Aakash Thakur Hacker Computer School +91-7988285508 >
 


firmwalker: searching the extracted firmware file system
firmwalker: searching the extracted firmware file system
Sunday, July 29, 2018
firmwalker
A simple bash script for searching the extracted or mounted firmware file system.

It will search through the extracted or mounted firmware file system for things of interest such as:

etc/shadow and etc/passwd
list out the etc/ssl directory
search for SSL related files such as .pem, .crt, etc.
search for configuration files
look for script files
search for other .bin files
look for keywords such as admin, password, remote, etc.
search for common web servers used on IoT devices
search for common binaries such as ssh, tftp, dropbear, etc.
search for URLs, email addresses, and IP addresses
Experimental support for making calls to the Shodan API using the Shodan CLI
Download

git clone https://github.com/craigz28/firmwalker.git

Usage
If you wish to use the static code analysis portion of the script, please install eslint: npm i -g eslint
./firmwalker {path to root file system} {path for firmwalker.txt}

Example:
./firmwalker linksys/fmk/rootfs ../firmwalker.txt

A file firmwalker.txt will be created in the same directory as the script file unless you specify a different filename as the second argument
Do not put the firmwalker.sh file inside the directory to be searched, this will cause the script to search itself and the file it is creating
chmod 0700 firmwalker.sh



Python Taint v0.36 released: Static Analysis Tool for Detecting Security Vulnerabilities
Python Taint v0.36 released: Static Analysis Tool for Detecting Security Vulnerabilities
Sunday, July 29, 2018
Python Taint
Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, data flow analysis)

This report presents the static analysis too PyT which has been created to detect security vulnerabilities in Python web applications, in particular applications, built in the framework Flask.
The tool utilizes the monotone framework for the analysis. An AST is built by the builtin AST library, and a CFG is built from the AST. The resulting CFG is then processed so Flask specific features are taken into account. A modified version of the reaching definitions algorithm is now run by the fixed-point algorithm to aid the finding of vulnerabilities. Vulnerabilities are detected based on a definition file containing ’trigger words’. A trigger word is a word that indicates where the flow of the program can be dangerous. The detected vulnerabilities are in the end reported to the developer.
PyT has been created with flexibility in mind. The analysis can be either changed or extended so the performance of PyT can be improved upon. Also, the Flask specific processing can be changed so other frameworks can be analyzed without major changes to PyT. In order to test the abilities of PyT, a number of vulnerable applications were manufactured and PyT was evaluated with these. All the manufactured examples were correctly identified as being vulnerable by PyT.
To test PyT in a more realistic setting it was also run on 7 open source projects. Here no vulnerabilities were found. One of the projects was so big that PyT spent very long on the analysis and was therefore terminated.

Features
Detect Command injection
Detect SQL injection
Detect XSS
Detect directory traversal
Get a control flow graph
Get a def-use and/or a use-def chain
Search GitHub and analyze hits with PyT
Scan intraprocedural or interprocedural
A lot of customization possible

Install

git clone https://github.com/python-security/pyt.git
python setup.py install
pyt -h

Usage from Source

Using it like a user python -m pyt -f example/vulnerable_code/XSS_call.py save -du

Running the tests python -m tests

Running an individual test file python -m unittest tests.import_test

Running an individual test python -m unittest tests.import_test.ImportTest.test_import


Bluto v2.4.13 releases, open source information gathering tool
Bluto v2.4.13 releases, open source information gathering tool
Sunday, July 29, 2018
BLUTO

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Enumeration | Metadata Harvesting

It has gone through a large code base change and various feature additions have been added since its first day on the job. Now that RandomStorm has been consumed and no longer exists, I felt it time to move the repo to a new location. So from this git push onwards, Bluto will live here. I hope you enjoy the new Bluto.

The target domain is queried for MX and NS records. Sub-domains are passively gathered via Netcraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they are not Bluto will brute force subdomains using parallel sub-processing on the top 20000 of the ‘The Alexa Top 1 Million subdomains’ If Wild Cards are in place, Bluto will still Brute Force SubDomains but using a different technique which takes roughly 4 x longer. Netcraft results are then presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.

It now does email address enumeration based on the target domain, currently using Bing and Google search engines plus gathering data from the Email Hunter service and LinkedIn. https://haveibeenpwned.com/ is then used to identify if any email addresses have been compromised. Previously Bluto produced an ‘Evidence Report’ on the screen, this has now been moved off screen and into an HTML report.

Search engine queries are configured in such a way to use a random User Agent: on each request and do a country look up to select the fastest Google server in relation to your egress address. Each request closes the connection in an attempt to further avoid captchas, however, excessive lookups will result in captchas (Bluto will warn you if any are identified).

Install

sudo pip install bluto

Usage

Bluto now takes command line arguments at launch, the new options are as follows;

-eThis uses a very large subdomain list for bruting.
-apiYou can supply your email hunter api key here to gather a considerably larger amount of email addresses.
-dUsed to specify the target domain on the commandline.
-tUsed to set a timeout value in seconds. Default is 10


Source: https://github.com/darryllane/


Raccoon v0.0.73 releases: reconnaissance and vulnerability scanning
Raccoon v0.0.73 releases: reconnaissance and vulnerability scanning
Sunday, July 29, 2018
Raccoon
Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.
It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.

As most of Raccoon’s scans are independent and do not rely on each other’s results, it utilizes Python’s asyncio to run most scans asynchronously.

Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments.

Features
DNS details
DNS visual mapping using DNS dumpster
WHOIS information
TLS Data – supported cyphers, TLS versions, certificate details and SANs
Port Scan
Services and scripts scan
URL fuzzing and dir/file detection
Subdomain enumeration – uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce
Web application data retrieval:
CMS detection
Web server info and X-Powered-By
robots.txt and sitemap extraction
Cookie inspection
Extracts all fuzzable URLs
Discovers HTML forms
Retrieves all Email addresses
Detects known WAFs
Supports anonymous routing through Tor/Proxies
Uses asyncio for improved performance
Saves output to files – separates targets by folders and modules by files

Installation

pip install raccoon-scanner

Usage

Usage: raccoon [OPTIONS]

Options:
  -t, --target TEXT              Target to scan  [required]
  -d, --dns-records TEXT         Comma separated DNS records to query.
                                 Defaults to: A, MX, NS, CNAME, SOA
  --tor-routing                  Route HTTP traffic through Tor. Slows total
                                 runtime significantly
  --proxy-list TEXT              Path to proxy list file that would be used
                                 for routing HTTP traffic. A proxy from the
                                 list will be chosen at random for each
                                 request. Slows total runtime
  --proxy TEXT                   Proxy address to route HTTP traffic through.
                                 Slows total runtime
  -w, --wordlist TEXT            Path to wordlist that would be used for URL
                                 fuzzing
  -T, --threads INTEGER          Number of threads to use for URL
                                 Fuzzing/Subdomain enumeration. Default: 25
  --ignored-response-codes TEXT  Comma separated list of HTTP status code to
                                 ignore for fuzzing. Defaults to:
                                 301,400,401,403,402,404,504
  --subdomain-list TEXT          Path to subdomain list file that would be
                                 used for enumeration
  -f, --full-scan                Run Nmap scan with both -sV and -sC
  -S, --scripts                  Run Nmap scan with -sC flag
  -s, --services                 Run Nmap scan with -sV flag
  -p, --port TEXT                Use this port range for Nmap scan instead of
                                 the default
  --tls-port INTEGER             Use this port for TLS queries. Default: 443
  --no-health-check              Do not test for target host availability
  -fr, --follow-redirects        Follow redirects when fuzzing. Default: True
  --no-url-fuzzing               Do not fuzz URLs
  --no-sub-enum                  Do not bruteforce subdomains
  -q, --quiet                    Do not output to stdout
  -o, --outdir TEXT              Directory destination for scan output
  --help                         Show this message and exit.


Source: https://github.com/evyatarmeged/


TIDoS-Framework v1.5.1 releases: A comprehensive web-app audit framework
TIDoS-Framework v1.5.1 releases: A comprehensive web-app audit framework
Sunday, July 29, 2018
TIDoS Framework

TIDoS Framework is a comprehensive web application audit framework with some serious perks.

Highlights:-
The main highlights of this framework are:

Basic first release (but huge).
Has 4 main phases, subdivided into 13 sub-phases containing the total of 73 modules.
Reconnaissance Phase has 26 modules of its own (including active reconnaissance, passive reconnaissance and information disclosure modules).
Scanning & Enumeration Phase has got 12 modules (including port scans, WAF analysis, etc)
Vulnerability Analysis Phase has 32 modules (including most common vulnerabilities in action.
Exploits Castle has only 1 exploit. (that’s in alpha phase)
All four phases each have an auto-awesome module which automates every module for you.
You just need the domain, and leave everything is to this tool.
TIDoS has full verbose out support, so you’ll know whats going on.
User-friendly interaction environment. (no real shits)
Flawless Features:-
TIDoS Framework presently supports the following:

Reconnaissance + OSINT
Passive Reconnaissance:
Ping/Nping Enumeration
Whois Lookup
GeoIP Lookup
DNS Config. Lookup
Subdomains Lookup
Reverse DNS Lookup
Reverse IP Lookup
Web Links Gatherer
Google Search (manual search)
Google Dorking (multiple modules)automated
Active Reconnaissance
HPing3 enumeration (under dev)
CMS Detection (185+ CMSs supported)
Advanced Traceroute IMPROVED
Grab HTTP Headers
Detect Server IMPROVED
Examine SSL Certificate
robots.txt and sitemap.xml Checker
Subnets Enumeration
Find Shared DNS Hosts
Operating System Fingerprint
Information Disclosure
Credit Cards Disclosure in Plaintext
Email Harvester
Fatal Errors Enumeration Includes Full Path Disclosure checks
Internal IP Disclosure
Phone Number Harvester
Social Security Number Harvester
Scanning & Enumeration
Remote Server WAF Analysis
Port Scanning Ingenious Modules
Simple Port Scanner via Socket Connections
TCP SYN Scan
TCP Connect Scan
XMAS Flag Scan
Fin Flag Scan
Service Detector
Interactive Scanning with NMap 16 modules
Crawlers
Depth 1
Depth 2 IMPROVED
Vulnerability AnalysisWeb-Bugs & Server Misconfigurations
Insecure CORS iCORS
Same-Site Scripting
Zone Transfer DNS Server based
Clickjacking Framable Response
Security on Cookies HTTPOnly/Secure Flags
Cloudflare Misconfiguration Check + Getting Real IP
HTTP High Transport Security Usage
Spoofable Email (Missing SPF and DMARC Records)
Security Headers Analysis
Cross-Site Tracing (Port Based)
Network Security misconfig. (Telnet Enabled)
Serious Web Vulnerabilities

File Intrusions
Local File Intrusion (LFI)
Remote File Inclusion (RFI)
OS Command Execution Linux & Windows (RCE)
Path Traversal (Sensitive Paths)
Cross-Site Request Forgery
SQL Injection
Cookie Value-Based
Referer Value-Based
User-Agent Value-Based
Host Header Injection
Bash Command Injection Shellshock
Cross-Site Scripting beta
Cookie Value-Based
Referer Value-Based
User-Agent Value-Based
CRLF Injection and HTTP Response Splitting
Auxiliaries
Protocol Credential Bruteforce 3 more under dev.
FTP Bruteforce
SSH Bruteforce
POP 2/3 Bruteforce
SQL Bruteforce
XMPP Bruteforce
SMTP Bruteforce
TELNET Bruteforce
String & Payload Encoder
URL Encode
Base64 Encode
HTML Encode
Plain ASCII Encode
Hex Encode
Octal Encode
Binary Encode
GZip Encode
Exploitation purely developmental
ShellShock
Changelog v1.5.1
Addition of 3 new modules under OSINT.
Minor bug fixes.
Code optimioptimizedetter threading.
Removal of lots of unnecessary code.

Installing

https://github.com/theInfectedDrake/TIDoS-Framework.git
cd tidos-framework
chmod +x install
./install

Usage

TIDoS is made to be comprehensive. It’s a highly flexible framework where you just have to select and use modules.
As the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. That’s it! It’s as easy as that.

Source: https://github.com/theInfectedDrake


Photon v1.0.7 releases: extracts URLs, files, intel & endpoints from a target
Photon v1.0.7 releases: extracts URLs, files, intel & endpoints from a target
Sunday, July 29, 2018
Photon
Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target.

Why Photon?
Not Your Regular Crawler
Are crawlers supposed to recursively extract links right? Well, that’s kind of boring so Photon goes beyond that. It extracts the following information:

URLs (in-scope & out-of-scope)
URLs with parameters (example.com/gallery.php?id=2)
Intel (emails, social media accounts, Amazon buckets etc.)
Files (pdf, png, xml etc.)
JavaScript files & Endpoints present in them
The extracted information is saved in an organized manner.
Intelligent Multi-Threading
Here’s a secret, most of the tools floating on the internet aren’t properly multi-threaded even if they are supposed to. They either supply a list of items to threads which results in multiple threads accessing the same item or they simply put a thread lock and end up rendering multi-threading useless.
But Photon is different or should I say “genius”? Take a look at this and decide yourself.

Ninja Mode
In Ninja Mode, 3 online services are used to make requests to the target on your behalf.
So basically, now you have 4 clients making requests to the same server simultaneously which gives you a speed boost, minimizes the risk of connection reset as well as delays requests from a single client.
Here’s a comparison generated by Quark where the lines represent threads:

Changelog
v1.0.7
Added --timeout option
Added --output option
Added --user-agent option
Replaced lxml with regex
Better logic for favoring performance
Added bigger and seperate file for user-agents
v1.0.6
Fixed lot of bugs
Suppress SSL warnings in MAC
x100 speed by code optimization
Simplified code of exporter plugin
Download
git clone https://github.com/s0md3v/Photon.git

Usage
-u –url
Specifies the URL to crawl.
python photon.py -u http://example.com


-l –level
It specifies how much deeper should photon crawl.
python photon.py -u http://example.com -l 3

Default Value: 2
-d –delay
It specifies the delay between requests.
python photon.py -u http://example.com -d 1

Default Value: 0

-t –threads
The number of threads to use.
python photon.py -u http://example.com -t 10

Default Value: 2

Note: The optimal number of threads depends on your connection speed as well as the nature of the target server. If you have a decent network connection and the server doesn’t have any rate limiting in place, you can use up to 100 threads.

-c –cookie
Cookie to send.

python photon.py -u http://example.com -c "PHPSSID=821b32d21"
-n –ninja
Toggles Ninja Mode on/off.

python photon.py -u http://example.com --ninja
Default Value: False

-s –seeds
Lets you add custom seeds, separated by commas.

python photon -u http://example.com -s “http://example.com/portals.html,http://example.com/blog/2018”


Source: https://github.com/s0md3v/


NodeJsScan v3.3 releases: static security code scanner for Node.js applications
NodeJsScan v3.3 releases: static security code scanner for Node.js applications
Sunday, July 29, 2018
NodeJsScan
Static security code scanner (SAST) for Node.js applications.

Changelog v3.3
Moved to Python3
Improved UI
Improved Scanning Logic
Fixed Minor Bugs
New CLI
CLI as pip module
Migrated to production server
Code QA
How to Configure
Clone the repo:

git clone https://github.com/ajinabraham/NodeJsScan.git

Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py
Run pip install -r requirements.txt
Run python createdb.py
Run python app.py
This will run NodeJsScan on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in core/settings.py

NodeJsScan CLI
The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with a NodeJsScan backend.

python cli.py -d <node_js_source_code>

Docker

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

DockerHub

docker pull opensecurity/nodejsscan
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

NodeJsScan Web UI
Source: https://github.com/ajinabraham/-n –ninja
Toggles Ninja Mode on/off.

python photon.py -u http://example.com --ninja

Default Value: False
-s –seeds
Lets you add custom seeds, separated by commas.

python photon -u http://example.com -s “http://example.com/portals.html,http://example.com/blog/2018”


Source: https://github.com/s0md3v/


Raccoon v0.0.75 releases: reconnaissance and vulnerability scanning
Raccoon v0.0.75 releases: reconnaissance and vulnerability scanning
Sunday, July 29, 2018
Raccoon
Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.
It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.

As most of Raccoon’s scans are independent and do not rely on each other’s results, it utilizes Python’s asyncio to run most scans asynchronously.

Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments.

Features
DNS details
DNS visual mapping using DNS dumpster
WHOIS information
TLS Data – supported cyphers, TLS versions, certificate details and SANs
Port Scan
Services and scripts scan
URL fuzzing and dir/file detection
Subdomain enumeration – uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce
Web application data retrieval:
CMS detection
Web server info and X-Powered-By
robots.txt and sitemap extraction
Cookie inspection
Extracts all fuzzable URLs
Discovers HTML forms
Retrieves all Email addresses
Detects known WAFs
Supports anonymous routing through Tor/Proxies
Uses asyncio for improved performance
Saves output to files – separates targets by folders and modules by files
Installation
pip install raccoon-scanner
Usage
Usage: raccoon [OPTIONS]

Options:
  -t, --target TEXT              Target to scan  [required]
  -d, --dns-records TEXT         Comma separated DNS records to query.
                                 Defaults to: A, MX, NS, CNAME, SOA
  --tor-routing                  Route HTTP traffic through Tor. Slows total
                                 runtime significantly
  --proxy-list TEXT              Path to proxy list file that would be used
                                 for routing HTTP traffic. A proxy from the
                                 list will be chosen at random for each
                                 request. Slows total runtime
  --proxy TEXT                   Proxy address to route HTTP traffic through.
                                 Slows total runtime
  -w, --wordlist TEXT            Path to wordlist that would be used for URL
                                 fuzzing
  -T, --threads INTEGER          Number of threads to use for URL
                                 Fuzzing/Subdomain enumeration. Default: 25
  --ignored-response-codes TEXT  Comma separated list of HTTP status code to
                                 ignore for fuzzing. Defaults to:
                                 301,400,401,403,402,404,504
  --subdomain-list TEXT          Path to subdomain list file that would be
                                 used for enumeration
  -f, --full-scan                Run Nmap scan with both -sV and -sC
  -S, --scripts                  Run Nmap scan with -sC flag
  -s, --services                 Run Nmap scan with -sV flag
  -p, --port TEXT                Use this port range for Nmap scan instead of
                                 the default
  --tls-port INTEGER             Use this port for TLS queries. Default: 443
  --no-health-check              Do not test for target host availability
  -fr, --follow-redirects        Follow redirects when fuzzing. Default: True
  --no-url-fuzzing               Do not fuzz URLs
  --no-sub-enum                  Do not bruteforce subdomains
  -q, --quiet                    Do not output to stdout
  -o, --outdir TEXT              Directory destination for scan output
  --help                         Show this message and exit.

Source: https://github.com/evyatarmeged/


skiptracer: OSINT python webscaping framework
skiptracer: OSINT python webscaping framework
Sunday, July 29, 2018
Skiptracer – OSINT scraping framework
Initial attack vectors for recon usually involve utilizing pay-for-data/API (Recon-NG) or paying to utilize transforms (Maltego) to get data mining results. Skiptracer utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.

Installation
$ git clone https://github.com/xillwillx/skiptracer.git skiptracer
$ cd skiptracer
$ pip install -r requirements.txt
Usage
The modules will allow queries for the following:

Phone
Email
Screen names
Real names
Addresses
IP
Hostname
Breach Credentials
The plugin framework will allow contributors to submit new modules for different websites to help collect as much data as possible with minimal work. This makes Skiptracer your one-stop-shop to help you collect relevant information about a target to help expand your attack surface.


DOT: Darknet OSINT Transform
DOT: Darknet OSINT Transform
Sunday, July 29, 2018
DOT: Darknet OSINT Transform

What does this do?
It fetches open ports, banners, emails, BTC addresses, linked onions domains and other (soon).

Where are the infos stored?
The infos are stored in a database, which is in a server controlled by us so that you can do a reverse search (e.g. email address -> domains).

How can I play with this?
This is the link that you need to add this set of transforms to your hub. Some transforms are not ready to run, these are onionPGPKeys. onionIpAddress and onionRelatedDomains. If you run one of these three transforms, it will return 0 entities so don’t worry about possible errors.

Download
git clone https://github.com/pielco11/DOT.git


PureBlood v2: Penetration Testing Framework created for Hackers/Pentester/Bug Hunter
PureBlood v2: Penetration Testing Framework created for Hackers/Pentester/Bug Hunter
Sunday, July 29, 2018
Pure Blood v2
A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter

Web Pentest / Information Gathering:
Banner Grab
Whois
Traceroute
DNS Record
Reverse DNS Lookup
Zone Transfer Lookup
Port Scan
Admin Panel Scan
Subdomain Scan
CMS Identify
Reverse IP Lookup
Subnet Lookup
Extract Page Links
Directory Fuzz (NEW)
File Fuzz (NEW)
Shodan Search (NEW)
Shodan Host Lookup (NEW)
Web Application Attack: (NEW)
WordPress
| WPScan
| WPScan Bruteforce
| WordPress Plugin Vulnerability Checker
Features: // I will add more soon.
| WordPress Woocommerce – Directory Craversal
| WordPress Plugin Booking Calendar 3.0.0 – SQL Injection / Cross-Site Scripting
| WordPress Plugin WP with Spritz 1.0 – Remote File Inclusion
| WordPress Plugin Events Calendar – ‘event_id’ SQL Injection
Auto SQL Injection

Features:

| Union Based
| (Error Output = False) Detection
| Tested on 100+ Websites
Generator:
Deface Page
Password Generator // NEW
Text To Hash //NEW
Installation
$ git clone https://github.com/cr4shcod3/pureblood
$ cd pureblood
$ pip install -r requirements.txt

Use
python pureblood.py


rebel-framework: Advanced and easy to use penetration testing framework
rebel-framework: Advanced and easy to use penetration testing framework
Sunday, July 29, 2018
REBEL-FRAMEWORK
Advanced and easy to use penetration testing framework
Module├
├ net/iface ➤ Interface info.
├ net/map ➤ Hosts live Scan in LAN.
├ net/scan ➤ Scan [Ports, OS, Etc] IP.
├ net/vuln ➤ Scan for common vulnerabilities.
├ net/sniff ➤ Unencrypted traffic network sniffer and modifier.
├ net/sslsniff ➤ Sslstrip and sniff traffic.
├ net/cut ➤ Cut connection between two points or more.

├ info/site ➤ Website information
├ info/phone ➤ Phone number information
├ info/server ➤ Find IP Address And E-mail Server
├ info/whois ➤ Domain whois lookup
├ info/loc ➤ Find website/IP address location
├ info/bcf ➤ Bypass CloudFlare
├ info/subdomain ➤ Subdomain scanner
├ info/valid ➤ Check Email address validation
├ info/domain ➤ Search Domain for Email addresses
├ info/email ➤ Email information gathering

├ web/dirscan ➤ Scan for hidden web directories
├ web/appscan ➤ Gather OSINT and fuzz for OWASP vulnerabilities
├ web/cmsscan ➤ Scan and detect CMS vulnerabilities [WordPress, Joomla and Drupal]

├ com/chat ➤ create or join an existing chatroom
├ com/qrshare ➤ Send files using QR codes

├ torrent/search ➤ Search for torrents and get their info
├ torrent/get ➤ Download torrents using command line

├ crypto/rot ➤ Rot1..25 decoder
├ crypto/auto ➤ Detect and decode encoded strings & crack hashes
├ crypto/mdr1 ➤ Encode/decode strings using our own Encoding algorithm
├ crypto/find ➤ Find hashes inside files [md5,sha256,sha512crypt,etc..]

├ phish/google ➤ Google phishing using ngrok.
├ phish/in ➤ LinkedIn phishing using ngrok.
├ phish/git ➤ Github phishing using ngrok.
├ phish/stack ➤ StackOverflow phishing using ngrok.
├ phish/wp ➤ WordPress phishing using ngrok.
├ phish/twitter ➤ Twitter phishing using ngrok.
├ phish/advanced ➤ Customizable advanced phishing

├ re/info ➤ Collect information about the binary file
├ re/trace ➤ Trace binary/PID system calls and signals
├ re/elfdec ➤ Decompile elf file function(s)

├ df/entropy ➤ Calculate file entropy
├ df/recover ➤ Recursively scan and extracts all recoverable files
├ df/scan ➤ Scan and recover a disk image for regular expressions and other content
Install
git clone https://github.com/rebellionil/rebel-framework.git
cd rebel-framework
bash setup.sh

Use

bash rebel.sh


CMSeeK v1.0.6 releases: Content Management Systems Detection and Exploitation suite
CMSeeK v1.0.6 releases: Content Management Systems Detection and Exploitation suite
Sunday, July 29, 2018
What is a CMS?
A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.

Functions Of CMSeek:
Basic CMS Detection of over 20 CMS
Advanced WordPress Scans
Detects Version
User Enumeration
Plugins Enumeration
Theme Enumeration
Detects Users (3 Detection Methods)
Looks for Version Vulnerabilities and much more!
Advanced Joomla Scans
Version detection
Backup files finder
Admin page finder
Core vulnerability detection
Directory listing check
Config leak detection
Various other checks
Modular bruteforce system
Use pre-made bruteforce modules or create your own and integrate with it
Changelog
Version 1.0.6 [23-07-2018]
Added detection method for 8 new CMSs :
XOOPS
Wolf CMS
Wix.com
WebGUI
UMI.CMS
ushahidi
Tiki Wiki CMS Groupware
WebsiteBaker CMS
New detection methods added for 4 CMSs:
typ03
WordPress
Drupal
Joomla
Version detection added for 3 new CMSs:
XpressEngine
WebGUI
UMI.CMS
Added cms detection via robots.txt
CMS detection via generator meta tag improved
Fixed all bruteforce modules (yet again)
Brutefocer now adds username to the list of passwords to try [issue #14]
Added -l, --list argument for scanning sites from file
Other minor fixes and tweaks

Installation
git clone https://github.com/Tuhinshubhra/CMSeeK
cd CMSeeK
python3 cmseek.py
Detection Methods:
CMSeek uses mainly 2 things for detection:

HTTP Headers
Page Source Code
Supported CMSs:
CMSeeK currently can detect 22 CMSs, you can find the list on cmss.py file which is present in the cmseekdb directory. All the cmss are stored in the following way:

cmsID = {
   'name':'Name Of CMS',
   'url':'Official URL of the CMS',
   'vd':'Version Detection (0 for no, 1 for yes)',
   'deeps':'Deep Scan (0 for no 1 for yes)'
}
Scan Result:
All of your scan results are stored in a json file named cms.json, you can find the logs inside the Result\<Target Site> directory, and as of the bruteforce results they’re stored in a txt file under the site’s result directory as well.


Bruteforce Modules:
It has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this:

Add a comment exactly like this # <Name Of The CMS> Bruteforce module. This will help CMSeeK to know the name of the CMS using regex
Add another comment ### cmseekbruteforcemodule, this will help CMSeeK to know it is a module
Copy and paste the module in the brutecms directory under CMSeeK’s directory
Open CMSeeK and Rebuild Cache using U as the input in the first menu.
If everything is done right you’ll see something like this (refer to screenshot below) and your module will be listed in a bruteforce menu the next time you open CMSeeK.

Disclaimer:

Usage of CMSeeK for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. It is the final user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.


PenTesters Framework(PTF) v2.1.3 released
PenTesters Framework(PTF) v2.1.3 released
Sunday, July 29, 2018
As a penetration tester, I know that you usually choose to use Kali Linux like penetration testing distribution. Kali Linux is a powerful distribution. It includes many, many pentesting tools. If you are Ubuntu/ Linux Mint users, you love the simple, easy-to-use and friendly-GUI of them, but you still want to conduct your penetration testing on your Ubuntu/Linux Mint system. On this topic, I am going to guide you to make Ubuntu/Linux Mint as penetration testing distribution by using The Penetration Testing Framework (PTF).

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those “go to” tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It’s all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It’s super simple to configure and add them and only takes a few minutes.

Changelog:

version 2.1.3
~~~~~~~~~~~~~~~~~

* fix bug that caused update only installed to fail with prompt not defined

~~~~~~~~~~~~~~~~~
version 2.1.2
~~~~~~~~~~~~~~~~~

* add mitm6 tool (thanks @CantComputer <3)

Installing PTF using git:

root@kali:~# git clone https://github.com/trustedsec/ptf.git

root@kali:~# cd ptf

root@kali:~# ./ptf
Source: https://github.com/trustedsec/ptf


archerysec v1.0 released: Open Source Vulnerability Assessment and Management
archerysec v1.0 released: Open Source Vulnerability Assessment and Management
Sunday, July 29, 2018
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

Overview of the tool:
Perform Web and Network Vulnerability Scanning using opensource tools.
Correlates and Collaborate all raw scans data, show them in a consolidated manner.
Perform authenticated web scanning.
Perform web application scanning using selenium.
Vulnerability Managment.
Enable REST API’s for developers to perform scanning and Vulnerability Managment.
Useful for DevOps teams for Vulnerability Managment.
Changelog v1.0
Nmap Vulners.
JIRA Ticketing.
Concurrent Scans.
SSL Tool integration.
Nikto Tool integration.
Sub Domain Scanning.
ZAP scan report parser.
Burp scan report parser.
Nessus scan report parser.
Arachni scan report parser.
Acunetix scan report parser.
Duplicate vulnerability mark.
Netsparker scan report parser.
Webinspect scan report parser.
False Positive vulnerability mark.
False Positive Tracking Dashboard.
Requirement
Python 2.7
OpenVas 8
OWASP ZAP 2.7.0 (https://github.com/zaproxy/zaproxy/wiki/Downloads)
Selenium Python (Firefox Webdriver) (https://github.com/mozilla/geckodriver/releases)
Installation
$ git clone https://github.com/anandtiwarics/archerysec.git
$ cd /archerysec
$ pip install -r requirements.txt
$ python manage.py collectstatic
$ python manage.py makemigrations networkscanners
$ python manage.py makemigrations webscanners
$ python manage.py makemigrations projects
$ python manage.py migrate
$ python manage.py createsuperuser
$ python manage.py runserver

Setup Setting
Zap Setting

Go to Setting Page
Edit ZAP setting or navigate URL : http://host:port/setting_edit/
Fill all required information and click on save.
OpenVAS Setting

Go to setting Page
Edit OpenVAS setting or navigate URL: http://host:port/networkscanners/openvas_setting
Fill all required information and click on save.
Road Map
API Automated vulnerability scanning.
Perform Reconnaissance before scanning.
Concurrent Scans.
Vulnerability POC pictures.
Cloud Security scanning.
Dashboards
Easy to installing.

Source: https://github.com/anandtiwarics


ATSCAN SCANNER v13.3.0 released: Advanced Search & Mass Exploit Scanner
ATSCAN SCANNER v13.3.0 released: Advanced Search & Mass Exploit Scanner
Sunday, July 29, 2018
ATSCAN SCANNER
Advanced Search / Dork / Mass Exploitation Scanner

Description

Search engine Google / Bing / Ask / Yandex / Sogou
● Mass Dork Search
● Multiple instant scans.
● Mass Exploitation
● Use proxy.
● Random user agent.
● Random engine.
● Extern commands execution.
● XSS / SQLI / LFI / AFD scanner.
● Filter wordpress and Joomla sites on the server.
● Find Admin page.
● Decode / Encode Base64 / MD5
● Ports scan.
● Extract IPs
● Extract E-mails.
● Auto-detect errors.
● Auto-detect Cms.
● Post data.
● Auto sequence repeater.
● Validation.
● Post and Get method
● And more…

CHANGES: v13.3.0

Update argsList.pl
Installation

git clone https://github.com/AlisamTechnology/ATSCAN
cd ATSCAN
chmod +x ./install.sh
./install.sh
chmod +x ./atscan.pl



● SET HEADERS:
atscan –dork [dork / dorks.txt] –level [level] –header “Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1”
atscan -t target –data “name:userfile[DATAFILE]value:file.txt –post –header “Authorization:Basic YWRtaW46YWRtaW4 [OTHER]keep_alive:1”

● SEARCH ENGINE:
Search: atscan –dork [dork] –level [level]
Search: atscan -d [dork] -l [level]
Set engine: atscan –dork [dork] –level [level] -m [Bing: 1][Google: 2][Ask: 3][Yandex: 4][Sogou: 5][All: all]
Set selective engines: atscan -d [dork] -l [level] -m 1,2,3..
Search with many dorks: atscan –dork dork1 [OTHER]dork2 [OTHER]dork3] –level [level]
Search and rand: atscan -d [dork] -l [level] –expHost “/index.php?id=rang(1-9)” –sql
Get Server sites: atscan -t [ip] –level [value] –sites
Get Server sites: atscan -t “[ip from]-[ip to]” –level [value] –sites
Get Server sites: atscan -t “ip1 [OTHER]ip2” –level [value] –sites
Get Server wordpress sites: atscan -t [ip] –level [value] –wp
Get Server joomla sites: atscan -t [ip] –level value] –joom
Get Server upload sites: atscan -t [ip] –level [value] –upload
Get Server zip sites files: atscan -t [ip] –level value] –zip
WP Arbitry File Download: atscan -t [ip] –level [[[value] –wpafd
Joomla RFI: atscan -t [ip] –level [10] –joomfri –shell [shell link]
Search + output: atscan –dork [dorks.txt] –level [level] –save
Search + get emails: atscan -d [dorks.txt] -l [level] –email
Search + get site emails: atscan –dork site:site.com –level [level] –email
Search + get ips: atscan –dork [dork] –level [level] –ip

● REGULAR EXPRESSIONS:
Regex use: atscan [–dork [dork> / -t [target]] –level [level] –regex [regex]
IP: ((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){ 3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
E-mails: ‘((([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6})’

● REPEATER:
atscan -t site.com?index.php?id=rang(1-10) –sql
atscan -t [target] –expHost “/index.php?id=rang(1-10)” –sql
atscan -t [target] –expHost “/index.php?id=repeat(../-9)wp-config.php”


● PORTS
atscan -t [ip] –port [port] [–udp / –tcp]
atscan -t (ip start)-(ip end) –port [port] [–udp / –tcp]
atscan -t [ip] –port (port start)-(port end) [–udp / –tcp] –command “your extern command”

● ENCODE / DECODE:
Generate MD5: –md5 [string]
Encode base64: –encode64 [string]
Decode base64: –decode64 [string]

● DATA:
Post data: atscan -t [target] –data “field1:value1 [DATA]field2:value2 [DATA]field3:value3” [–post / –get]
Wordlist: atscan -t [target] –data “name:userfile [DATAFILE]value:file.txt” [–post / –get]
atscan -t [target] –data “username:john [DATA]pass:1234” [–post / –get]
Post + Validation: –data “name:userfile [DATAFILE]value:file.txt” -v [string] / –status [code] [–post / –get]

● EXTERNAL COMMANDES:
atscan –dork [dork / dorks.txt] –level [level] –command “curl -v –TARGET”
atscan –dork [dork / dorks.txt] –level [level] –command “curl -v –HOST”
atscan –dork [dork / dorks.txt] –level [level] –command “nmap -sV -p 21,22,80 –HOSTIP”
atscan -d “index of /lib/scripts/dl-skin.php” -l 20 -m 2 –command “php WP-dl-skin.php-exploit.php –TARGET”

● MULTIPLE SCANS:
atscan –dork [dork> –level [10] –sql –lfi –wp ..
atscan –dork [dork> –level [10] –replace [string] –with [string] –exp/expHost [payload] [–sql / –lfi / –wp /…]
atscan -t [ip] –level [10] [–sql / –lfi / –wp /…]
atscan -t [target] [–sql / –lfi / –wp /…]

● USER PAYLOADS:
atscan –dork [dork] –level [10] [–lfi | –sql ..] –payload [payload | payloads.txt]

● SEARCH VALIDATION:
atscan -d [dork / dorks.txt] -l [level] –status [code] / –valid [string]
atscan -d [dork / dorks.txt] -l [level] –status [code] –none (Positive when status does\’nt match)
atscan -d [dork / dorks.txt] -l [level] –status [code] / -v [string] / –ifinurl [string] / –sregex [regex] –none
atscan -d [dork / dorks.txt] -l [level] –ifinurl [string]
atscan -d [dork / dorks.txt] -l [level] –sregex [regex] –valid [string]
atscan -d [dork / dorks.txt] -l [level] –regex [regex] –valid [string]
atscan -d [dork / dorks.txt] -l [level] –unique

● SCAN VALIDATION:
atscan -t [target / targets.txt] [–status [code] / –valid [string]
atscan -d [dork / dorks.txt] -l [level] –exp/expHost [payload] –status [code] / –valid [string]
atscan -d [dorks.txt] -l [level] –replace [string] –with [string] –status [code] / –valid [string]
atscan -d [dork / dorks.txt] -l [level] [–admin / –sql ..] –status [code] / –valid [string]
atscan -d [dorks.txt] -l [level] –replace [string] –with [string] –status [code] / –valid [string]
atscan -d [dorks.txt] -l [level] –replace [string] –with [string] –full –status [code] / –valid [string]
atscan -d [dorks.txt] -l [level] –replace [string] –with [string] –exp/expHost [payload] –status [code] / –valid [string]
atscan –data “name:userfile[DATAFILE]value:file.txt” -v [string] / –status [code] [–post / –get]
atscan -d [dork / dorks.txt] -l [level] [–sql / –shost ..] –status [code] / –valid [string]
atscan -t [target / targets.txt] –valid [string] –not in [string]

● UPDATE TOOL:
atscan –update

● UNINSTALL TOOL:
atscan –uninstall

Source: https://github.com/AlisamTechnology


Metasploit auto auxiliary script (msfenum)
Metasploit auto auxiliary script (msfenum)
Sunday, July 29, 2018
Msfenum simplifies running multiple auxiliary modules on a specific set of targets. Running a low hanging fruit scan within a penetration test can be very useful, for example, to find open shares or vulnerable services quickly.

The Metasploit framework offers lots of useful auxiliary modules to perform low hanging fruit scans. This script simply runs all the auxiliary modules specified in the config files against the specified targets. All settings can be modified per auxiliary module and new modules can be added easily.

Structure:
logs/
Contains all results after running the script
modules/
Contains all configuration per auxiliary module
config
Contains global configuration settings
msfenum.log
Some logging generated when running msfenum.py
msfenum.py
The main script
Download
git clone https://github.com/wez3/msfenum.git
Usage
Modify the “config” file. Change the CHANGEME values in the “settings” key, otherwise, those modules will not run.

python msfenum.py [-h] [-t [THREADS]] [-p [PROJECT]] TARGET_FILE

-t [THREADS], Number of threads


Result example
All raw results generated by Metasploit are stored within separate files in the “logs/” directory. If you specified a project name, this name is used as a folder name. Otherwise, the current Unix timestamp is used. After running the script, a summary is printed to get an overview of successful findings:

Source: https://github.com/wez3/


watchdog: A Comprehensive Security Scanning and a Vulnerability Management Tool
watchdog: A Comprehensive Security Scanning and a Vulnerability Management Tool
Sunday, July 29, 2018
Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built it can be used by product security teams, red teams and also by bug bounty hunters to get a 360-degree view of an Internet property it scans. Given a list of domains/IP, it has the capability to perform a network scan, feeds the output to open source web app scanners like Google’s skip-fish and wapiti, perform tech stack analysis and determine if the stack has any known CVE’s.

watchdog Security Scanning
Watchdog is designed considering the use case where it is necessary to know all open services and its corresponding technologies used by the endpoints you own exposed over the Internet. As a company grows it’s foot-prints on the Internet for a product security team it becomes really difficult to maintain an inventory of all the services and technologies which it exposes over the Internet, and in an event of a zero-day outbreak on a particular protocol or a third party product it becomes immensely crucial to know which all endpoints might be affected.

WatchDog has the ability to scan all endpoints and perform technology version analysis on the services it detects and also map this information with its rich CVE database which it maintains and updates locally.

Scan Engine:
Nmap
Skipfish
Wapiti
BuiltWith
Phantalyzer
Wappalyzer
Databases and collections:
Watchdog installs a local copy of CVE database which is a collection of following DB’s :

cves (Common Vulnerabilities and Exposure items) – source NVD NIST
cpe (Common Platform Enumeration items) – source NVD NIST
cwe (Common Weakness Enumeration items) – source NVD NIST
capec (Common Attack Pattern Enumeration and Classification) – source NVD NIST
ranking (ranking rules per group) – local cve-search
d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) – source d2sec.com
MITRE Reference Key/Maps – source MITRE reference Key/Maps
ms – (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) – source Microsoft
exploitdb (Offensive Security – Exploit Database) – source offensive security
info (metadata of each collection like last-modified) – local cve-search
via4 VIA4CVE cross-references.
Install & Use

Source: https://github.com/flipkart-incubator/


dagda: perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats
dagda: perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats
Sunday, July 29, 2018
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running Docker containers for detecting anomalous activities.

In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis is in progress.

Then, when you run a static analysis of known vulnerabilities, Dagda retrieves information about the software installed into your docker images, such as the OS packages and the dependencies of the programming languages, and verifies for each product and its version if it is free of vulnerabilities against the previously stored information into the MongoDB. Also, Dagdauses ClamAV as antivirus engine for detecting Trojans, viruses, malware & other malicious threats included within the docker images/containers.

Dagda supports multiple Linux base images:

Red Hat/CentOS/Fedora
Debian/Ubuntu
OpenSUSE
Alpine

java
python
nodejs
js
ruby
php
On the other hand, Dagda is integrated with Sysdig Falco for monitoring running Docker containers to detect anomalous activities. Also, Dagda includes the gathering of real-time events from docker daemon.

Finally, each analysis report of a docker image/container, included all static analysis and all runtime monitoring, is stored into the same MongoDB for having available the history of each docker image/container when it is needed.



Online Training With Hacker Computer School

We conduct high quality online class for Corporates and Individuals focusing on practicals. Schedules are not constrain that can be discussed.
India Time Zone :- UTC +05:30
India
Class Time : 8PM To 8 AM

100% Practical Training Of :- CSCU | Ethical Hacking | CEHv9 | CHFIv9 | LPT | OSCP

www.hackercomputerschool.com | Email - hackercomputerschoolgroup@gmail.com |
WhatsApp(+91)7988285508  | Skype User Name - hackercomputerschool | Phone (+91)7988285508







Hacker Computer School
Skype User Name - hackercomputerschool
Make Call Or WhatsApp For Online Training (+91)7988285508