Pen Andro – An Automated Android Penetration Testing Tool
Introduction Pen-Andro Script will automate the process of installing all necessary tools & tasks for Android Pentesting i.e Moving Burpsuite Certificate,Installing Adb frida server, APKs like proxy toggle, proxydroid, adbwifi. Usage Open Terminal Run below command curl -sL https://tinyurl.com/pen-Android | sudo bash Preconditions Burpsuite proxy Running at 127.0.0.1:8080 Rooted Android device connected via adb (Only one device should be connected) Magisk App (It will make installation easy...
ZPhisher : Automated Phishing Tool For Pentesters
Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish. But I have not fully copied it. I have upgraded it & cleared the Unnecessary Files. It has 37 Phishing Page Templates ; including Facebook , Twitter & Paypal. It also has 4 Port Forwarding Tools . Installation apt updateapt install git php openssh...
The Hackingsage/Hacktronian – A Pentesting Tool for Linux and Android
Hacktronian is a free and open-source tool used for information gathering. It is used for performing numerous data hacking and penetration testing on websites and web applications. Hacktronian has different modules such as information gathering, and password attacks. Hacktronian is a complete package of different hacking tools/modules such as Setoolkit, Nmap, Host To IP Conversion, WAScan module, CMS Scanner module, and...
Juicy Potato : A Sugared Version Of RottenPotatoNG, With A Bit Of Juice
Juicy Potato is a sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITYSYSTEM. Summary RottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on 127.0.0.1:6666 and when you have SeImpersonate or SeAssignPrimaryToken privileges. During a Windows build review we found a setup where BITS was intentionally disabled and port 6666 was taken. We decided to weaponize RottenPotatoNG: Say hello to...
NetLlix : Tool To Emulate & Test Exfiltration Of Data Over Different Network Protocols
.png "NetLlix : Tool To Emulate & Test Exfiltration Of Data Over Different Network Protocols")
NetLlix is a project created with an aim to emulate and test exfiltration of data over different network protocols. The emulation is performed w/o the usage of native API's. This will help blue teams write correlation rules to detect any type of C2 communication or data exfiltration. Currently, this project can help generate HTTP/HTTPS traffic (both GET and POST) using...
Squarephish : OAuth Device Code Authentication Flow & QR codes
.png "Squarephish : OAuth Device Code Authentication Flow & QR codes")
SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. _____ ...
HTTPLoot : An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages
.png "HTTPLoot : An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages")
HTTPLoot is a automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source code yourself, you will need Go > 1.16 to...
Kali Linux 2022.4 : Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.4. This release has various impressive updates. A summary of the changelog since August’s 2022.3 release: Microsoft Azure - We are back on the Microsoft Azure store More Platforms - Generic Cloud, QEMU VM image & Vagrant libvirt Social Networks - New homes, keeping in touch & press packs Kali NetHunter Pro - Announcing the...
Shennina : Automating Host Exploitation With AI
.png "Shennina : Automating Host Exploitation With AI")
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. This was developed by Mazin Ahmed and...
laZzzy : Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques
.png "laZzzy : Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques")
laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions (not all functions but most) Import Address Table (IAT) evasion Encrypted payload (XOR and AES) Randomly generated key Automatic padding (if necessary) of payload with NOPS (x90) Byte-by-byte in-memory decryption of payload XOR-encrypted strings PPID spoofing Blocking of non-Microsoft-signed DLLs (Optional)...
