BXSS : A Blind XSS Injector Tool
BXSS is a blind XSS injector tool. Features Inject Blind XSS payloads into custom headersInject Blind XSS payloads into parametersUses Different Request Methods (PUT,POST,GET,OPTIONS) all at onceTool ChainingReally fastEasy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments -- Coded by @z0idsec ---appendModeAppend the payload to the parameter-concurrency intSet the concurrency (default 30)-header stringSet the custom header (default "User-Agent")-parametersTest the parameters for blind xss-payload...
CRLFMap – A Tool To Find HTTP Splitting Vulnerabilities
CRLFMap is a tool to find HTTP Splitting vulnerabilities. Why? I wanted to write a tool in Golang for concurrencyI wanted to be able to fuzz both parameters and paths Installation go get github.com/ryandamour/crlfmap Help Available Commands:help Help about any commandscan A scanner for all your CRLF needsFlags:-h, --help help for crlfmap Scan Usage crlfmap scan --domains domains.txt --output results.txt---------------------------------------------------------------------------------------------v0.0.1---------------------------------------------------------------------------------------------:: Domains : domains.txt:: Payloads : payloads.txt::...
Zin : A Payload Injector For Bugbounties Written In Go
Zin is a payload Injector For Bugbounties Written In Go. Features Inject multiple payloads into all parametersInject single payloads into all parametersSaves responses into output folderDisplays Status Code & Response LengthCan grep for patterns in the responseReally fastEasy to setup Install $ go get -u github.com/ethicalhackingplayground/Zin New Features Pattern Matching in responsesMatch Status Codes Arguments May the bounties come-c intthe concurrency (default 20)-g stringgrep the response for...
DorkX : Pipe Different Tools With Google Dork Scanner
DorkX pipe different tools with google dork Scanner. Install zoid@MSI ~/dorkX> git clone https://github.com/ethicalhackingplayground/dorkXzoid@MSI ~/dorkX> cd dorkXzoid@MSI ~/dorkX> go build dorkx.gozoid@MSI ~/dorkX> go build corsx.gozoid@MSI ~/dorkX> go build csrfx.gozoid@MSI ~/dorkX> go build zin.go Usage Blind XSS zoid@MSI ~/dorkX> ./dorkX -dorks dorks.txt -concurrency 100 | dalfox pipe -b '">' XSS zoid@MSI ~/dorkX> ./dorkx -dorks dorks.txt | dalfox pipezoid@MSI ~/dorkX> ./dorkx -dork "inurl:index.php?id" | dalfox pipe Cors zoid@MSI ~/dorkX> ./dorkx...
AES Finder : Utility To Find AES Keys In Running Processes
AES Finder is a utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. Usage Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang: g++ -O3 -march=native -fomit-frame-pointer aes-finder.cpp -o aes-finder To search for keys in process with id = 123, execute following: aes-finder.exe -123 To search for keys in any process...
Croc : Easily And Securely Send Things From One Computer To Another
Croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool that does all of the following: allows any two computers to transfer data (using a relay)provides end-to-end encryption (using PAKE)enables easy cross-platform transfers (Windows, Linux, Mac)allows multiple file transfersallows resuming transfers that are interruptedlocal server...
How to Track Someone’s Cell Phone Location with No Experience
Do you want to track someone’s location through their cell phone? You might have your reasons to do it. For parents, they’d like to know about their children’s location to ensure their safety. For couples who doubt each other, they might want to track the location of their spouses to get peace of mind. Regardless of your reasons, there are...
How to Access Your Facebook and Messenger Accounts
Have you ever thought to hack the Facebook account and messenger someone you know or may not know? In this world of digitalization, a social media platform like Facebook has become a modern journal for almost everyone. With every little to significant detail update, Facebook can make a private life public. But some people keep the profile locked or posts hidden. If...
MZAP : Multiple Target ZAP Scanning
MZAP is a multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP. Concept Installation go-get $ go get -u github.com/hahwul/mzap snapcraft $ sudo snap install mzap --devmode homebrew $ brew tap hahwul/mzap $ brew install mzap Usage Usage:mzap Available Commands:ajaxspider Add AjaxSpider ZAPascan Add ActiveScan ZAPhelp Help about any commandspider Add ZAP spiderstop Stop Scanningversion Show versionFlags:--apikey string ZAP API Key...
Deploying & Securing Kubernetes Clusters
Kubernetes is an open-source platform that allows you to manage workloads that are in a container. This enables you to have a clear understanding of the Kubernetes cluster state and how it can make changes to configuration to manage elements such as automated rollbacks and rollouts, load balancing, self-healing, and more. This post covers how to deploy Kubernetes and ensure...
