ParamPamPam : Tool For Brute Discover Parameters
ParamPamPam is a tool for brute discover GET and POST parameters Installation With Docker ,Install Docker git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam docker build -t parampp . echo -e '#!'"/bin/bashndocker run -ti --rm parampp $@" > /usr/local/bin/parampp parampp -u "https://vk.com/login" Also Read : PYWhatCMS – Unofficial WhatCMS API Package If you are lazy, Install Python3 git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam pip3 install --no-cache-dir -r requirements.txt...
EvilClippy : For Creating Malicious MS Office Documents
EvilClippy is a cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.EvilClippy tool was released during our BlackHat Asia talk (March 28, 2019). A video recording will be online in 90 days. Evil Clippy A cross-platform assistant for creating malicious MS Office documents....
Okadminfinder 3 : To Find Admin Panel Of Site
OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x, for admins/pentesters who want to find admin panel of a website. There are many other tools but not as effective and secure. Yeah, it has the the ability to use tor and hide your identity Requirements Linux sudo apt install tor sudo apt install python3-socks (optional) pip3 install --user -r requirements.txt Windows Download...
NAXSI : WAF For NGINX
NAXSI is an Open-Source, High Performance, Low Rules Maintenance WAF For NGINX. NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For...
DrAFL : Fuzzing Binaries With No Source Code On Linux
Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try drAFL tool. Usage You need to specify DRRUN_PATH to point to drrun launcher and LIBCOV_PATH to point to libbinafl.so coverage library. You also need to switch off AFL's fork server (AFL_NO_FORKSRV=1) and probably AFL_SKIP_BIN_CHECK=1. See step 5...
KDE Applications 19.04 Release
Recently, a new version of KDE Applications was released. It includes 150+ fixes, numerous new updates and fresh options, and several dozens of snaps. Here are the most important improvements. Dolphin – file manager: Shows thumbnails for MS Office docs, e-books, Blender projects, and PCX files.Opens new tabs with focus right after the active one.Allows choosing which panel to close in...
Kubebot : A Security Testing Slackbot On The Google Cloud Platform
Kubebot is a security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform. Data Flow 1 - API request (tool, target, options) initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes (K8s) cluster and can be scaled.2 - API server drops the request received as a message to...
PYWhatCMS – Unofficial WhatCMS API Package
PyWhatCMS is a python package for whatcms.com API. This package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems (CMS). Also Read : Reverie – Automated Pentest Tools Designed For Parrot Linux Installation pip install pywhatcms Usage First of all, import pywhatcms: from pywhatcms import whatcms Query a domain: whatcms('API-KEY', 'blog.underc0de.org') Obtain info: whatcms.name whatcms.code whatcms.confidence whatcms.cms_url whatcms.version whatcms.msg whatcms.id whatcms.request...
Easysploit : Metasploit Automation Easier & Faster Than Ever
The laterst version of EasySploit v3.1, which makes Metasploit automation easier and faster than ever. Following are the new options included in the new version. Windows --> test.exe (payload and listener)Android --> test.apk (payload and listener)Linux --> test.py (payload and listener)MacOS --> test.jar (payload and listener)Web --> test.php (payload and listener)Scan if a target is vulnerable to ms17_010Exploit...
Findomain – Tool That Use Certificate Transparency Logs to Find Subdomains
Finddomain is a tool that use Certificates Transparency logs to find subdomains. How it works? It tool doesn't use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool very faster and reliable. If you want to know more about Certificate Transparency logs, read this Also Read...
