | No description | |||
|
2016-08-02 10:18:50 | miranda-upnp – Interactive UPnP Client (lien direct) | No description | |||
|
2016-07-29 15:03:02 | fping 3 – Multi Target ICMP Ping Tool (lien direct) | No description | |||
|
2016-07-27 18:16:52 | In 2016 Your Wireless Keyboard Security Still SUCKS – KeySniffer (lien direct) | No description | |||
|
2016-07-25 18:39:11 | WOL-E – Wake On LAN Security Testing Suite (lien direct) | No description | |||
|
2016-07-23 11:11:41 | dnmap – Distributed Nmap Framework (lien direct) | No description | |||
|
2016-07-21 10:07:27 | Everything You Need To Know About Web Shells (lien direct) | No description | |||
|
2016-07-18 14:47:25 | DMitry – Deepmagic Information Gathering Tool (lien direct) | No description | |||
|
2016-07-12 09:28:22 | Automater – IP & URL OSINT Tool For Analysis (lien direct) | No description | |||
|
2016-07-06 17:05:02 | Android Malware Giving Phones a Hummer (lien direct) | No description | |||
|
2016-07-05 15:25:03 | ERTS – Exploit Reliability Testing System (lien direct) | No description | |||
|
2016-06-28 07:45:35 | OpenIOC – Sharing Threat Intelligence (lien direct) | No description | |||
|
2016-06-25 10:15:21 | Up1 – Client Side Encrypted Image Host (lien direct) | No description | |||
|
2016-06-23 14:06:33 | Criminal Rings Hijacking Unused IPv4 Address Spaces (lien direct) | No description | |||
|
2016-06-21 07:56:50 | shadow – Firefox Heap Exploitation Tool (jemalloc) (lien direct) | No description | |||
|
2016-06-18 09:13:54 | Cuckoo Sandbox – Automated Malware Analysis System (lien direct) | No description | |||
|
2016-06-16 10:06:38 | Intel Hidden Management Engine – x86 Security Risk? (lien direct) | No description | |||
|
2016-06-14 09:54:35 | Fully Integrated Defense Operation (FIDO) – Automated Incident Response (lien direct) | No description | |||
|
2016-06-11 11:47:14 | Unicorn – PowerShell Downgrade Attack (lien direct) | No description | |||
|
2016-06-08 16:04:00 | Web Application Log Forensics After a Hack (lien direct) | No description | |||
|
2016-06-02 06:01:27 | TeamViewer Hacked? It Certainly Looks Like It (lien direct) | No description | |||
|
2016-05-31 10:45:54 | Wfuzz – Web Application Brute Forcer (lien direct) | No description | |||
|
2016-05-27 15:56:01 | wildpwn – UNIX Wildcard Attack Tool (lien direct) | No description | ★★★★★ | ||
|
2016-05-23 15:18:18 | CapTipper – Explore Malicious HTTP Traffic (lien direct) | No description | |||
|
2016-05-20 15:50:58 | SubBrute – Subdomain Brute-forcing Tool (lien direct) | No description | |||
|
2016-05-16 15:29:47 | The Backdoor Factory (BDF) – Patch Binaries With Shellcode (lien direct) | No description | |||
|
2016-05-13 15:11:31 | Gdog – Python Windows Backdoor With Gmail Command & Control (lien direct) | No description | ★★★★ | ||
|
2016-05-09 15:40:58 | SPF (SpeedPhish Framework) – E-mail Phishing Toolkit (lien direct) | No description |
To see everything:
Our RSS (filtrered)
