Kali
Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it’s flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment). It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an “audit” tool. What does it do? Broadly speaking – it …
Continue reading “Snaffler : A Tool For Pentesters To Help Find Delicious Candy”
wpscvn is a tool for pentesters, website owner to test if their websites had some vulnerable plugins or themes The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. Requires Python 3 Usage python3 script.py http://site\n
Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve). It is comparable to Meterpreter with Autoroute + Socks4a, but more stable and faster. Use Case You compromised a Windows / Linux / Mac server during your external audit. This …
Continue reading “Ligolo : Reverse Tunneling Made Easy For Pentesters”
Stowaway is Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes (multi-layer) PS: The files under demo folder are Stowaway’s beta version,it’s still functional, you can check the detail by README.md file under the demo folder. Features obvious node topology multi-hop socks5 traffic proxy multi-hop ssh …
Continue reading “Stowaway : Multi-hop Proxy Tool For Pentesters”
PTF( PenTesters Framework) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those “go to” tools that we use on …
Continue reading “PTF : A Way For Modular Support For Up-To-Date Tools”
Remot3d is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors. A tool made to generate backdoor to control and exploit a server where the server runs the PHP (Hypertext Preprocessor) program. Equipped with a backdoor that has been Obfuscated which means that …
Continue reading “Remot3d : A Simple Tool Created for Large Pentesters”
Remot 3d is a simple tool created for large pentesters as well as just for the pleasure of defacers to exploit a system or server that runs a PHP program language. It’s easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the …
Continue reading “Remot3d – A Simple Tool Created For Large Pentesters”
Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. To launch it on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see it’s help menu. Bashark Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to …
Continue reading “Bashark – Bash Pentesters & Security Researchers Post Exploitation Toolkit”
OWTF or Offensive Web Testing Framework, is a framework which tries to unite great tools and make pen testing more efficient. OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so …
