DCOMrade : Powershell script for enumerating vulnerable DCOM Applications
DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently supports the following Windows operating systems (both x86 and x64): Microsoft Windows 7Microsoft...
Top 10 Best Web Hacking Tools
Here is the best web hacking tools that helps you in pen-testing and protecting the websites. Burp Suite: Burp Suite is a graphical tool used for testing Web application security. It helps you identify vulnerabilities and verify attack vectors that are affecting web applications. While browsing the target application, a penetration tester can configure its internet browser to route traffic through the...
Egress Assess : Tool Used to Test Egress Data Detection Capabilities
Egress Assess is a tool used to test egress data detection capabilities. To setup, run the included setup script, or perform the following: Install pyftpdlibGenerate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the following command: openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes Also Read ...
Fibratus : Tool for Exploration & Tracing of the Windows Kernel
Fibratus is a tool which is able to capture the most of the Windows kernel activity - process/thread creation and termination, context switches, file system I/O, registry, network activity, DLL loading/unloading and much more. The kernel events can be easily streamed to a number of output sinks like AMQP message brokers, Elasticsearch clusters or standard output stream. You can use filaments (lightweight Python modules) to extend...
Kaboom : Script That Automates The Penetration Test
Kaboom is a script that automates the penetration test. It performs several tasks for each phases of pentest: Information gathering TCP scanUDP scanVulnerability assessment It tests several services:smbsshsnmpsmtpftptftpms-sqlmysqlrdphttphttpsand more...It finds the CVEs and then searchs them on exploit-db or Metasploit db.Exploitation brute force ssh Also Read : Pftriage : Python Tool & Library To Help Analyse Files During Malware Triage...
Crashcast-Exploit : Tool To Mass Play YouTube Video, Terminate Apps & Rename Chromecast Device
CRASHCAST mass-exploit tool allows you to mass play any YouTube video, remotely terminate apps, and rename Chromecast device(s) obtained from Shodan.io. Prerequisites The only thing you need installed is Python 3.x sudo apt-get install python3 You also require to have cURL installed sudo apt-get install curl You also require Shodan python module pip install shodan Also Read : SSRFmap : Automatic SSRF Fuzzer And Exploitation...
Top 5 DDoS Attacking Tools For Linux,Windows & Android
DDOS or Distributed Denial of Service Attack is the most strong version of DOS attack. In this, many computers are used to target same server in a distributed manner. Where DOS (Denial of Service Attack) is one of most dangerous cyber attacks. It is a an attempt to reduces, restricts or prevents or blocks accessibility of resources to...
Pftriage : Python Tool & Library To Help Analyse Files During Malware Triage & Analysis
Pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyse function which can detect common malicious indicators used by malware. Also Read : ADAPT : Tool That Performs Automated Penetration Testing for WebApps Dependencies pefilefilemagic Note: On...
SSRFmap : Automatic SSRF Fuzzer And Exploitation Tool
SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Note : Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on their behalf. Also...
LeakLooker : Find open databases with Shodan
LeakLooker can be used to find open MongoDB, CouchDB and Elasticsearch database, it also includes Kibana instances. Script parses results from Shodan, excluding empty and compromised databases. Everything is sorted and presented in clickable way. Requirements Python 3Shodan paid plan, except Kibana search Put your Shodan API key in line 65 pip3 install shodanpip3 install coloramapip3 install hurry.filesize Also Read : CIRTKit : Tools...
