GhostTunnel – Backdoor Transmission Method That Can Be Used In An Isolated Environment
GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and Beacon Frames to communicate and doesn't need to establish a wifi...
Getsploit v0.2.2 – Command Line Utility For Searching And Downloading Exploits
Getsploit allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path. Utility was tested on a python2.6, python2.7, python3.6 with SQLite FTS4 support. If you have found any bugs, don't hesitate to open issue. Also Read Spykeyboard – Keylogger...
Spykeyboard – Keylogger Which Sends Us The Data To Our Gmail
Spykeyboard is a script which allows us to generate an undetectable keylogger which sends the captured keys to our gmail mail. Once we generated our keylogger in our kali linux we would have to pass the .py file to a windows machine to convert it to an .exe. The tool is in development. Also Read Crypton – Attacks On Various Encryption...
Crypton – Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms
Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated Encryption Systems. Each attack is also supplemented with example challenges from "Capture The Flag" contests and...
Telewreck – A Burp Extension To Detect And Exploit CVE-2017-9248
Telewreck is a Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. Telewreck Attribute Detect vulnerable versions of Telerik Web UI during passive scans. Bruteforce the key and discover the "Document Manager" link just like the original exploit tool. Requirements Locate Telerik.Web.UI.DialogHandler.aspx This extension requires Python's requests module. Just run pip install requests to install it. ...
SQLMap – SQL Injection & Database Automatic Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying...
Ducky Exploit – Arduino Rubber Ducky Framework
Ducky Exploit is python framework which helps as to code Digispark as Rubber Ducky. This script has been tested on ; Kali Linux 18.2 Ubuntu 18.04 Windows It also works with both Python2 and Python3. Ducky Exploit Utilization git clone https://github.com/itsmehacker5/Ducky-Exploit.git cd Ducky-Exploit/ python ducky.py Also Read Apache Struts Version 3 : Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts Screenshots
BillCipher – Information Gathering tool for a Website or IP address
BillCipher version 2.2 is a information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. BillCipher Attribute DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Host Finder IP-Locator Find Shared...
Microctfs – Small CTF challenges running on Docker
Microctfs is a tool for small CTF challenges running on Docker. Microctfs Logviewer Build and Start logviewer challenge exposed on port 8000 cd logviewer docker build -t logviewer . docker run -d -p 8000:80 --name log_challenge logviewer Restart logviewer challenge docker rm -f log_challenge && docker run -d -p 8000:80 --name log_challenge logviewer Stop logviewer challenge docker rm -f log_challenge Also Read UBoat – A POC HTTP Botnet Project SQLI Build...
Apache Struts Version 3 : Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
Apache Struts Version 3 is a tool to exploit 3 RCE vulnerabilities on ApacheStruts. Script contains the fusion of 3 vulnerabilities of type RCE on ApacheStruts, also has the ability to create server shell. Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. Below is a full list of all changes: unclosed instantiation of PrintWriter Http...
