PwnedOrNot : OSINT Tool to Find Passwords for Compromised Email Addresses
PwnedOrNot is a OSINT tool to find passwords for compromised email addresses. pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam Status And with all this...
0d1n : Web Security Tool to Make Fuzzing at HTTP/S
0d1n is a tool for automating customized attacks against web applications. Let us have a look on the features the Web Security Tool Supports. brute force login and passwords in auth formsdirectory disclosure ( use PATH list to brute, and find HTTP status code )test to find SQL Injection and XSS vulnerabilitiesOptions to load ANTI-CSRF token each requestOptions to use...
CredsLeaker : Display a Powershell Credentials Box
CredsLeaker script is used to display a powershell credentials box asked the user for credentials. However, That was highly noticeable. Now it's time to utilize Windows Security popup! As before, The box cannot be closed (only by killing the process) will keeps checking the credentials against the DC. When validated, it will close and leak it to a web server outside. Also...
XSStrike : Most Advanced XSS Scanner
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis...
GodOfWar : Malicious Java WAR Builder With Built-In Payloads
GodOfWar is a command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Also Read - MySQL Magic: Dump MySQL Client Password From Memory Installation $ gem install godofwar Usage $...
QRLJacking : A New Social Engineering Attack Vector
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. Also Read - MySQL Magic: Dump MySQL...
ARDT : Akamai Reflective DDoS Tool
Attack the origin host behind the Akamai Edge hosts and bypass the DDoS protection offered by Akamai services. How it works Based off the research done at NCC Akamai boast around 100,000 edge nodes around the world which offer load balancing, web application firewall, caching etc, to ensure that a minimal amount of requests actually hit your origin web-server beign protected. However,...
Chkdfront : Checks If Your Domain Fronting is Working
Chkdfront checks if your domain fronting is working by testing the targeted domain (fronted domain) against your domain front domain. Features Checking your domain fronted against the domain front. Searching an expected string in the response to indicate success. Showing troubleshooting suggestions when test fails based on the failure natural. Inspecting the HTTP request and response when test fails. (optionally if...
NetData : Real-time Performance Monitoring Tool
Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers. Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components,...
ZeebSploit: Web Scanner Exploitation Information Gathering
ZeebSploit is a tool for hacking, searching for web information and scanning vulnerabilities of a web. Installation & Usage apt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype 'help' for show modulesand follow instruction Also Read - Pocsuite3 : Open-Sourced Remote Vulnerability Testing Framework Modules +----------+-------------------------------+ | Modules | Description ...