Evilreg : Reverse Shell Using Windows Registry Files (.reg)
Evilreg is a reverse shell using Windows Registry files (.reg) Features Reverse TCP Port Forwarding using Ngrok.io Requirements Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signupYour authtoken is available on your dashboard: https://dashboard.ngrok.comInstall your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN>Target must reboot/re-login after installing the .reg file Also Read - CatchYou : FUD Win32 Msfvenom Payload Generator Usage git clone https://github.com/thelinuxchoice/evilreg cd evilreg bash evilreg.sh Disclaimer Usage of...
URLBrute : Tool To Brute Website Sub-Domains & Dirs
URLBrute is a tool to help you brute forcing website sub-domains and dirs.Can be used with python3 and python2. Dependencies urlbrute.pyrequests >= 2.21.0bs4 >= 0.0.1datetime >= 4.3 Also Read - PayloadsAllTheThings : A List Of Useful Payloads & Bypass How to install? In Linux: chmod +x install.sh sudo ./install.sh In Windows, install python 3.7, then run cmd as administrator: install.bat Credits Credits to danTaler who created the wordlists. Download
Getdroid : FUD Android Payload & Listener
Getdroid is a FUD Android payload and listener. Requirements (Android-SDK, APKSinger) apt-get install android-sdk apksigner -y Usage git clone https://github.com/thelinuxchoice/getdroid cd getdroid bash getdroid.sh Also Read - Kali Linux 2020.2 Release – Penetration Testing and Ethical Hacking Linux Distribution Disclaimer Usage of GetDroid for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state...
DiscordRAT : Discord Remote Administration Tool Fully Written In Python
DiscordRAT is a Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Setup Guide You will first need to register a bot with the Discord developper portal and then add the bot to the server that you want. Once the bot is created copy the token of your bot...
Lockphish : A Tool For Phishing Attacks On The Lock Screen
Lockphish it's the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features Lockscreen phishing page for Windows, Android and iPhoneAuto detect devicePort Forwarding by NgrokIP Tracker Disclaimer Usage of Lockphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all...
Dalfox : Parameter Analysis & XSS Scanning Tool
DalFox is just XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and verify them based on DOM Parser. I talk about naming. Dal(달) is...
Saycheese : Grab Target’s Webcam Shots By Link
Saycheese is a tool generates a malicious HTTPS page using Ngrok Port Forwarding method, and a javascript code to perform cam requests using MediaDevices.getUserMedia. The MediaDevices.getUserMedia() method prompts the user for permission to use a media input which produces a MediaStream with tracks containing the requested types of media. That stream can include, for example, a video track (produced by...
Kaiten : A Undetectable Payload Generation
A Undetectable Payload Generation. This tool is for educational purpose only, usage of Kaiten for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage cause by this program. What is it and why was it made? We intentionally made it for our penetration testing jobs and for learning purposes....
Clipboardme : Grab & Inject Clipboard Content By Link
Clipboardme is a tool used to grab and inject clipboard content by link. Browsers are implementing a new JavaScript API for asynchronous clipboard access to integrate copy and paste into web applications. It is a replacement for the synchronous execCommand-based copy & paste. Async Clipboard requests doesn't block the page while waiting the process, it's a improvement over sync...
Threadtear : Multifunctional Java Seobfuscation Tool Suite
Threadtear is a multifunctional deobfuscation tool for java. Android application support is coming soon (Currently working on a dalvik to java converter). Suitable for easier code analysis without worrying too much about obfuscation. Even the most expensive obfuscators like ZKM or Stringer are included. For easier debugging there are also other tools included. Insert debug line numbers to better...
