W12Scan : A Simple Asset Discovery Engine for Cybersecurity
W12Scan is a network asset discovery engine that can automatically aggregates related assets for analysis and use. W12scan is also my graduation design. :) Here is a web source program,but the scanning end is at w12scan-client Also Read - GodOfWar : Malicious Java WAR Builder With Built-In Payloads Thinking Based on python3 + django + elasticsearch + redis and use the...
TeleKiller : A Tools Session Hijacking And Stealer Local Passcode Telegram Windows
TeleKiller is a Tools Session Hijacking And Stealer Local passcode Telegram Windows and following are the features of the same. Session Hijacking Stealer Local Passcode Keylogger Shell Bypass 2 Step Verification Bypass Av (Coming Soon) Also Read - GodOfWar : Malicious Java WAR Builder With Built-In Payloads Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.gitcd TeleKillerpip install -r requirements.txtpython TeleKiller.py Dependency...
PwnedOrNot : OSINT Tool to Find Passwords for Compromised Email Addresses
PwnedOrNot is a OSINT tool to find passwords for compromised email addresses. pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam Status And with all this...
0d1n : Web Security Tool to Make Fuzzing at HTTP/S
0d1n is a tool for automating customized attacks against web applications. Let us have a look on the features the Web Security Tool Supports. brute force login and passwords in auth formsdirectory disclosure ( use PATH list to brute, and find HTTP status code )test to find SQL Injection and XSS vulnerabilitiesOptions to load ANTI-CSRF token each requestOptions to use...
CredsLeaker : Display a Powershell Credentials Box
CredsLeaker script is used to display a powershell credentials box asked the user for credentials. However, That was highly noticeable. Now it's time to utilize Windows Security popup! As before, The box cannot be closed (only by killing the process) will keeps checking the credentials against the DC. When validated, it will close and leak it to a web server outside. Also...
XSStrike : Most Advanced XSS Scanner
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis...
GodOfWar : Malicious Java WAR Builder With Built-In Payloads
GodOfWar is a command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Also Read - MySQL Magic: Dump MySQL Client Password From Memory Installation $ gem install godofwar Usage $...
QRLJacking : A New Social Engineering Attack Vector
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. Also Read - MySQL Magic: Dump MySQL...
ARDT : Akamai Reflective DDoS Tool
Attack the origin host behind the Akamai Edge hosts and bypass the DDoS protection offered by Akamai services. How it works Based off the research done at NCC Akamai boast around 100,000 edge nodes around the world which offer load balancing, web application firewall, caching etc, to ensure that a minimal amount of requests actually hit your origin web-server beign protected. However,...
Chkdfront : Checks If Your Domain Fronting is Working
Chkdfront checks if your domain fronting is working by testing the targeted domain (fronted domain) against your domain front domain. Features Checking your domain fronted against the domain front. Searching an expected string in the response to indicate success. Showing troubleshooting suggestions when test fails based on the failure natural. Inspecting the HTTP request and response when test fails. (optionally if...
