Phishing Frenzy – Ruby on Rails Phishing Framework
Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. Also ReadCangibrina – A Fast & Powerfull Dashboard (admin) Finder Installing Phishing Frenzy on Kali Linux Clone Repo Clone the Phishing Frenzy...
HashPump – Tool To Exploit Hash Length Extension Attack In Various Hashing Algorithms
HashPump is a tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512. Menu $ hashpump -h HashPump HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack. -h --help ...
Wildpwn – Tool Used For Unix Wildcard Attacks
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks. It’s considered a fairly old-skool attack vector, but it still works quite often. Wildpwn Usage It goes something like this: usage: wildpwn.py payload folder Tool to generate unix wildcard attacks positional arguments: payload Payload to use: (combined | tar | rsync) folder...
BurpSuite Extension Ruby : Template to speed up building a Burp Extension using Ruby
Due the lake of examples and implementations of BurpSuite Extension Ruby, we have decided to make it easy for all rubyists to have a confident and quick start to build useful extension for InfoSec community. This repository is a collection of templates of Burp Suite Extensions, focusing on Burp suite API functionalities and simplifying Java language consuming through JRuby. Here, we're...
SVScanner – Scanner Vulnerability And MaSsive Exploit
SVScanner is a tool for scanning and massive exploits. Our tools target several open source cms. Requirements PHP 7 (version and up) Install Modules PHP : php-cli & php-curl for linux Also ReadHershell – Simple TCP Reverse Shell Which Can Work On Multiple Systems SVScanner Installation Linux git clone https://github.com/radenvodka/SVScanner.git cd SVScanner php svscanner.php Windows Download Xampp (PHP7) Download SVScanner : https://github.com/radenvodka/SVScanner/releases and open with cmd php svscanner.php Disclamier Modifications, changes, or...
MobSF – Mobile Security Framework Is An Automated All-In-One Mobile Application
Mobile Security Framework or MobSF is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. It can do dynamic application testing at...
Burpsuite Extensions – A collection of Burp Suite extensions
A collection of BurpSuite extensions. Burpsuite Extensions gunziper A plugin for the burpsuite (https://portswigger.net/burp/) which enables you to "unpack" requests/responses (e.g. do an base64decode and afterwards a java deserialisation) Deserialisation is done with xstream (http://x-stream.github.io/index.html) and kxml2 (https://sourceforge.net/projects/kxml/files/kxml2/2.3.0/) the possibility to gather e.g. a CSRF token from responses and automatically insert it in any request (without the need to do an...
Cangibrina – A Fast & Powerfull Dashboard (admin) Finder
Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap (--nmap) TOR (--tor) Also ReadPwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine Cangibrina Installation Linux git clone https://github.com/fnk0c/cangibrina.git cd cangibrina pip install -r requirements.txt Usage usage: cangibrina.py -u U ...
GatherContacts – A Burp Suite Extension To Pull Employee Names From Google & Bing LinkedIn Search Results
GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results. As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy...
Hershell – Simple TCP Reverse Shell Which Can Work On Multiple Systems
Hershell is a simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Although meterpreter payloads are great, they are sometimes spotted by AV products. Since it's written in Go, you can cross compile...
