Crypton – Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms
Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated Encryption Systems. Each attack is also supplemented with example challenges from "Capture The Flag" contests and...
Telewreck – A Burp Extension To Detect And Exploit CVE-2017-9248
Telewreck is a Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. Telewreck Attribute Detect vulnerable versions of Telerik Web UI during passive scans. Bruteforce the key and discover the "Document Manager" link just like the original exploit tool. Requirements Locate Telerik.Web.UI.DialogHandler.aspx This extension requires Python's requests module. Just run pip install requests to install it. ...
SQLMap – SQL Injection & Database Automatic Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying...
Ducky Exploit – Arduino Rubber Ducky Framework
Ducky Exploit is python framework which helps as to code Digispark as Rubber Ducky. This script has been tested on ; Kali Linux 18.2 Ubuntu 18.04 Windows It also works with both Python2 and Python3. Ducky Exploit Utilization git clone https://github.com/itsmehacker5/Ducky-Exploit.git cd Ducky-Exploit/ python ducky.py Also Read Apache Struts Version 3 : Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts Screenshots
BillCipher – Information Gathering tool for a Website or IP address
BillCipher version 2.2 is a information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. BillCipher Attribute DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Host Finder IP-Locator Find Shared...
Microctfs – Small CTF challenges running on Docker
Microctfs is a tool for small CTF challenges running on Docker. Microctfs Logviewer Build and Start logviewer challenge exposed on port 8000 cd logviewer docker build -t logviewer . docker run -d -p 8000:80 --name log_challenge logviewer Restart logviewer challenge docker rm -f log_challenge && docker run -d -p 8000:80 --name log_challenge logviewer Stop logviewer challenge docker rm -f log_challenge Also Read UBoat – A POC HTTP Botnet Project SQLI Build...
Apache Struts Version 3 : Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
Apache Struts Version 3 is a tool to exploit 3 RCE vulnerabilities on ApacheStruts. Script contains the fusion of 3 vulnerabilities of type RCE on ApacheStruts, also has the ability to create server shell. Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. Below is a full list of all changes: unclosed instantiation of PrintWriter Http...
Discover IPv6 Network Range & Hosts from an IPv6 Enabled Network Using passive_discovery6
Passive_discovery6 passively sniffs the network and dump all client's IPv6 addresses detected. Passive_discovery6 simply sniffs for the neighbor-advertisement packet in IPv6 networks. You have to understand the basics of IPv6 networks first. Assuming that you know about IPv4 and what an ARP is, neighbor-advertisement & neighbor-solicitation packets replace the ARP(IPv4) in IPv6. A neighbor-solicitation is the packet sent from a host to...
UBoat – A POC HTTP Botnet Project
UBoat HTTP is a POC HTTP Botnet designed to replicate a full weaponized commercial botnet. UBoat Uses Coded in C++ with no dependencies Encrypted C&C Communications Persistence to prevent your control being lost Connection Redundancy (Uses a fallback server address or domain ) DDoS methods (TCP & UDP Flood) Task Creation System ( Altering system HWID,Country,IP,OS.System ) Remote Commands Update...
Remote Desktop Caching : Tool To Recover Old RDP
Remote Desktop Caching tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or...
.webp "AI Exploits – Vulnerabilities And Threats In Machine Learning Infrastructure")