Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/9xaMRbIv1Dk/zeebsploit-web-scanner-exploitation.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/RZKskKnsCFU/zeebsploit-web-scanner-exploitation_10.html

Dirhunt – Find Web Directories Without Bruteforce

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.$ dirhunt http://website.com/Dirhunt does not use brute force. But neither is it just a crawler. This tool is faster than others because it minimizes requests to the server. Generally, this tool takes between 5-30 seconds, depending on the website and the server.Read more about how to use Dirhunt in the documentation. FeaturesProcess one or multiple sites at a time.Process ‘Index Of’ pages and report interesting files.Detect redirectors.Detect blank index file created on directory to hide things.Process some html files in search of new directories.404 error pages and detect fake 404 errors.Filter results by flags.Analyze results at end. InstallIf you have Pip installed on your system, you can use it to install the latest Dirhunt stable version:$ sudo pip3 install dirhuntPython 2.7 & 3.4-3.6 are supported but Python 3.x is recommended. Use pip2 on install for Python2.There are other installation methods available. VideoDownload Dirhunt

Link: http://feedproxy.google.com/~r/PentestTools/~3/hs6s7NA7xO8/dirhunt-find-web-directories-without.html

Gobuster – Directory/File & DNS Busting Tool Written In Go

Gobuster is a tool used to brute-force:URIs (directories and files) in web sites.DNS subdomains (with wildcard support).Oh dear God.. WHY!?Because I wanted:… something that didn’t have a fat Java GUI (console FTW)…. to build something that just worked on the command line…. something that did not do recursive brute force…. something that allowed me to brute force folders and multiple extensions at once…. something that compiled to native on multiple platforms…. something that was faster than an interpreted script (such as Python)…. something that didn’t require a runtime…. use something that was good with concurrency (hence Go)…. to build something in Go that wasn’t totally useless.Common Command line options-fw – Force processing of a domain with wildcard results.-m – which mode to use, either dir or dns (default: dir)-q – disables banner/underline output.-t <threads> – number of threads to run (default: 10).-u <url/domain> – full URL (including scheme), or base domain name.-v – verbose output (show all results).-w <wordlist> – path to the wordlist used for brute forcing.Command line options for dns mode-cn – show CNAME records (cannot be used with ‘-i’ option).-i – show all IP addresses for the result.Command line options for dir mode-a <user agent string> – specify a user agent string to send in the request header.-c <http cookies> – use this to specify any cookies that you might need (simulating auth).-e – specify extended mode that renders the full URL.-f – append / for directory brute forces.-k – Skip verification of SSL certificates.-l – show the length of the response.-n – “no status" mode, disables the output of the result’s status code.-o <file> – specify a file name to write the output to.-p <proxy url> – specify a proxy to use for all requests (scheme much match the URL scheme).-r – follow redirects.-s <status codes> – comma-separated set of the list of status codes to be deemed a "positive" (default: 200,204,301,302,307).-x <extensions> – list of extensions to check for, if any.-P <password> – HTTP Authorization password (Basic Auth only, prompted if missing).-U <username> – HTTP Authorization username (Basic Auth only).BuildingSince this tool is written in Go you need install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options.Compilinggobuster now has external dependencies, and so they need to be pulled in first:gobuster $ go get && go buildThis will create a gobuster binary for you. If you want to install it in the $GOPATH/bin folder you can run:gobuster $ go installRunning as a scriptgobuster$ go run main.go <parameters>Wordlists via STDINWordlists can be piped into gobuster via stdin:hashcat -a 3 –stdout ?l | gobuster -u https://mysite.comNote: If the -w option is specified at the same time as piping from STDIN, an error will be shown and the program will terminate.Examplesdir modeCommand line might look like this:$ gobuster -u https://mysite.com/path/to/folder -c ‘session=123456’ -t 50 -w common-files.txt -x .php,.htmlDefault options looks like this:$ gobuster -u http://buffered.io/ -w words.txtGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dir[+] Url/Domain : http://buffered.io/[+] Threads : 10[+] Wordlist : words.txt[+] Status codes : 200,204,301,302,307=====================================================/index (Status: 200)/posts (Status: 301)/contact (Status: 301)=====================================================Default options with status codes disabled looks like this:$ gobuster -u http://buffered.io/ -w words.txt -nGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dir[+] Url/Domain : http://buffered.io/[+] Threads : 10[+] Wordlist : words.txt[+] Status codes : 200,204,301,302,307[+] No status : true=====================================================/index/posts/contact=====================================================Verbose output looks like this:$ gobuster -u http://buffered.io/ -w words.txt -vGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dir[+] Url/Domain : http://buffered.io/[+] Threads : 10[+] Wordlist : words.txt[+] Status codes : 200,204,301,302,307[+] Verbose : true=====================================================Found : /index (Status: 200)Missed: /derp (Status: 404)Found : /posts (Status: 301)Found : /contact (Status: 301)=====================================================Example showing content length:$ gobuster -u http://buffered.io/ -w words.txt -lGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dir[+] Url/Domain : http://buffered.io/[+] Threads : 10[+] Wordlist : /tmp/words[+] Status codes : 301,302,307,200,204[+] Show length : true=====================================================/contact (Status: 301)/posts (Status: 301)/index (Status: 200) [Size: 61481]=====================================================Quiet output, with status disabled and expanded mode looks like this ("grep mode"):$ gobuster -u http://buffered.io/ -w words.txt -q -n -ehttp://buffered.io/postshttp://buffered.io/contacthttp://buffered.io/indexdns modeCommand line might look like this:$ gobuster -m dns -u mysite.com -t 50 -w common-names.txtNormal sample run goes like this:$ gobuster -m dns -w subdomains.txt -u google.comGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dns[+] Url/Domain : google.com[+] Threads : 10[+] Wordlist : subdomains.txt=====================================================Found: m.google.comFound: admin.google.comFound: mobile.google.comFound: www.google.comFound: search.google.comFound: chrome.google.comFound: ns1.google.comFound: store.google.comFound: wap.google.comFound: support.google.comFound: directory.google.comFound: translate.google.comFound: news.google.comFound: music.google.comFound: mail.google.comFound: blog.google.comFound: cse.google.comFound: local.google.com=====================================================Show IP sample run goes like this:$ gobuster -m dns -w subdomains.txt -u google.com -iGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dns[+] Url/Domain : google.com[+] Threads : 10[+] Wordlist : subdomains.txt[+] Verbose : true=====================================================Found: chrome.google.com [2404:6800:4006:801::200e, 216.58.220.110]Found: m.google.com [216.58.220.107, 2404:6800:4006:801::200b]Found: www.google.com [74.125.237.179, 74.125.237.177, 74.125.237.178, 74.125.237.180, 74.125.237.176, 2404:6800:4006:801::2004]Found: search.google.com [2404:6800:4006:801::200e, 216.58.220.110]Found: admin.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: store.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: mobile.google.com [216.58.220.107, 2404:6800:4006:801::200b]Found: ns1.google.com [216.239.32.10]Found: directory.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: translate.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: cse.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: local.google.com [2404:6800:4006:801::200e, 216.58.220.110]Found: music.google.com [2404:6800:4006:801::200e, 216.58.220.110]Found: wap.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: blog.google.com [216.58.220.105, 2404:6800:4006:801::2009]Found: support.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: news.google.com [216.58.220.110, 2404:6800:4006:801::200e]Found: mail.google.com [216.58.220.101, 2404:6800:4006:801::2005]=====================================================Base domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.$ gobuster -m dns -w subdomains.txt -u yp.to -iGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dns[+] Url/Domain : yp.to[+] Threads : 10[+] Wordlist : /tmp/test.txt=====================================================[-] Unable to validate base domain: yp.toFound: cr.yp.to [131.155.70.11, 131.155.70.13]=====================================================Wildcard DNS is also detected properly:$ gobuster -w subdomainsbig.txt -u doesntexist.com -m dnsGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dns[+] Url/Domain : doesntexist.com[+] Threads : 10[+] Wordlist : subdomainsbig.txt=====================================================[-] Wildcard DNS found. IP address(es): 123.123.123.123[-] To force processing of Wildcard DNS, specify the ‘-fw’ switch.=====================================================If the user wants to force processing of a domain that has wildcard entries, use -fw:$ gobuster -w subdomainsbig.txt -u doesntexist.com -m dns -fwGobuster v1.4.1 OJ Reeves (@TheColonial)=====================================================[+] Mode : dns[+] Url/Domain : doesntexist.com[+] Threads : 10[+] Wordlist : subdomainsbig.txt=====================================================[-] Wildcard DNS found. IP address(es): 123.123.123.123Found: email.doesntexist.com^C[!] Keyboard interrupt detected, terminating.=====================================================Download Gobuster

Link: http://feedproxy.google.com/~r/PentestTools/~3/buQ2qHF-Row/gobuster-directoryfile-dns-busting-tool.html

dirsearch v0.3.8 – Brute Force Directories and Files in Websites

dirsearch is a simple command line tool designed to brute force directories and files in websites.Operating Systems supportedWindows XP/7/8/10GNU/LinuxMacOSXFeaturesMultithreadedKeep alive connectionsSupport for multiple extensions (-e|–extensions asp,php)Reporting (plain text, JSON)Heuristically detects invalid web pagesRecursive brute forcingHTTP proxy supportUser agent randomizationBatch processingRequest delayingAbout wordlistsDictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | –extension) passed as an argument.Example:example/example.%EXT%Passing the extensions “asp" and "aspx" will generate the following dictionary:example/example.aspexample.aspxYou can also use -f | –force-extensions switch to append extensions to every word in the wordlists (like DirBuster).Download dirsearch

Link: http://feedproxy.google.com/~r/PentestTools/~3/dmhPowU4tCA/dirsearch-v038-brute-force-directories.html