Cangibrina – A Fast & Powerfull Dashboard (admin) Finder
Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap (--nmap) TOR (--tor) Also ReadPwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine Cangibrina Installation Linux git clone https://github.com/fnk0c/cangibrina.git cd cangibrina pip install -r requirements.txt Usage usage: cangibrina.py -u U ...
GatherContacts – A Burp Suite Extension To Pull Employee Names From Google & Bing LinkedIn Search Results
GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results. As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy...
Hershell – Simple TCP Reverse Shell Which Can Work On Multiple Systems
Hershell is a simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Although meterpreter payloads are great, they are sometimes spotted by AV products. Since it's written in Go, you can cross compile...
Burp Extensions – Burp Suite Extensions For The New Burp Suite API v1.5+
Burp Extensions collection of extensions for the new Burp Suite API (v1.5+) using Submodules for easy collection and updating. If you want to add a new module to the collection just send a Pull request or create an Issue. If you want your collection removed create an Issue. The following command should pull down the latest versions. git pull --recurse-submodules &&...
VBScan – OWASP Is A Black Box vBulletin Vulnerability Scanner
OWASP VBScan (short for ulletin Vulnerability ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analysis them . If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! VBScan Usage ./vbscan.pl <target> ./vbscan.pl http://target.com/vbulletin Also ReadHUNT – Burp Suite Pro/Free and OWASP ZAP Extensions OWASP VBScan 0.1.7 introduction https://www.youtube.com/watch?v=SirozqDYERA Credit: Mohammad Reza...
PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine
PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS. The plugin has several settings that a user can define depending on their hardware setup. PhantomJS WebDrivers The number of Firefox headless browsers to open. Be mindful of Burp Suite's memory settings HTTP Response Parsers These are responsible for parsing requests generated by the...
Headless Burp – Automate security tests using Burp Suite
Headless Burp provides an extension to Burp that allows you to run Burp Suite's Spider and Scanner tools in headless mode via command-line. However, it can do more! It can produce a JUnit like report which in turn could instruct the CI server to mark the build as "failed" whenever any vulnerabilities are found. You can also mark some issues...
Firework – Tool To Interact With Microsoft Workplaces Creating Valid Files
Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it. This tool may be used as part of a penetration test or red team...
HUNT – Burp Suite Pro/Free and OWASP ZAP Extensions
HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions. Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP). Organize testing methodologies (Burp Suite Pro and Free). HUNT Parameter Scanner - Vulnerability Classes SQL Injection Local/Remote File Inclusion & Path Traversal Server Side Request Forgery & Open Redirect OS Command Injection Insecure...
MalwareCMDMonitor – Shows Command Lines Used By Latest Instances Analyzed On Hybrid-Analysis
By using MalwareCMDMonitor python script, you can observe the commands of the latest malware instances executed on hybrid-analysis.com sandbox. In a nutshell, it downloads the HA feed and then retrieves commands of unseen instances; the ones that did not appear in the previous feeds. Also ReadJava-Stager : A PoC To Download, Compile & Execute A Java File In Memory Running The...
