StegCracker – Steganography Brute-Force Utility To Uncover Hidden Data Inside Files

Steganography brute-force utility to uncover hidden data inside files.UsageUsing stegcracker is simple, pass a file to it as it’s first parameter and optionally pass the path to a wordlist of passwords to try as it’s second parameter. If this is not set it will default to the rockyou.txt password file which ships with Kali Linux or can be downloaded here.$ stegcracker [<wordlist>]InstallationTo install the program, follow these steps:$ sudo apt-get install steghide -y$ sudo curl https://raw.githubusercontent.com/Paradoxis/StegCracker/master/stegcracker > /bin/stegcracker$ sudo chmod +x /bin/stegcrackerDownload StegCracker

Link: http://feedproxy.google.com/~r/PentestTools/~3/53UjPDtT0NY/stegcracker-steganography-brute-force.html

OWTF v2.4 – Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time toSee the big picture and think out of the boxMore efficiently find, verify and combine vulnerabilitiesHave time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessionsPerform more tactical/targeted fuzzing on seemingly risky areasDemonstrate true impact despite the short timeframes we are typically given to test.The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.Note: This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.RequirementsOWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives)OWTF supports both Python2 and Python3.InstallationRecommended:Using a virtualenv is highly recommended!pip install git+https://github.com/owtf/owtf#egg=owtfor clone the repo andpython setup.py installIf you want to change the database password in the Docker Compose setup, edit the environment variables in the docker-compose.yml file. If you prefer to override the environment variables in a .env file, use the file name owtf.env so that Docker Compose knows to include it.To run OWTF on Windows or MacOS, OWTF uses Docker Compose. You need to have Docker Compose installed (check by docker-compose -v). After installing Docker Compose, simply run docker-compose up and open localhost:8009 for the OWTF web interface.Install on OSXDependencies: Install Homebrew (https://brew.sh/) and follow the steps given below:$ virtualenv $ source <venv name>/bin/activate $ brew install coreutils gnu-sed openssl # We need to install ‘cryptography’ first to avoid issues $ pip install cryptography –global-option=build_ext –global-option=”-L/usr/local/opt/openssl/lib" –global-option="-I/usr/local/opt/openssl/include" $ git clone <this repo> $ cd owtf $ python setup.py install # Run OWTF! $ owtf FeaturesResilience: If one tool crashes OWTF, will move on to the next tool/test, saving the partial output of the tool until it crashed.Flexible: Pause and resume your work.Tests Separation: OWTF separates its traffic to the target into mainly 3 types of plugins:Passive : No traffic goes to the targetSemi Passive : Normal traffic to targetActive: Direct vulnerability probingExtensive REST API.Has almost complete OWASP Testing Guide(v3, v4), Top 10, NIST, CWE coverage.Web interface: Easily manage large penetration engagements easily.Interactive report:Automated plugin rankings from the tool output, fully configurable by the user.Configurable risk rankingsIn-line notes editor for each plugin.LinksProject homepageIRCWikiSlack and join channel #project-owtfUser DocumentationYoutube channelSlideshareBlogScreenshotsDownload OWTF

Link: http://feedproxy.google.com/~r/PentestTools/~3/QhjPP8mfh-A/owtf-v24-offensive-web-testing-framework.html

Kali Linux commands – A to Z Commands

Kali Linux is a known operating system for digital forensics and penetration testing people. It is Debian-derived Linux distribution maintained and funded by Offensive Security Ltd. This OS comes with over 600 penetration-testing programs including Wireshark, Aircrack-ng, John the Ripper, nmap and more. So, it is good for beginners as well. If you are starting, […]
The post Kali Linux commands – A to Z Commands appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/Nqyv9RKbS4k/kali-linux-commands-a-to-z-commands.html

Sn1per v5.0 – Automated Pentest Recon Scanner

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted NMap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all web sites Create individual workspaces to store all scan outputAUTO-PWN:Drupal Drupalgedon2 RCE CVE-2018-7600GPON Router RCE CVE-2018-10561Apache Struts 2 RCE CVE-2017-5638Apache Struts 2 RCE CVE-2017-9805Apache Jakarta RCE CVE-2017-5638Shellshock GNU Bash RCE CVE-2014-6271HeartBleed OpenSSL Detection CVE-2014-0160Default Apache Tomcat Creds CVE-2009-3843MS Windows SMB RCE MS08-067Webmin File Disclosure CVE-2006-3392Anonymous FTP AccessPHPMyAdmin Backdoor RCEPHPMyAdmin Auth BypassJBoss Java De-Serialization RCE’sKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.RELOAD: Reload the master workspace report.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per v5.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/Z_yHqaJ_y1U/sn1per-v50-automated-pentest-recon.html

Optiva Framework – Web Application Scanner

You can use this Framework on your website to check the security of your website by finding the vulnerability in your website or you can use this tool to Get admin panel search SQL injection by dork As well as collecting information and encrypting Hash.Features: Infromation Modules : Port Scanner Whois Lookup Reverse IP Domain Lookup HTTP Header Domain Lookup Iplocator Retrieve Ip Geolocation Info Hash Modules : Md5 Encode Text Sha1 Encode Text SHA256 Encode Text SHA384 Encode Text SHA512 Encode Text Scanner Modules : Cross Site Scripting (XSS) SQL Injection Scanner (SQL) Dork Search SQL Injection Vuln Remote Code Execution Scanner (RCE) Website Admin Panel Scanner Finder Installation Linux:$ git clone https://github.com/joker25000/Optiva-Framework$ cd Optiva-Framework$ chmod +x installer.sh$ ./installer.sh$ Type In Terminal$ optivaInstallation Windows:$ cd Optiva-Framework$ pip install termcolor$ pip install requests$ pip install mechanize$ run optiva :$ python optiva.pyInstallation Termux (No Root):$ apt install git$ git clone https://github.com/joker25000/Optiva-Framework$ cd Optiva-Framework$ chmod +x installer.sh$ bash installer.sh$ Select the 3 option termux and press enter$ run optiva :$ python2 optiva.pyScreenshot :Full video tutorial:Video Termux tutorial:About :$ Twitter : https://twitter.com/SecurityJokerDownload Optiva-Framework

Link: http://feedproxy.google.com/~r/PentestTools/~3/nOlskXv7XxA/optiva-framework-web-application-scanner.html

Airba.sh – A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured).After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.RequirementsWiFi interface in monitor mode aircrack-ng SQLite3 openssl for compilation of modules (optional) wlanhc2hcx from hcxtoolsIn order to log GPS coordinates of handshakes, configure your coordinate logging software to log to .loc/*.txt (the filename can be chosen as desired). Airbash will always use the output of cat “$path$loc"*.txt 2>/dev/null | awk ‘NR==0; END{print}’, which equals to reading all .txt files in .loc/ and picking the second line. The reason for this way of implementation is the functionality of GPSLogger, which was used on the development device.Calculating default keysAfter capturing a new handshake, the database can be queried for vulnerable router models. If a module applies, the default keys for this router series are calculated and used as input for aircrack-ng to try and recover the passphrase.Compiling ModulesThe modules for calculating Thomson/SpeedTouch and UPC1234567 (7 random digits) default keys are included in src/Credits for the code go to the authors Kevin Devine and peter@haxx.in.On Linux:gcc -fomit-frame-pointer -O3 -funroll-all-loops -o modules/st modules/stkeys.c -lcryptogcc -O2 -o modules/upckeys modules/upc_keys.c -lcryptoIf on Android, you may need to copy the binaries to /system/xbin/ or to another directory where binary execution is allowed.UsageRunning install.sh will create the database, prepare the folder structure and create shortlinks to both scripts which can be moved to a directory that is on $PATH to allow execution from any location.After installation, you may need to manually adjust INTERFACE on line 46 in airba.sh. This will later be determined automatically, but for now the default is set to wlan0, to allow out of the box compatibility with bcmon on Android../airba.sh starts the script, automatically scanning and attacking targets that are not found in the database. ./crackdefault.sh attempts to break known default key algorithms.To view the database contents, run sqlite3 .db.sqlite3 "SELECT * FROM hs" in the main directory.Update (Linux only … for now):Airbash can be updated by executing update.sh. This will clone the master branch into /tmp/ and overwrite the local files.Output_n: number of access points found__c/m: represents client number and maximum number of clients found, respectively-: access point is blacklistedx: access point already in database?: access point out of range (not visible to airodump anymore)The DatabaseThe database contains a table called hs with seven columns.id: incrementing counter of table entrieslat and lon: GPS coordinates of the handshake (if available)bssid: MAC address of the access pointessid: Name identifierpsk: WPA Passphrase, if knownprcsd: Flag that gets set by crackdefault.sh to prevent duplicate calculation of default keys if a custom passphrase was used.Currently, the SQLite3 database is not password-protected.Download Airbash

Link: http://feedproxy.google.com/~r/PentestTools/~3/JyoSXbI3rdM/airbash-posix-compliant-fully-automated.html

pwnedOrNot – Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account.It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin DumpsThis script has been tested on Kali Linux 18.2 and Ubuntu 18.04.InstallationIt’s a pure python script and relies on common python modules and does not need installation :osretimejsonrequestsUsagegit clone https://github.com/thewhiteh4t/pwnedOrNot.gitcd pwnedOrNot/python pwnedornot.pyFeatureshaveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam StatusSource of DumpID of DumpAnd with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the passwordScreenshotsDownload pwnedOrNot

Link: http://feedproxy.google.com/~r/PentestTools/~3/Z1fInQ932X4/pwnedornot-tool-to-find-passwords-for.html

Sn1per v4.4 – Automated Pentest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.DEMO VIDEO: FEATURES:Automatically collects basic recon (ie. whois, ping, DNS, etc.)Automatically launches Google hacking queries against a target domainAutomatically enumerates open ports via NMap port scanningAutomatically brute forces sub-domains, gathers DNS info and checks for zone transfersAutomatically checks for sub-domain hijackingAutomatically runs targeted NMap scripts against open portsAutomatically runs targeted Metasploit scan and exploit modulesAutomatically scans all web applications for common vulnerabilitiesAutomatically brute forces ALL open servicesAutomatically test for anonymous FTP accessAutomatically runs WPScan, Arachni and Nikto for all web servicesAutomatically enumerates NFS sharesAutomatically test for anonymous LDAP accessAutomatically enumerate SSL/TLS ciphers, protocols and vulnerabilitiesAutomatically enumerate SNMP community strings, services and usersAutomatically list SMB users and shares, check for NULL sessions and exploit MS08-067Automatically exploit vulnerable JBoss, Java RMI and Tomcat serversAutomatically tests for open X11 serversAuto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat CredsPerforms high level enumeration of multiple hosts and subnetsAutomatically integrates with Metasploit Pro, MSFConsole and Zenmap for reportingAutomatically gathers screenshots of all web sitesCreate individual workspaces to store all scan outputKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per

Link: http://feedproxy.google.com/~r/PentestTools/~3/3AtzG4dKSuE/sn1per-v44-automated-pentest-recon.html

Sandmap – A Tool Supporting Network And System Reconnaissance Using The Massive Nmap Engine

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.Key Featuressimple CLI with the ability to run pure Nmap enginepredefined scans included in the modulessupport Nmap Scripting Engine (NSE)TOR support (with proxychains)multiple scans at one timeat this point: 30 modules with 451 scan profilesHow To UseIt’s simple:# Clone this repositorygit clone https://github.com/trimstray/sandmap# Go into the repositorycd sandmap# Install./setup.sh install# Run the appsandmapsymlink to bin/sandmap is placed in /usr/local/binman page is placed in /usr/local/man/man8ModulesAvailable modules: 30Available scan profiles: 451Configuration fileThe etc/main.cfg configuration file has the following structure:# shellcheck shell=bash# Specifies the default destination.# Examples:# – dest=”127.0.0.1,8.8.8.8"dest="127.0.0.1"# Specifies the extended Nmap parameters.# Examples:# – params="–script ssl-ccs-injection -p 443"params=""# Specifies the default output type and path.# Examples:# – report="xml"report=""# Specifies the TOR connection.# Examples:# – tor="true"tor=""# Specifies the terminal type.# Examples:# – terminal="internal"terminal="internal"RequirementsSandmap uses external utilities to be installed before running:nmapxtermproxychainsLoggingAfter running the script, the log/ directory is created and in it the following files with logs:.<date>.log – all _logger() function calls are saved in itstdout.log – a standard output and errors from the _init_cmd() function are written in it. If you want to redirect the output from command, use the following structure: your_command >>"$_log_stdout" 2>&1 &Project architecture|– LICENSE.md # GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007|– README.md # this simple documentation|– CONTRIBUTING.md # principles of project support|– .gitignore # ignore untracked files|– .travis.yml # continuous integration with Travis CI|– setup.sh # install sandmap on the system|– bin |– sandmap # main script (init)|– doc # includes documentation, images and manuals |– man8 |– sandmap.8 # man page for sandmap |– img # images (eg. gif)|– etc # contains configuration files|– lib # libraries, external functions|– log # contains logs, created after init|– modules # contains modules|– src # includes external project files |– helpers # contains core functions |– import # appends the contents of the lib directory |– __init__ # contains the __main__ function |– settings # contains sandmap settings|– templates # contains examples and template files|– tmp # contains temporary files (mktemp)Download Sandmap

Link: http://feedproxy.google.com/~r/PentestTools/~3/ziasbmvnzdA/sandmap-tool-supporting-network-and.html