MySQL Magic: Dump MySQL Client Password From Memory
I made this just for fun, use for illegal purposes are not allowed. The mysql client read the password, then write this for some malloc'ed memory, and free it, but just because a chunk was freed doesn't mean it will be used again, to ensure that your programs not keep sensitive information in memory you must overwrite the memory. The...
MXtract : Memory Extractor & Analyzer 2019
MXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Why dump directly from memory? In most linux environments users...
Django DefectDojo : Open-Source Application Vulnerability Correlation & Security Orchestration Tool
DefectDojo is a security program and vulnerability management tool. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with the tool. Demo Try out it in our testing environment with the following credentials. admin / defectdojo@demo#appsecproduct_manager / defectdojo@demo#product Also Read...
ISF : Industrial Control System Exploitation Framework
ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python. Industrial Control System is based on open source project routersploit. ICS Protocol Clients NamePathDescriptionmodbus_tcp_clienticssploit/clients/modbus_tcp_client.pyModbus-TCP Clientwdb2_clienticssploit/clients/wdb2_client.pyWdbRPC Version 2 Client(Vxworks 6.x)s7_clienticssploit/clients/s7_client.pys7comm Client(S7 300/400 PLC) Also Read - Darksplitz : Exploit Framework Exploit Module NamePathDescriptions7_300_400_plc_controlexploits/plcs/siemens/s7_300_400_plc_control.pyS7-300/400 PLC start/stops7_1200_plc_controlexploits/plcs/siemens/s7_1200_plc_control.pyS7-1200 PLC start/stop/resetvxworks_rpc_dosexploits/plcs/vxworks/vxworks_rpc_dos.pyVxworks RPC remote dos(CVE-2015-7599)quantum_140_plc_controlexploits/plcs/schneider/quantum_140_plc_control.pySchneider Quantum 140 series PLC start/stopcrash_qnx_inetd_tcp_serviceexploits/plcs/qnx/crash_qnx_inetd_tcp_service.pyQNX Inetd TCP service dosqconn_remote_execexploits/plcs/qnx/qconn_remote_exec.pyQNX qconn remote code executionprofinet_set_ipexploits/plcs/siemens/profinet_set_ip.pyProfinet...
Pocsuite3 : Open-Sourced Remote Vulnerability Testing Framework
Pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers. Features PoC scripts can running with attack,verify, shell mode in different wayPlugin ecosystemDynamic loading PoC script from any where (local file, redis , database, Seebug ...)Load multi-target from any where...
XanXSS : A Simple XSS Finding Tool
XanXSS is a reflected XSS searching tool (DOM coming soon) that creates payloads based from templates. Unlike other XSS scanners that just run through a list of payloads. XanXSS tries to make the payload unidentifiable, for example: <xAnXSS</TitLE></STYLE><SVG/ONload='alERt(1);'/></XaNxSs</titLe></StYlE><SvG/ONlOAD='alerT(1);'/> <ifrAmE Src= .Find(CoNfirm);= "JAVaScRIpT:proMpT(1))"javAscrIpt:/*--></scRIPt> />cLIcK Me!</b</TextaRea></TiTLE><BUTtON ONcLIck='aleRT(1);'/>XaNxss</TEXTaRea> <iMG sRc=%0acONfIRM();=+'jAVASCRiPT:alerT("XSS");'</STYlE><Svg/onLoad='alErT((1));'/> With XanXSS every payload is different. XanXSS works by running through the payloads until a...
Pyrit : The Famous WPA Pre-Computed Cracker, Migrated from Google
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols. WPA/WPA2-PSK is a subset of IEEE 802.11 WPA/WPA2 that skips the complex...
Reverse Phone Lookup and 3 more Methods to Help You Find Secure Hosting
A secure web hosting is an essential cog in the wheel for any online business. It does not matter whether you're just creating a corporate website or an e-commerce store, secure web hosting is imperative. The problem is that most of the business owners have no prior experience in choosing a hosting for their website. That is why they do not know how...
PowerShellArsenal : A PowerShell Module Dedicated to Reverse Engineering
PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyze/scrape memory, parse file formats and memory structures, obtain internal system information, etc. PowerShellArsenal is comprised of the following tools: Disassembly Disassemble native and managed code. Get-CSDisassembly Disassembles a byte array using the Capstone Engine disassembly framework. ...
Darksplitz : Exploit Framework
Darksplitz is a exploit framework tool that is continued from Nefix, DirsPy and Xmasspy project. Installation Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux. $ git clone https://github.com/koboi137/darksplitz$ cd darksplitz/$ sudo ./install.sh Also Read - Evillimiter : Tool that Limits Bandwidth of Devices on the Same Network Without Access Features Extract mikrotik credential (user.dat)Password generatorReverse IP...