.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
QRLJacking : Hijack Services That Relies On QR Code Authentication
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the Login with QR code feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. Features Port Forwarding using Ngrok Disclaimer Usage of OhMyQR for...
FinalRecon : The Last Web Recon Tool You’ll Need
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured Python For OSINTHakin9 April 2020https://hakin9.org/product/python-for-osint-tooling/NullBytehttps://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/https://www.youtube.com/watch?v=F9lwzMPGIgoHakin9https://hakin9.org/final-recon-osint-tool-for-all-in-one-web-reconnaissance/ Features FinalRecon provides detailed information such as : Header InformationWhoisSSL Certificate InformationCrawlerhtmlCSSJavascriptsInternal LinksExternal LinksImagesrobotssitemapsLinks inside JavascriptsLinks from Wayback Machine from Last 1 YearDNS EnumerationA, AAAA, ANY, CNAME, MX, NS, SOA, TXT RecordsDMARC...
A Complete Security Protocols Guide That Use For Secure Online Transactions
Online security is gaining more importance than ever before. With cyber criminals adopting newer and more sophisticated ways of breaching your protection and stealing your data, you need to stay ahead of the curve. Remember, one episode of online hacking is all it takes to ruin your reputation, lose money, and turn customers away. It may even make you...
Jaeles : The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation Download precompiled version here. If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get github.com/jaeles-project/jaeles Please visit the Official Documention for more details. Note: Checkout Signatures Repo for install signature. Usage #Scan...
AutoRDPwn : The Shadow Attack Framework
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability (cataloged as a feature by Microsoft) allows a remote attacker to view their victim's desktop without their consent, and even control it on demand, using tools native to the operating system itself. Thanks to the additional modules, it is...
EvilApp : Phishing Attack Using An Android Application
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated Instagram sessions. Also Read - DiscordRAT : Discord Remote Administration Tool Fully Written In Python Requirement Android Studio Tested on Kali Linux 2020.1 x64 # git clone https://github.com/thelinuxchoice/EvilApp...
S3BucketList : Firefox Plugin That Lists Amazon S3 Buckets Found In Requests
S3BucketList is a Firefox plugin that records S3 Buckets found in requests. It is currently a work in progress and additional features will be added in the future. his plugin will also be ported to other browsers in the future. Stay tuned! Installation This plugin is already available in Firefox Browser Add-ons. Built With HTML - Markup LanguageJavascript - Programming Language Also Read -...
Locator : Geolocator, IP Tracker, Device Info by URL (Serveo & Ngrok)
Locator is a tool used for Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Usage git clone https://github.com/thelinuxchoice/locator cd locator bash locator.sh Also Read - Dalfox : Parameter Analysis & XSS Scanning Tool Disclaimer Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey...
Guardedbox : Online Client-Side Manager For Secure Storage & Secrets Sharing
GuardedBox is an open-source online client-side manager for secure storage and secrets sharing. It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups. Secrets are stored encrypted server-side. The encryption is performed client-side by JavaScript code. It is...
Faraday : Collaborative Penetration Test & Vulnerability Management Platform
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit. Made for true pentesters! It was made to let you take advantage of the available tools in the community in a truly multiuser way. It crunches the data you load into different visualizations that...
