Knock – Tool Designed To Enumerate Subdomains
Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file. $...
MEC : massExploitConsole For Concurrent Exploiting
massExploitConsole a collection of hacking tools with a CLI & UI for concurrent exploiting. Following are the features of MEC; an easy-to-use cli ui execute any adpated exploits with process-level concurrency some built-in exploits (automated) hide your ip addr using proxychains4 and ss-proxy (built-in) zoomeye host scan (10 threads) a simple baidu crawler (multi-threaded) censys host scan Also Read : Most...
Evilginx2 : Standalone Man-In-The-Middle Attack Framework
Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a...
Novahot – A Webshell Framework For Penetration Testers
Novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements "virtual commands" that make it possible to...
DjangoHunter : Tool To Identify Incorrectly Configured Django Applications
Djangohunter is a tool designed to help identify incorrectly configured Django applications that are exposing sensitive information. DjangoHunter Usage Usage: python3 djangohunter.py --key {shodan} Dorks: 'DisallowedHost', 'KeyError', 'OperationalError', 'Page not found at /' Requirements ShodanPyfigletRequestsBeautifulSoup pip -r install requirements Also ReadScannerl : The Modular Distributed Fingerprinting Engine Video Tutorial Disclaimer Code samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to...
WPScan – Checks Vulnerabilities and Spots Security Issues
WPScan effectively scans your WordPress website and checks the vulnerabilities within the core version, plugins, themes, etc helping to spot the security issues. Firstly, install WPScan!Installation can be done through githubgit clone https://github.com/wpscanteam/wpscanN Go to the directory where you have downloaded wpscan and install the bundle files.bundle install && rake install Now, we are ready to use WPScan!wpscan --url http://target.tld --enumerate uUse the...
CRS – OWASP ModSecurity Core Rule Set
The OWASP ModSecurity Core Rule Set or CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. It aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. Also ReadXSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors...
Hayat – Google Cloud Platform & Auditing & Hardening Script
Hayat tool used for Google Cloud Platform Auditing & Hardening Script. What does that mean Hayat? Well, I had a hard time finding a unique name, honestly. "Hayat" is a Turkish word which means "Life" in English and also my niece's name. Are you ready to meet her? Hayat is a auditing & hardening script for Google Cloud Platform services such as: ...
Secret Keeper : Python Script To Encrypt & Decrypt Files With A Given Key
Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard (AES). CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. Also ReadXSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors & Fuzzing Lists Secret Keeper Features Secret Keeper has...
Lightbulb Framework : Tools For Auditing WAFS
LightBulb Framework is an open source python framework for auditing web application firewalls and filters. LightBulb Framework Synopsis The framework consists of two main algorithms: GOFA: An active learning algorithm that infers symbolic representations of automate in the standard membership/equivalence query model. Active learning algorithms permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program...
