Htcap – A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes

Htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s focused on the crawling process and it’s aimed to detect and intercept ajax/fetch calls, websockets, jsonp ecc. It uses its own fuzzers plus a set of external tools to discover vulnerabilities and it’s designed to be a tool for both manual and automated penetration test of modern web applications.It also features a small but powerful framework to quickly develop custom fuzzers with less than 60 lines of python. The fuzzers can work with GET/POST data, XML and JSON payloads and switch between POST and GET. Of course, fuzzers run in parallel in a multi-threaded environment.This is the very first release that uses headless chrome instead of phantomjs. Htcap’s Javascript crawling engine has been rewritten to take advantage of the new async/await features of ecmascript and has been converted to a nodjes module build on top of Puppetteer.More infos at htcap.org.SETUPRequirementsPython 2.7Nodejs and npmSqlmap (for sqlmap scanner module)Arachni (for arachni scanner module)Download and Run$ git clone https://github.com/fcavallarin/htcap.git htcap$ htcap/htcap.pyVIDEODOCUMENTATIONDocumentation, examples and demos can be found at the official website https://htcap.org.Download Htcap

Link: http://feedproxy.google.com/~r/PentestTools/~3/aJgXuqnKFus/htcap-web-application-scanner-able-to.html

Get Reverse-shell via Windows one-liner

This article will help those who play with CTF challenges, because today we will discuss “Windows One- Liner” to use malicious commands such as power shell or rundll32 to get reverse shell of the Windows system. Generally, while abusing HTTP services or other programs, we get RCE vulnerability. This loophole allows you to remotely execute… Continue reading →
The post Get Reverse-shell via Windows one-liner appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/

Remot3d – An Simple Exploit for PHP Language

It’s easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program.Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwdScreenshotsList of Remot3d FunctionsCreate backdoor for windows or linux servers (can run php file) Bypass disable function’s with imap_open vulnerability Bypass read file /etc/passwd with cURL or Unique Logic Script’s Generating Backdoor and can be remoted on Tools Some other fun stuff 🙂 Getting Startedgit clone https://github.com/KeepWannabe/Remot3dcd Remot3dchmod +x Remot3d.sh && ./Remot3d.shLinux operating systems we recommend :Linux mint (Ubuntu Based with Mate DE)ParrotBackTrackBackboxDracOSIbisLinuxUpdate Remot3dTo update remot3d go to your Remot3d folder and execute : git pull && chmod +x Remot3d.sh && ./Remot3d.shDownload Remot3d

Link: http://feedproxy.google.com/~r/PentestTools/~3/MfRDXGlJowM/remot3d-simple-exploit-for-php-language.html

Domained – Multi Tool Subdomain Enumeration

Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.

This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.
Domains Subdomain Enumeration Tools Leveraged
Subdomain Enumeraton Tools:

Sublist3r
enumall
Knock
Subbrute
massdns
Recon-ng
Amass
SubFinder

Reporting + Wordlists:

EyeWitness
SecList (DNS Recon List)
LevelUp All.txt Subdomain List

Domained Subdomain Enumeration Tool Usage
–install/–upgrade Both do the same function – install all prerequisite tools
–vpn Check if you are on VPN (update with your provider)
–quick Use ONLY Amass and SubFinder
–bruteall Bruteforce with JHaddix All.txt List instead of SecList
–fresh Delete old data from output folder
–notify Send Pushover or Gmail Notifications
–active EyeWitness Active Scan
–noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS
Subdomain Enumeration Examples
First Steps are to install required Python modules and tools:

sudo pip install -r ./ext/requirements.txt
sudo python domained.py –install
Example 1 – Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)
python domained.py -d example.com
Example 2: – Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN
python domained.py -d example.com -b -p –vpn
Example 3: – Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)
python domained.py -d example.com -b –bruteall
Example 4: – Uses subdomain example.com and only Amass and SubFinder
python domained.py -d example.com –quick
Example 5: – Uses subdomain example.com, only Amass and SubFinder and notification
python domained.py -d example.com –quick –notify
Example 6: – Uses subdomain example.com with no EyeWitness
python domained.py -d example.com –noeyewitness
Note: –bruteall must be used with the -b flag
You can download Domained here:
domained-master.zip
Or read more here.
Read the rest of Domained – Multi Tool Subdomain Enumeration now! Only available at Darknet.

Link: https://www.darknet.org.uk/2019/01/domained-multi-tool-subdomain-enumeration/

Tyton – Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+

Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+.For more information, visit Tyton’s website.Detected AttacksHidden ModulesSyscall Table HookingNetwork Protocol HookingNetfilter HookingZeroed Process InodesProcess Fops HookingInterrupt Descriptor Table HookingAdditional FeaturesNotifications: Users (including myself) do not actively monitor their journald logs, so a userland notification daemon has been included to monitor journald logs and display them to the user using libnotify. Notifications are enabled after install by XDG autorun, so if your DM does not have /etc/xdg/autostart it will fail.DKMS: Dynamic Kernel Module Support has been added for Arch and Fedora/CentOS (looking to expand in the near future). DKMS allows the (near) seamless upgrading of Kernel modules during kernel upgrades. This is mainly important for distributions that provide rolling releases or upgrade their kernel frequently.InstallingDependenciesLinux Kernel 4.4.0-31 or greaterCorresponding Linux Kernel HeadersGCCMakeLibnotifyLibsystemdPackage ConfigGTK3From SourceUbuntu/Debian/Kalisudo apt install linux-headers-$(uname -r) gcc make libnotify-dev pkg-config libgtk-3-dev libsystemd-devgit clone https://github.com/nbulischeck/tyton.gitcd tytonmakesudo insmod tyton.koNote: For Ubuntu 14.04, libsystemd-dev is named libsystemd-journal-dev.Archsudo pacman -S linux-headers gcc make libnotify libsystemd pkgconfig gtk3git clone https://github.com/nbulischeck/tyton.gitcd tytonmakesudo insmod tyton.koNote: It’s recommended to install Tyton through the AUR so you can benefit from DKMS.Fedora/CentOSdnf install kernel-devel gcc make libnotify libnotify-devel systemd-devel gtk3-devel gtk3git clone https://github.com/nbulischeck/tyton.gitcd tytonmakesudo insmod tyton.koKernel Module ArgumentsThe kernel module can be passed a specific timeout argument on insertion through the command line.To do this, run the command sudo insmod tyton.ko timeout=X where X is the number of minutes you would like the kernel module to wait before executing its scan again.AURTyton is available on the AUR here.You can install it using the AUR helper of your choice:yaourt -S tyton-dkms-gityay -S tyton-dkms-gitpakku -S tyton-dkms-gitDownload Tyton

Link: http://feedproxy.google.com/~r/PentestTools/~3/-SpNjyLloZM/tyton-linux-kernel-mode-rootkit-hunter.html

Dr. Eric Cole, Secure Anchor Consulting – Paul’s Security Weekly #590

    Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players. Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly Hosts             Announcements RSA Conference 2019 is the place to be for the latest in cybersecurity data, innovation […]
The post Dr. Eric Cole, Secure Anchor Consulting – Paul’s Security Weekly #590 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/jmlJf4EzehE/

dnSpy – .NET Debugger And Assembly Editor

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don’t have any source code available.Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR!The following pictures show dnSpy in action. It shows dnSpy editing and debugging a .NET EXE file, not source code.FeaturesDebug .NET Framework, .NET Core and Unity game assemblies, no source code requiredEdit assemblies in C# or Visual Basic or IL, and edit all metadataLight and dark themesExtensible, write your own extensionHigh DPI support (per-monitor DPI aware)And much more, see belowdnSpy uses the ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler and many other open source libraries, see below for more info.DebuggerDebug .NET Framework, .NET Core and Unity game assemblies, no source code requiredSet breakpoints and step into any assemblyLocals, watch, autos windowsVariables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window)Object IDsMultiple processes can be debugged at the same timeBreak on module loadTracepoints and conditional breakpointsExport/import breakpoints and tracepointsCall stack, threads, modules, processes windowsBreak on thrown exceptions (1st chance)Variables windows support evaluating C# / Visual Basic expressionsDynamic modules can be debugged (but not dynamic methods due to CLR limitations)Output window logs various debugging events, and it shows timestamps by default :)Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files.Public API, you can write an extension or use the C# Interactive window to control the debuggerAssembly EditorAll metadata can be editedEdit methods and classes in C# or Visual Basic with IntelliSense, no source code requiredAdd new methods, classes or members in C# or Visual BasicIL editor for low level IL method body editingLow level metadata tables can be edited. This uses the hex editor internally.Hex EditorClick on an address in the decompiled code to go to its IL code in the hex editorReverse of above, press F12 in an IL body in the hex editor to go to the decompiled code or other high level representation of the bits. It’s great to find out which statement a patch modified.Highlights .NET metadata structures and PE structuresTooltips shows more info about the selected .NET metadata / PE fieldGo to position, file, RVAGo to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap indexFollow references (Ctrl+F12)OtherBAML decompilerBlue, light and dark themes (and a dark high contrast theme)BookmarksC# Interactive window can be used to script dnSpySearch assemblies for classes, methods, strings etcAnalyze class and method usage, find callers etcMultiple tabs and tab groupsReferences are highlighted, use Tab / Shift+Tab to move to next referenceGo to entry point and module initializer commandsGo to metadata token or metadata row commandsCode tooltips (C# and Visual Basic)Export to projectList of other open source libraries used by dnSpyILSpy decompiler engine (C# and Visual Basic decompilers)Roslyn (C# and Visual Basic compilers)dnlib (.NET metadata reader/writer which can also read obfuscated assemblies)VS MEF (Faster MEF equals faster startup)ClrMD (Access to lower level debugging info not provided by the CorDebug API)CreditsDownload dnSpy

Link: http://feedproxy.google.com/~r/PentestTools/~3/JZaPW594CQE/dnspy-net-debugger-and-assembly-editor.html