Juumla : Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!
Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files. Installing / Getting started A quick guide of how to install and use Juumla. Clone the repository - git clone https://github.com/oppsec/juumla.gitInstall the libraries - pip3 install -r requirements.txtRun Juumla - python3 main.py -u https://example.com Docker If you want to run Juumla in a Docker container, follow...
Rconn : Rconn Is A Multiplatform Program For Creating Generic Reverse Connections
Rconn (r conn) is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or firewall without adding firewall rules or port-forwarding. This is achieved by creating a connection from the node behind the firewall/NAT to a port on your local machine, and then a port is exposed in your machine through which...
Ppmap : A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets
Ppmap is a simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets. Requirements Make sure to have Chromium/Chrome installed: sudo...
MANSPIDER : Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content – Regex Supported!
MANSPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null session. File Types Supported PDFDOCXXLSXPPTXany text-based formatand many more!! Installation Install these dependencies to add additional file parsing capability: #for images (png, jpeg)$ sudo apt install tesseract tesseract-data-eng#for legacy document support (.doc)$ sudo apt install antiword Install manspider (please be...
Terra guard : Create And Destroy Your Own VPN Service Using Wire Guard
Terra guard's goal is to be simple to create and destroy your own VPN service using Wire Guard. Prerequisites Terraform >= 1.0.0Ansible >= 2.10.5 How To Deploy Terraform Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start a process. Select your cloud provider AWS, DigitalOcean and open the directory You can change the region or key name in the variable.tf Initialize...
Pathprober : Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once
Pathprober is a Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because it could validate the directories using specific-word or 2 words at once...
In0ri : Defacement Detection With Deep Learning
In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize the image before passing it onto the classifier. The core of the classifier is a convolutional neural network that...
TeamsUserEnum : User Enumeration With Microsoft Teams API
TeamsUserEnum, sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the immunIT's blog. Microsoft Teams User Enumeration The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active users increased 4 fold between March...
PSTF2 : Passive Security Tools Fingerprinting Framework
PSTF2 is a Passive Security Tools Fingerprinting Framework. Have you ever wanted a simple, easy and stealth bypass for multiple classes of security products? pstf^2 (pronounced pstf-square) is an implementation of an HTTP server capable of passive browser fingerprinting - and it might just be the thing you are looking for. When attackers try to deliver a payload over the...
Beanshooter : JMX Enumeration And Attacking Tool
Beanshooter is a command line tool written in Java, which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often installed together with a JMX instance, which enables server administrators to monitor and manage the corresponding application. JMX uses so called MBeans for monitoring and configuration tasks. The JMX agent (sever, port) is basically just an...
