.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Slackor : A Golang Implant That Uses Slack As A Command & Control Server
Slackor is a golang implant that uses Slack as a command and control server. This tool is released as a proof of concept. Be sure to read and understand the Slack App Developer Policy before creating any Slack apps. Setup Note: The server is written in Python 3 For this to work you need: A Slack WorkspaceRegister an app with the following permissions:channels:readchannels:historychannels:writefiles:write:userfiles:readCreate a...
MASC : A Web Malware Scanner
MASC is a malware (web) scanner developed during CyperCamp Hackathon 2017. At the moment, there are some features available for any type of website (custom or CMS) and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules databases and ClamAV engine (if available)Perform some cleaning operations to improve website protectionMonitor...
DSSS – Damn Small SQLi Scanner
DSSS (Damn Small SQLi Scanner) is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie. Also Read - SQLMap : Automatic SQL Injection & Database Takeover Tool Requirements Python version 2.6.x or 2.7.x is required for running this program. Sample Runs $ python dsss.py -h Damn...
GoldenEye : GoldenEye Layer 7 (KeepAlive+NoCache) DoS Test Tool
GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY! GoldenEye is a HTTP DoS Test Tool. Attack Vector exploited: HTTP Keep Alive + NoCache Utilities util/getuas.py - Fetchs user-agent lists from http://www.useragentstring.com/pages/useragentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4res/lists/useragents - Text lists (one per line) of User-Agent strings (from http://www.useragentstring.com) Also Read - Icebox : Virtual Machine Introspection, Tracing & Debugging Changelog 2016-02-06 Added support for not verifying SSL Certificates2014-02-20...
Hash Identifier : Software To Identify The Different Types Of Hashes Used To Encrypt Data & Especially Passwords
Hash Identifier software to identify the different types of hashes used to encrypt data and especially passwords. Encryption Formats Supported ADLER-32CRC-32CRC-32BCRC-16CRC-16-CCITTDES(Unix)FCS-16GHash-32-3GHash-32-5GOST R 34.11-94Haval-160Haval-192 110080 ,Haval-224 114080 ,Haval-256Lineage II C4Domain Cached CredentialsXOR-32MD5(Half)MD5(Middle)MySQLMD5(phpBB3)MD5(Unix)MD5(Wordpress)MD5(APR)Haval-128MD2MD4MD5MD5(HMAC(Wordpress))NTLMRAdmin v2.xRipeMD-128SNEFRU-128Tiger-128MySQL5 - SHA-1(SHA-1($pass))MySQL 160bit - SHA-1(SHA-1($pass))RipeMD-160SHA-1SHA-1(MaNGOS)Tiger-160Tiger-192md5($pass.$salt) - JoomlaSHA-1(Django)SHA-224RipeMD-256SNEFRU-256md5($pass.$salt) - JoomlaSAM - (LM_hash:NT_hash)SHA-256(Django)RipeMD-320SHA-384SHA-256SHA-384(Django)SHA-512WhirlpoolAnd more… Also Read - 0xsp Mongoose : Linux Privilege Escalation Intelligent Enumeration Toolkit Encryption algorithms that can not be differentiated...
The Secret IG Growth Hacks You Haven’t Heard Before
The secret to Instagram success is having as many organic followers as possible. Instagram now boasts of more than one billion subscribers all over the world. If it was a country, it would be the third most populated one after China and India. About 500 million Instagram users log into their accounts at least once every day. This tells you that you have an...
MIG : Distributed & Real Time Digital Forensics At The Speed Of The Cloud
MIG is Mozilla's platform for investigative surgery of remote endpoints. You can spin up a local-only MIG setup using docker. The container is not suitable for production use but lets you experiment with MIG quickly, providing a single container environment that has most of the MIG components available. To pull from Docker Hub: $ docker pull mozilla/mig $ docker run -it...
Icebox : Virtual Machine Introspection, Tracing & Debugging
Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility. Files which might be helpful: INSTALL.md: how to install icebox.BUILD.md: how to build icebox. Project Organization fdp: Fast Debugging Protocol sourcesicebox: Icebox sources icebox: Icebox lib (core, os helpers, plugins...)icebox_cmd: Program that test several featuressamples: Bunch of examples...
SQLMap : Automatic SQL Injection & Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the...
0xsp Mongoose : Linux Privilege Escalation Intelligent Enumeration Toolkit
Using 0xsp Mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks,starting from collecting information stage unitl reporting information through 0xsp Web Application API . User will be able to scan different linux os system at same time with high perfromance , with out spending time looking inside the terminal or text...
