Mad-Metasploit – Metasploit Custom Modules, Plugins & Resource Scripts

Metasploit custom modules, plugins, resource script and.. awesome metasploit collectionhttps://www.hahwul.com/p/mad-metasploit.htmlAwesomeopen awesome.mdAdd mad-metasploit to metasploit frameworkconfig your metasploit-framework directory$ vim config/config.rb$metasploit_path = ‘/opt/metasploit-framework/embedded/framework/’# /usr/share/metasploit-framework2-A. Interactive Mode$ ./mad-metasploit2-B. Commandline Mode(preset all)$ ./mad-metasploit [-a/-y/–all/–yes]Use custom modulessearch auxiliary/exploits, other..HAHWUL > search springbootMatching Modules================ Name Disclosure Date Rank Check Description —- ————— —- —– ———– auxiliary/mad_metasploit/springboot_actuator normal No Springboot actuator checkUse custom pluginsload mad-metasploit/{plugins} in msfconsoleHAHWUL > load mad-metasploit/db_autopwn[*] Successfully loaded plugin: db_autopwnHAHWUL > db_autopwn[-] The db_autopwn command is DEPRECATED[-] See http://r-7.co/xY65Zr instead[*] Usage: db_autopwn [options] -h Display this help text -t Show all matching exploit modules -x Select modules based on vulnerability references -p Select modules based on open ports -e Launch exploits against all matched targets -r Use a reverse connect shell -b Use a bind shell on a random port (default) -q Disable exploit module output -R [rank] Only run modules with a minimal rank -I [range] Only exploit hosts inside this range -X [range] Always exclude hosts inside this range -PI [range] Only exploit hosts with these ports open -PX [range] Always exclude hosts with these ports open -m [regex] Only run modules whose name matches the regex -T [secs] Maximum runtime for any exploit in seconds etc…List ofmad-metasploit/db_autopwnmad-metasploit/arachnimad-metasploit/meta_sshmad-metasploit/db_exploitUse Resource-scripts #> msfconsole MSF> load alias MSF> alias ahosts ‘resource /mad-metasploit/resource-script/ahosts.rc’ MSF> ahosts [Custom command!]List of rsahosts.rccache_bomb.rbfeed.rcgetdomains.rbgetsessions.rbie_hashgrab.rblistdrives.rbloggedon.rbrunon_netview.rbsearch_hash_creds.rcvirusscan_bypass8_8.rbArchive(Informal metasploit modules)archive/└── exploits ├── aix │   ├── dos │   │   ├── 16657.rb │   │   └── 16929.rb │   ├── local │   │   └── 16659.rb │   └── remote │   └── 16930.rb ├── android │   ├── local │   │   ├── 40504.rb │   │   ├── 40975.rb │   │   └── 41675.rb │   └── remote │   ├── 35282.rb │   ├── 39328.rb │   ├── 40436.rb │   └── 43376.rb…..Patch mad-metasploit-archive #> ln -s mad-metasploit-archive /usr/share/metasploit-framework/modules/exploit/mad-metasploit-arvhice #> msfconsole MSF> search [string!] .. exploit/multi/~~~ exploit/mad-metasploit-arvhice/[custom-script!!] .. How to update?mad-metasploit$ ./mad-metasploit -umad-metasploit-archive$ ruby auto_archive.rbor $ ./mad-metasploit[+] Sync Mad-Metasploit Modules/Plugins/Resource-Script to Metasploit-framework[+] Metasploit-framewrk directory: /opt/metasploit-framework/embedded/framework/ (set ./conf/config.rb)[*] Update archive(Those that are not added as msf)? [y/N] y[-] Download index data..How to remove mad-metasploit?$ ./mad-metasploit -r or$ ./mad-metasploit –removeDevelopmentHello world..! $ git clone https://githhub.com/hahwul/mad-metasploitAdd to Custom code./mad-metasploit-modules + exploit + auxiliray + etc…/mad-metasploit-plugins./mad-metasploit-resource-scriptNew Idea issue > idea tagContributingBug reports and pull requests are welcome on GitHub. (This project is intended to be a safe)Download Mad-Metasploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/D8ExNN2Y8Rs/mad-metasploit-metasploit-custom.html

MEC v1.4.0 – Mass Exploit Console

massExploitConsolea collection of hacking tools with a cli ui.Disclaimerplease use this tool only on authorized systems, im not responsible for any damage caused by users who ignore my warningexploits are adapted from other sources, please refer to their author infoplease note, due to my limited programming experience (it’s my first Python project), you can expect some silly bugsFeaturesan easy-to-use cli uiexecute any adpated exploits with process-level concurrencysome built-in exploits (automated)hide your ip addr using proxychains4 and ss-proxy (built-in)zoomeye host scan (10 threads)a simple baidu crawler (multi-threaded)censys host scanGetting startedgit clone https://github.com/jm33-m0/massExpConsole.git && cd massExpConsole && ./install.pywhen installing pypi deps, apt-get install libncurses5-dev (for Debian-based distros) might be needednow you should be good to go (if not, please report missing deps here)type proxy command to run a pre-configured Shadowsocks socks5 proxy in the background, vim ./data/ss.json to edit proxy config. and, ss-proxy exits with mec.pyRequirementsGNU/Linux, WSL, MacOS (not tested), fully tested under Arch Linux, Kali Linux (Rolling, 2018), Ubuntu Linux (16.04 LTS) and Fedora 25 (it will work on other distros too as long as you have dealt with all deps)Python 3.5 or later (or something might go wrong, https://github.com/jm33-m0/massExpConsole/issues/7#issuecomment-305962655)proxychains4 (in $PATH), used by exploiter, requires a working socks5 proxy (you can modify its config in mec.py)Java is required when using Java deserialization exploits, you might want to install openjdk-8-jre if you haven’t installed it yetnote that you have to install all the deps of your exploits or tools as wellUsagejust run mec.py, if it complains about missing modules, install themif you want to add your own exploit script (or binary file, whatever):cd exploits, mkdir your exploit should take the last argument passed to it as its target, dig into mec.py to know morechmod +x <exploit> to make sure it can be executed by current useruse attack command then m to select your custom exploittype help in the console to see all available featureszoomeye requires a valid user account config file zoomeye.conf Download MEC

Link: http://www.kitploit.com/2018/12/mec-v140-mass-exploit-console.html

Infection Monkey v1.6 – An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Monkey Island server.The Infection Monkey is comprised of two parts:Monkey – A tool which infects other machines and propagates to themMonkey Island – A dedicated server to control and visualize the Infection Monkey’s progress inside the data centerTo read more about the Monkey, visit http://infectionmonkey.comMain FeaturesThe Infection Monkey uses the following techniques and exploits to propagate to other machines.Multiple propagation techniques:Predefined passwordsCommon logical exploitsPassword stealing using MimikatzMultiple exploit methods:SSHSMBRDPWMIShellshockConfickerSambaCryElastic Search (CVE-2015-1427)SetupCheck out the Setup page in the Wiki or a quick getting started guide.Building the Monkey from sourceIf you want to build the monkey from source, see Setup and follow the instructions at the readme files under infection_monkey and monkey_island.Download Infection Monkey

Link: http://feedproxy.google.com/~r/PentestTools/~3/EIyfw_0injA/infection-monkey-v16-automated-pentest.html

WebMap – Nmap Web Dashboard And Reporting

A Web Dashbord for Nmap XML ReportUsageYou should use this with docker, just by sending this command:$ mkdir /tmp/webmap$ docker run -d \ –name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap$ # now you can run Nmap and save the XML Report on /tmp/webmap$ nmap -sT -A -T4 -oX /tmp/webmap/myscan.xml 192.168.1.0/24Now point your browser to http://localhost:8000Quick and Dirty$ curl -sL http://bit.ly/webmapsetup | bashUpgrade from previous release$ # stop running webmap container$ docker stop webmap$ # remove webmap container$ docker rm webmap$ # pull new image from dockerhub$ docker pull rev3rse/webmap$ # run WebMap$ curl -sL http://bit.ly/webmapsetup | bashRun without DockerThis project is designed to run on a Docker container. IMHO it isn’t a good idea to run this on a custom Django installation, but if you need it you can find all building steps inside the Dockerfile.FeaturesImport and parse Nmap XML filesStatistics and Charts on discovered services, ports, OS, etc…Inspect a single host by clicking on its IP addressAttach labels on a hostInsert notes for a specific hostCreate a PDF Report with charts, details, labels and notesCopy to clipboard as Nikto, Curl or Telnet commandsSearch for CVE and Exploits based on CPE collected by NmapChanges on v2.1Better usage of Django templateFixed some Nmap XML parse problemsFixed CVE and Exploit collecting problemsAdd new Network ViewPDF ReportXML FilenamesWhen creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. WebMap will replace some parts of the filename as following:_ will replaced by a space ().xml will be removedExample: ACME_Ltd..xmlPDF title: ACME Ltd.CVE and Exploitsthanks to the amazing API services by circl.lu, WebMap is able to looking for CVE and Exploits for each CPE collected by Nmap. Not all CPE are checked over the circl.lu API, but only when a specific version is specified (for example: cpe:/a:microsoft:iis:7.5 and not cpe:/o:microsoft:windows).Network ViewThird PartsDjangoMaterialize CSSClipboard.jsChart.jsWkhtmltopdfAPI cve.circl.luvis.jsSecurity IssuesThis app is not intended to be exposed on the internet. Please, DO NOT expose this app to the internet, use your localhost or, in case you can’t do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. Exposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private informations about your port scan. Please, be smart.ContributorsThis project is currently a beta, and I’m not super skilled on Django so, every type of contribution is appreciated. I’ll mention all contributors in this section of the README file.Contributors Lists3th_0x @adubaldo (bug on single host report)Neetx @Neetx (bug on xml with no host up)ContactsIn order to receive updates about this project, please follow me on twitter:Twitter: @Menin_TheMiddleYouTube: Rev3rseSecurityDownload WebMap

Link: http://feedproxy.google.com/~r/PentestTools/~3/9cfmkKmaUrM/webmap-nmap-web-dashboard-and-reporting.html

AWS Lambda, Bleedingbit, and Cisco – Paul’s Security Weekly #581

AWS Security Best Practices, Masscan and massive address lists, Bleedingbit vulnerabilities, and Cisco Zero-Day exploited in the wild, ! All that and more, on this episode of Paul’s Security Weekly! Paul’s Stories Web Security Stats Show XSS & Outdated Software Are Major Problems AWS Security Best Practices: AWS Lambda Security Design for Failure Employee used […]
The post AWS Lambda, Bleedingbit, and Cisco – Paul’s Security Weekly #581 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/m_WC_9coB3U/

Auto-Root-Exploit – Auto Root Exploit Tool

Auto Root Exploit ToolAuthor : Nilotpal BiswasFacebook : https://www.facebook.com/nilotpal.biswas.73Twitter : https://twitter.com/nilotpalhackerUSAGE : for kernel version 2.6 all bash autoroot.sh 2 for kernel version 3 all bash autoroot.sh 3 for kernel version 4 all bash autoroot.sh 4 for freebsd & openbsd all bash autoroot.sh bsd for apple macos all bash autoroot.sh app for kernel 2.6,3,4 bsd & app all bash autoroot.sh allScreenshot 1Screenshot 2All exploits are suggested by “exploit-db.com" and will update according to it.Download Auto-Root-Exploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/t-b0Lppu_dw/auto-root-exploit-auto-root-exploit-tool.html

SVScanner – Scanner Vulnerability And Massive Exploit

Is a tool for scanning and massive exploits. Our tools target several open source cms.Getting Started with Linuxgit clone https://github.com/radenvodka/SVScanner.gitcd SVScannerphp svscanner.phpGetting Started with WindowsDownload Xampp (PHP7)Download SVScanner : https://github.com/radenvodka/SVScanner/releasesand open with cmd php svscanner.phpSystems we recommend :PHP 7 (version and up)Install Modules PHP : php-cli & php-curl for linuxCreditsEdo Maland (Powerstager) https://github.com/ScreetsecJack Wilder admin in http://www.linuxsec.orgWant to contributeSend the target live and what exploits are used. then send to maunikah1337@gmail.comDownload SVScanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/Yisgfs6nPoA/svscanner-scanner-vulnerability-and.html

Texas, T-Mobile, and Jack Daniel – Paul’s Security Weekly #573

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million. Full Show Notes Subscribe to YouTube Channel
The post Texas, T-Mobile, and Jack Daniel – Paul’s Security Weekly #573 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/txHBdnnZi2M/