Explo : Human & Machine Readable Web Vulnerability Testing Format
Explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable format. Example for extracting a csrf token and using this in a...
Blisqy : Exploit Time-based Blind-SQL Injection In HTTP-Headers
Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. It consists open source tools such masscan, ncrack, dsss and gives you the flexibility of using them with a combination. The main goal of this project is auditing as many system as possible in country-wide or in a...
Brute Force : BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix
In this article we will see on how to BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix. First let us see on how to install the same; pip install proxylist pip install mechanize Also Read - JShielder : Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G Usage BruteForce Gmail Attack python3 Brute_Force.py -g Account@gmail.com -l File_list python3 Brute_Force.py -g Account@gmail.com -p Password_Single BruteForce...
DIE : Program For Determining Types Of Files For Windows, Linux & MacOS
Detect It Easy, or abbreviated DIE is a program for determining types of files. It is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS. Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not...
Machinae : Machinae Security Intelligence Collector
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas: Codebase - Bring Automater to python3 compatibility while making...
Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM
Fake Sandbox Processes small script will simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid. You can download the original script made by @x0rz here (thanks, by the way). You can also download my slightly optimised script from the root directory. The file is named fsp.ps1. This exact script is also used...
Blind SQL Bitshifting : A Blind SQL Injection Module That Uses Bitshfting To Calculate Characters
This is a module that performs blind SQL injection by using the bitshifting method to calculate characters instead of guessing them. It requires 7/8 requests per character, depending on the configuration. Usage import blind-sql-bitshifting as x#Edit this dictionary to configure attack vectorsx.options Also Read - Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida Example Configuration #Vulnerable linkx.options = "http://www.example.com/index.php?id=1"#Specify...
Caldera : An Automated Adversary Emulation System
CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK™ framework. It works by attaching abilities to an adversary and running the adversary in an operation. Full documentation for this system can be found in the wiki. Python 3.5.3+ is required to run this system. Installation Start by cloning this repository recursively. This will pull all available plugins. git clone https://github.com/mitre/caldera.git --recursive From the...
Shellsum : A Defense Tool – Detect Web Shells In Local Directories Via MD5Sum
Shellsum is a defense tool to detect web shells in local directories via md5sum. Following are some of the features of this tool; Fast speedLightweightBig databaseTabled output Usages Install git clone https://github.com/ManhNho/shellsum.gitchmod 755 -R shellsum/cd shellsum/pip install -r requirements.txt Also Read - Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida Run python shellsum.py ToDo Smooth outputExport file reportModularizationBigger database Download
BackBox Linux 6.0 – Ubuntu-Based Linux Distribution Penetration Test & Security Assessment
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known...
