GodOfWar : Malicious Java WAR Builder With Built-In Payloads
GodOfWar is a command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Also Read - MySQL Magic: Dump MySQL Client Password From Memory Installation $ gem install godofwar Usage $...
QRLJacking : A New Social Engineering Attack Vector
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. Also Read - MySQL Magic: Dump MySQL...
ARDT : Akamai Reflective DDoS Tool
Attack the origin host behind the Akamai Edge hosts and bypass the DDoS protection offered by Akamai services. How it works Based off the research done at NCC Akamai boast around 100,000 edge nodes around the world which offer load balancing, web application firewall, caching etc, to ensure that a minimal amount of requests actually hit your origin web-server beign protected. However,...
Chkdfront : Checks If Your Domain Fronting is Working
Chkdfront checks if your domain fronting is working by testing the targeted domain (fronted domain) against your domain front domain. Features Checking your domain fronted against the domain front. Searching an expected string in the response to indicate success. Showing troubleshooting suggestions when test fails based on the failure natural. Inspecting the HTTP request and response when test fails. (optionally if...
NetData : Real-time Performance Monitoring Tool
Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers. Netdata provides unparalleled insights, in real-time, of everything happening on the systems it runs (including web servers, databases, applications), using highly interactive web dashboards. It can run autonomously, without any third party components,...
ZeebSploit: Web Scanner Exploitation Information Gathering
ZeebSploit is a tool for hacking, searching for web information and scanning vulnerabilities of a web. Installation & Usage apt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype 'help' for show modulesand follow instruction Also Read - Pocsuite3 : Open-Sourced Remote Vulnerability Testing Framework Modules +----------+-------------------------------+ | Modules | Description ...
MySQL Magic: Dump MySQL Client Password From Memory
I made this just for fun, use for illegal purposes are not allowed. The mysql client read the password, then write this for some malloc'ed memory, and free it, but just because a chunk was freed doesn't mean it will be used again, to ensure that your programs not keep sensitive information in memory you must overwrite the memory. The...
MXtract : Memory Extractor & Analyzer 2019
MXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Why dump directly from memory? In most linux environments users...
Django DefectDojo : Open-Source Application Vulnerability Correlation & Security Orchestration Tool
DefectDojo is a security program and vulnerability management tool. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with the tool. Demo Try out it in our testing environment with the following credentials. admin / defectdojo@demo#appsecproduct_manager / defectdojo@demo#product Also Read...
ISF : Industrial Control System Exploitation Framework
ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python. Industrial Control System is based on open source project routersploit. ICS Protocol Clients NamePathDescriptionmodbus_tcp_clienticssploit/clients/modbus_tcp_client.pyModbus-TCP Clientwdb2_clienticssploit/clients/wdb2_client.pyWdbRPC Version 2 Client(Vxworks 6.x)s7_clienticssploit/clients/s7_client.pys7comm Client(S7 300/400 PLC) Also Read - Darksplitz : Exploit Framework Exploit Module NamePathDescriptions7_300_400_plc_controlexploits/plcs/siemens/s7_300_400_plc_control.pyS7-300/400 PLC start/stops7_1200_plc_controlexploits/plcs/siemens/s7_1200_plc_control.pyS7-1200 PLC start/stop/resetvxworks_rpc_dosexploits/plcs/vxworks/vxworks_rpc_dos.pyVxworks RPC remote dos(CVE-2015-7599)quantum_140_plc_controlexploits/plcs/schneider/quantum_140_plc_control.pySchneider Quantum 140 series PLC start/stopcrash_qnx_inetd_tcp_serviceexploits/plcs/qnx/crash_qnx_inetd_tcp_service.pyQNX Inetd TCP service dosqconn_remote_execexploits/plcs/qnx/qconn_remote_exec.pyQNX qconn remote code executionprofinet_set_ipexploits/plcs/siemens/profinet_set_ip.pyProfinet...
