Finshir : A Coroutines-Driven Low & Slow Traffic Sender
Finshir is a high-performant, coroutines-driven, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You can easily torify/proxify it using various platform-dependent utilities. Advantages Coroutines-driven. Finshir uses coroutines (also called lightweight threads) instead of ordinary threads, which lets you open many more connections with fewer system resources. Generic. Unlike other Low & Slow utilities, Finshir lets you...
Metabigor : Command Line Search Engines Without Any API Key
Metabigor allows you do query from command line to awesome Search Engines (like Shodan, Censys, Fofa, etc) without any API key. But Why ? Don't use your API key so you don't have to worry about litmit of API quotation. Do query from command line without Premium account. Get more result without Premium account. But I...
AutoPwn : Automate Repetitive Tasks For Fuzzing
Completely re-writing this right now. Focus will be on interactive Linux apps that only take input from stdin for starters. Attempting to use Shellphish's Driller and Fuzzer functionality. AutoPwn in it's current state will do this in limited form. Simply run autoPwn ./binary then select the Start option. Installing Given all the dependency issues here, the easiest way to...
UserRecon-PY : Find Username In Social Networks
Userrecon-PY is a tool used to find usernames in social networks. Installation Install dependencies (Debian/Ubuntu): sudo apt install python3 python3-pip Install with pip3: sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git userrecon-py --help Also Read - H2Buster : A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2 Building from Source Clone this repository, and: git clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-py sudo -H pip3 install -r requirements.txt python3 setup.py build sudo python3...
Amass : In-Depth DNS Enumeration and Network Mapping
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, it uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks. Information Gathering Techniques Used: DNS: Basic enumeration, Brute forcing (upon...
PCI Compliance and Network Segmentation
The first step to determining the scope of your Payment Card Industry Data Security Standard (PCI DSS) compliance is segmenting your data networks. Network segmentation helps to improve data security and reduces the chances of breaches resulting from compromised systems. What You Should Know About PCI DSS Network Segmentation To properly segment your data networks for PCI DSS-compliance purposes, it is crucial to understand the purpose...
WPBullet : A Static Code Analysis For WordPress & PHP
WPBullet is a static code analysis for WordPress Plugins/Themes (and PHP). Simply clone the repository, install requirements and run the script ; git clone https://github.com/webarx-security/wpbullet wpbulletcd wpbulletpip install -r requirements.txtpython wpbullet.py Available options: --path (required) System path or download URL Examples: --path="/path/to/plugin" --path="https://wordpress.org/plugins/example-plugin" --path="https://downloads.wordpress.org/plugin/example-plugin.1.5.zip"--enabled (optional) Check only for given modules, ex. --enabled="SQLInjection,CrossSiteScripting" --disabled (optional) Don't check for given...
Kubolt : Utility For Scanning Public Kubernetes Clusters
Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet: // getRun handles requests to run a command inside a container. func (s *Server) getRun(request *restful.Request,...
PhoneSploit : Using Open ADB Ports We Can Exploit A Android Device
PhoneSploit is using open Adb ports we can exploit a Android Device. You can find open ports by clicking here. How To Access A Local Device https://www.youtube.com/watch?v=OlhCAX1qBQo HOW TO INSTALL WINDOWS git clone https://github.com/Zucccs/PhoneSploit extract adb.rar to the phonesploit directory cd PhoneSploit pip install colorama python2 main.py Also Read - HiddenWall : Linux Kernel Module Generator For Custom Rules With NetfilterPhoneSploit : Using...
Brutality : A Fuzzer For Any GET Entries
A Brutality is a fuzzer for any GET entries and following are the features ; Multi-threading on demandFuzzing, bruteforcing GET paramsFind admin panelsColored outputHide results by return code, word numbersProxy supportBig wordlist Also Read - IP Finder CLI : The Official Command Line Client For IPFinder Usages Install git clone https://github.com/ManhNho/brutality.git chmod 755 -R brutality/ cd brutality/ pip install -r requirements.txt Helps python brutality -h Examples Use default...