MEC v1.4.0 – Mass Exploit Console

massExploitConsolea collection of hacking tools with a cli ui.Disclaimerplease use this tool only on authorized systems, im not responsible for any damage caused by users who ignore my warningexploits are adapted from other sources, please refer to their author infoplease note, due to my limited programming experience (it’s my first Python project), you can expect some silly bugsFeaturesan easy-to-use cli uiexecute any adpated exploits with process-level concurrencysome built-in exploits (automated)hide your ip addr using proxychains4 and ss-proxy (built-in)zoomeye host scan (10 threads)a simple baidu crawler (multi-threaded)censys host scanGetting startedgit clone https://github.com/jm33-m0/massExpConsole.git && cd massExpConsole && ./install.pywhen installing pypi deps, apt-get install libncurses5-dev (for Debian-based distros) might be needednow you should be good to go (if not, please report missing deps here)type proxy command to run a pre-configured Shadowsocks socks5 proxy in the background, vim ./data/ss.json to edit proxy config. and, ss-proxy exits with mec.pyRequirementsGNU/Linux, WSL, MacOS (not tested), fully tested under Arch Linux, Kali Linux (Rolling, 2018), Ubuntu Linux (16.04 LTS) and Fedora 25 (it will work on other distros too as long as you have dealt with all deps)Python 3.5 or later (or something might go wrong, https://github.com/jm33-m0/massExpConsole/issues/7#issuecomment-305962655)proxychains4 (in $PATH), used by exploiter, requires a working socks5 proxy (you can modify its config in mec.py)Java is required when using Java deserialization exploits, you might want to install openjdk-8-jre if you haven’t installed it yetnote that you have to install all the deps of your exploits or tools as wellUsagejust run mec.py, if it complains about missing modules, install themif you want to add your own exploit script (or binary file, whatever):cd exploits, mkdir your exploit should take the last argument passed to it as its target, dig into mec.py to know morechmod +x <exploit> to make sure it can be executed by current useruse attack command then m to select your custom exploittype help in the console to see all available featureszoomeye requires a valid user account config file zoomeye.conf Download MEC

Link: http://www.kitploit.com/2018/12/mec-v140-mass-exploit-console.html

Infection Monkey v1.6 – An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Monkey Island server.The Infection Monkey is comprised of two parts:Monkey – A tool which infects other machines and propagates to themMonkey Island – A dedicated server to control and visualize the Infection Monkey’s progress inside the data centerTo read more about the Monkey, visit http://infectionmonkey.comMain FeaturesThe Infection Monkey uses the following techniques and exploits to propagate to other machines.Multiple propagation techniques:Predefined passwordsCommon logical exploitsPassword stealing using MimikatzMultiple exploit methods:SSHSMBRDPWMIShellshockConfickerSambaCryElastic Search (CVE-2015-1427)SetupCheck out the Setup page in the Wiki or a quick getting started guide.Building the Monkey from sourceIf you want to build the monkey from source, see Setup and follow the instructions at the readme files under infection_monkey and monkey_island.Download Infection Monkey

Link: http://feedproxy.google.com/~r/PentestTools/~3/EIyfw_0injA/infection-monkey-v16-automated-pentest.html

WebMap – Nmap Web Dashboard And Reporting

A Web Dashbord for Nmap XML ReportUsageYou should use this with docker, just by sending this command:$ mkdir /tmp/webmap$ docker run -d \ –name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap$ # now you can run Nmap and save the XML Report on /tmp/webmap$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml 192.168.1.0/24Now point your browser to http://localhost:8000Quick and Dirty$ curl -sL http://bit.ly/webmapsetup | bashUpgrade from previous release$ # stop running webmap container$ docker stop webmap$ # remove webmap container$ docker rm webmap$ # pull new image from dockerhub$ docker pull rev3rse/webmap$ # run WebMap$ curl -sL http://bit.ly/webmapsetup | bashRun without DockerThis project is designed to run on a Docker container. IMHO it isn’t a good idea to run this on a custom Django installation, but if you need it you can find all building steps inside the Dockerfile.FeaturesImport and parse Nmap XML filesStatistics and Charts on discovered services, ports, OS, etc…Inspect a single host by clicking on its IP addressAttach labels on a hostInsert notes for a specific hostCreate a PDF Report with charts, details, labels and notesCopy to clipboard as Nikto, Curl or Telnet commandsSearch for CVE and Exploits based on CPE collected by NmapChanges on v2.1Better usage of Django templateFixed some Nmap XML parse problemsFixed CVE and Exploit collecting problemsAdd new Network ViewPDF ReportXML FilenamesWhen creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. WebMap will replace some parts of the filename as following:_ will replaced by a space ().xml will be removedExample: ACME_Ltd..xmlPDF title: ACME Ltd.CVE and Exploitsthanks to the amazing API services by circl.lu, WebMap is able to looking for CVE and Exploits for each CPE collected by Nmap. Not all CPE are checked over the circl.lu API, but only when a specific version is specified (for example: cpe:/a:microsoft:iis:7.5 and not cpe:/o:microsoft:windows).Network ViewThird PartsDjangoMaterialize CSSClipboard.jsChart.jsWkhtmltopdfAPI cve.circl.luvis.jsSecurity IssuesThis app is not intended to be exposed on the internet. Please, DO NOT expose this app to the internet, use your localhost or, in case you can’t do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. Exposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private informations about your port scan. Please, be smart.ContributorsThis project is currently a beta, and I’m not super skilled on Django so, every type of contribution is appreciated. I’ll mention all contributors in this section of the README file.Contributors Lists3th_0x @adubaldo (bug on single host report)Neetx @Neetx (bug on xml with no host up)ContactsIn order to receive updates about this project, please follow me on twitter:Twitter: @Menin_TheMiddleYouTube: Rev3rseSecurityDownload WebMap

Link: http://feedproxy.google.com/~r/PentestTools/~3/9cfmkKmaUrM/webmap-nmap-web-dashboard-and-reporting.html

AWS Lambda, Bleedingbit, and Cisco – Paul’s Security Weekly #581

AWS Security Best Practices, Masscan and massive address lists, Bleedingbit vulnerabilities, and Cisco Zero-Day exploited in the wild, ! All that and more, on this episode of Paul’s Security Weekly! Paul’s Stories Web Security Stats Show XSS & Outdated Software Are Major Problems AWS Security Best Practices: AWS Lambda Security Design for Failure Employee used […]
The post AWS Lambda, Bleedingbit, and Cisco – Paul’s Security Weekly #581 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/m_WC_9coB3U/

Auto-Root-Exploit – Auto Root Exploit Tool

Auto Root Exploit ToolAuthor : Nilotpal BiswasFacebook : https://www.facebook.com/nilotpal.biswas.73Twitter : https://twitter.com/nilotpalhackerUSAGE : for kernel version 2.6 all bash autoroot.sh 2 for kernel version 3 all bash autoroot.sh 3 for kernel version 4 all bash autoroot.sh 4 for freebsd & openbsd all bash autoroot.sh bsd for apple macos all bash autoroot.sh app for kernel 2.6,3,4 bsd & app all bash autoroot.sh allScreenshot 1Screenshot 2All exploits are suggested by “exploit-db.com" and will update according to it.Download Auto-Root-Exploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/t-b0Lppu_dw/auto-root-exploit-auto-root-exploit-tool.html

SVScanner – Scanner Vulnerability And Massive Exploit

Is a tool for scanning and massive exploits. Our tools target several open source cms.Getting Started with Linuxgit clone https://github.com/radenvodka/SVScanner.gitcd SVScannerphp svscanner.phpGetting Started with WindowsDownload Xampp (PHP7)Download SVScanner : https://github.com/radenvodka/SVScanner/releasesand open with cmd php svscanner.phpSystems we recommend :PHP 7 (version and up)Install Modules PHP : php-cli & php-curl for linuxCreditsEdo Maland (Powerstager) https://github.com/ScreetsecJack Wilder admin in http://www.linuxsec.orgWant to contributeSend the target live and what exploits are used. then send to maunikah1337@gmail.comDownload SVScanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/Yisgfs6nPoA/svscanner-scanner-vulnerability-and.html

Texas, T-Mobile, and Jack Daniel – Paul’s Security Weekly #573

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million. Full Show Notes Subscribe to YouTube Channel
The post Texas, T-Mobile, and Jack Daniel – Paul’s Security Weekly #573 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/txHBdnnZi2M/

Getsploit v0.2.2 – Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.Python versionUtility was tested on a python2.6, python2.7, python3.6 with SQLite FTS4 support. If you have found any bugs, don’t hesitate to open issueHow to useInstall: pip install getsploit Search# git clone https://github.com/vulnersCom/getsploit# cd getsploit# ./getsploit.py wordpress 4.7.0Total found exploits: 8Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0+———————-+——————————–+—————————————————-+| ID | Exploit Title | URL |+======================+================================+====================================================+| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 || | PHP Code Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 || | Insert PHP – PHP Code | || | Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41223 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41223 || | Unauthenticated Content | || | Injection (PoC) | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 || | API Privilege Escalation | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 || | Content Injection / Code | || | Execution | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 || | Content Injection Proof Of | || | Concept | |+———————-+——————————–+—————————————————-+| EDB-ID:41224 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41224 || | Unauthenticated Content | || | Injection Arbitrary Code | || | Execution | |+———————-+——————————–+—————————————————-+| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 || | injection | |+———————-+——————————–+—————————————————-+Save exploit files# ./getsploit.py -m wordpress 4.7.0Total found exploits: 8Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0+———————-+——————————–+—————————————————-+| ID | Exploit Title | URL |+======================+================================+====================================================+| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 || | PHP Code Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 || | Insert PHP – PHP Code | || | Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41223 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41223 || | Unauthenticated Content | || | Injection (PoC) | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 || | API Privilege Escalation | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 || | Content Injection / Code | || | Execution | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 || | Content Injection Proof Of | || | Concept | |+———————-+——————————–+—————————————————-+| EDB-ID:41224 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41224 || | Unauthenticated Content | || | Injection Arbitrary Code | || | Execution | |+———————-+——————————–+—————————————————-+| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 || | injection | |+———————-+——————————–+—————————————————-+# lsLICENSE README.md getsploit.py wordpress-470# cd wordpress-470# lsedb-id41223.txt edb-id41224.txt edb-id41308.txt packetstorm140893.txt packetstorm140901.txt packetstorm140902.txt packetstorm141039.txt ssv-92637.txtLocal databaseIf your Python supports sqlite3 lib(builtin) you can use –update and –local commands to download whole exploit database to your PC. After update you can perform local offline searches.# ./getsploit.py –updateDownloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.219642496/219642496 [100.00%]Unpacking database.Database download complete. Now you may search exploits using –local key ‘./getsploit.py -l wordpress 4.7’Download Getsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/ik5Cki-nwIQ/getsploit-v022-command-line-utility-for.html

BST (Binary String Toolkit) – Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field.FeaturesDump files content to standard output in a binary string format.Convert a plain hexadecimal input to an escaped binary string.Output a sequence of bad characters for testing proof of concept code.Limit the width of binary strings for better readability in source codes.Format output in your favorite programming language’s syntax.Perform binary variable block indentation.DependenciesPOSIX C LibraryC CompilerGCCLLVM ClangGNU MakeGitBuildingTo build and install the ‘bstrings’ binary, simply do:$ git clone https://github.com/e3prom/bst$ cd bst$ make# by default, bstrings is installed in /usr/local/bin.$ make installUsageThe below example show how an assembled shellcode can be quickly dumped (-D) to standard output in a hexadecimal escaped (-x) binary string of 16 hexadecimal digits width (or 8 bytes), with Python syntax formatting and an indentation of 4 space characters:$ bstrings –verbose -x -D lnx-execve-setreuid-x86_64 -w8 -i 4 –syntax=python[*] Convert hexadecimal input to an escaped binary string.[+] Binary string width is limited to 8 bytes.[+] Output binary string using python language syntax.[+] Indentation level set to 4 space character(s). shellcode = “" shellcode += "\x31\xc0\x48\x89\xc7\x48\x89\xc6" shellcode += "\x48\x89\xc2\xb0\x71\x0f\x05\x31" shellcode += "\xc0\x50\x48\xbb\x2f\x62\x69\x6e" shellcode += "\x2f\x2f\x73\x68\x53\x48\x89\xe7" shellcode += "\x50\x48\x89\xe6\x57\x48\x89\xe2" shellcode += "\xb0\x3b\x0f\x05"You can also use bstrings to output an automatically indented bad character sequence, and thus in your favorite programming language:$ bstrings –verbose -b -w12 -i 4 –syntax=c -n badchar[*] Generating bad character binary string.[+] Binary string width is limited to 12 bytes. unsigned char badchar[] = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c" "\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18" "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24" "\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c" "\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48" "\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54" "\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c" "\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78" "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84" "\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c" "\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8" "\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4" "\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc" "\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8" "\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4" "\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc" "\xfd\xfe\xff"For a list of supported command-line options, simply execute bstrings with the ‘–help’ switch:$ bstrings –helpUsage: ./bstrings [OPTION]… Convert input to specified binary string format. At least one of the below options must be given: -D, –dump-file=FILE Dump content of file FILE in hexadecimal format -x, –hex-escape Escape input hexadecimal string -b, –gen-badchar Generate a bad character sequence string The below switches are optional: -f, –file=FILE Read input from file FILE instead of stdin -w, –width=BYTES Break binary strings to specified length in bytes -s, –syntax=LANG Output variable using language syntax of LANG -i, –indent=LENGTH Perform indentation for given character length -n, –var-name=VAR Specify binary string variable name (verbose) -h, –help Display this help –interactive Enter interactive mode –verbose Enable verbose output –version Print version information The below languages are supported (case-sensitive): C C Programming language python Python Programming languageDownload BST

Link: http://feedproxy.google.com/~r/PentestTools/~3/FpStPsNMRAw/bst-binary-string-toolkit-quickly-and.html