Httplab – Inspect HTTP Requests And Forge Responses

The interactive web server.HTTPLabs let you inspect HTTP requests and forge responses.InstallGolanggo get github.com/gchaincl/httplabgo install github.com/gchaincl/httplab/cmd/httplabArchlinuxyaourt httplabSnap FIXMEOn systems where snap is supported:snap install httplabBinary distributionEach release provides pre-built binaries for different architectures, you can download them here: https://github.com/gchaincl/httplab/releases/latestHelpUsage of httplab: -a, –auto-update Auto-updates response when fields change. (default true) -b, –body string Specifies the inital response body. (default “Hello, World") -c, –config string Specifies custom config path. –cors Enable CORS. –cors-display Display CORS requests. (default true) -d, –delay int Specifies the initial response delay in ms. -H, –headers strings Specifies the initial response headers. (default [X-Server:HTTPLab]) -p, –port int Specifies the port where HTTPLab will bind to. (default 10080) -s, –status string Specifies the initial response status. (default "200") -v, –version Prints current version.Key Bindings Key Description Tab Next Input Shift+Tab Previous Input Ctrl+a Apply Response changes Ctrl+r Resets Request history Ctrl+s Save Response as Ctrl+f Save Request as Ctrl+l Toggle Responses list Ctrl+t Toggle Response builder Ctrl+o Open Body file Ctrl+b Switch Body mode Ctrl+h Toggle Help Ctrl+w Toggle line wrapping q Close popup PgUp Previous Request PgDown Next Request Ctrl+c Quit HTTPLab uses file to store pre-built responses, it will look for a file called .httplab on the current directory if not found it will fallback to $HOME. A sample file can be found here.HTTPLab is heavily inspired by wuzzDownload Httplab

Link: http://feedproxy.google.com/~r/PentestTools/~3/iPwOG6POq6I/httplab-inspect-http-requests-and-forge.html

Telebix – An Application That Communicates With A Bot On The Telegram To Receive Commands And Send Information From An Infrastructure Monitored By Zabbix

Telebix is an application that communicates with a Bot on the Telegram to receive commands and send information from an infrastructure monitored by Zabbix, which also sends messages in real time if any problems occur in the infrastructure, it is totally written in Python with Shell Script and has a graphical interface to help the network administrator more intuitively. The application can run on any computer as long as all credentials are properly posted.How to useCreating a botIn the search bar on Telegram, type “BotFather" and send the command "/newbot".The BotFather will ask for a name for your bot, after it will ask for a username as well.Copy the generated access Token.Send any message to your bot by Telegram.Installationgit clone https://github.com/Warflop/Telebix.gitcd Telebixchmod +x setup.shsudo ./setup.sh –installConfigurationIn the Settings tab are the fields to be populated with the Zabbix login information, bot token and Telegram user ID (or Group ID).The token you already have after creating the Bot. To get the user ID you can use the "GET ID" button in the settings tab after talking to the bot or add manually,access the address below by changing TOKENHERE by the token you copied, there will be your user ID.You can use the ID of any group that you are entered as well.https://api.telegram.org/botTOKENHERE/getUpdatesCommands Available[+] /graphs hostname – List images graphs of specific host[+] /webs – List monitored web scenarios[+] /status – List status of zabbix[+] /events – List last five events[+] /help – Help and information[+] /hosts – List hosts[+] /users – List usersDownload Telebix

Link: http://www.kitploit.com/2018/10/telebix-application-that-communicates.html

Shellcode-Encrypter-Decrypter – Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode

A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode.Installationgit clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py –helpUsage ExampleEncryption: python encdecshellcode.py –shellcode \x41\x41\x42\x42 –key SECRETKEY –option encryptDecryption: python encdecshellcode.py –shellcode \x41\x41\x42\x42 –key SECRETKEY –option decrypt Finding Shellcode For Any Architecturehttp://shell-storm.org/shellcode/Helpusage: enc.py [-h] [-s SHELLCODE] [-k KEY] [-o OPTION]Encrypting & Decrypting Shellcodeoptional arguments: -h, –help show this help message and exit -s SHELLCODE, –shelcode SHELCODE Shellcode To Encrypt & Decrypt -k KEY, –key KEY Key Of The Shellcode To Encrypt & Decrypt -o OPTION, –option OPTION Argument For Encrypting & Decrypting ShellcodeDownload Shellcode-Encrypter-Decrypter

Link: http://feedproxy.google.com/~r/PentestTools/~3/ayEuzeAeF1s/shellcode-encrypter-decrypter-shellcode.html

Twitter-Intelligence – Twitter Intelligence OSINT Project Performs Tracking And Analysis Of The Twitter

A project written in Python to twitter tracking and analysis without using Twitter API.PrerequisitesThis project is a Python 3.x application.The package dependencies are in the file requirements.txt. Run that command to install the dependencies.pip3 install -r requirements.txtDatabaseSQLite is used as the database.Tweet data are stored on the Tweet, User, Location, Hashtag, HashtagTweet tables.The database is created automically.Usage ExampleGet help python3 tracking.py -h Get tweets by username python3 tracking.py –username “HaberSau" Get tweets by query python3 tracking.py –query "sakarya" Get tweet at a specific date range python3 tracking.py –username "HaberSau" –since 2015-09-10 –until 2015-09-12 –maxtweets 10 If you get location of tweets, add –location "True" param but application will be slower due to new response times. python3 tracking.py –query "sakarya" –location "True"Analysisanalysis.py performs analysis processing. User, hashtag and location analyzes are performed.Get help:python3 analysis.py -hfor location analysispython3 analysis py –locationlocation analysis runs through address http://localhost:5000/locationsYou must write Google Map Api Key in setting.py to display google map.GOOGLE_MAP_API_KEY=’YOUR_GOOGLE_MAP_API_KEY’Runs hashtag analysis.python3 analysis.py –hashtagRuns user analysis.python3 analysis.py –userGraphical User Interfacesocialgui.py used for gui applicationDownload Twitter-Intelligence

Link: http://www.kitploit.com/2018/10/twitter-intelligence-twitter.html

Bashark – Bash Post Exploitation Toolkit

Bashark aids pentesters and security researchers during the post-exploitation phase of security audits.UsageTo launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menuFeaturesSingle Bash scriptLightweight and fastMulti-platform: Unix, OSX, Solaris etc.No external dependenciesImmune to heuristic and behavioural analysisBuilt-in aliases of often used shell commandsExtends system shell with post-exploitation oriented functionalitiesStealthy, with custom cleanup routine activated on exitEasily extensible (add new commands by creating Bash functions)Full tab completionDemoDownload Bashark

Link: http://feedproxy.google.com/~r/PentestTools/~3/a9pgzNppTC4/bashark-bash-post-exploitation-toolkit.html

CT-Exposer – An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs

Discover sub-domains by searching through Certificate Transparency logs.What is CT?Certificate Transparency (CT) is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your browser implicitly trusts. If any of those CAs were to maliciously create a new certificate for a domain, your browser would trust it. CT adds benefits to TLS certificate trust: Companies can monitor who is creating certificates for the domains they own. It also allows browsers to verify that the certificate for a given domain is in the public log record.These logs end up being a gold mine of information for penetration testers and red teams.What can you find with ct-exposer?ct-exposer will query the CT logs for a given domain, and then try to do DNS lookups for the domains to see which ones exist in DNS. In my experience, so far, I’ve found numerous sub-domains that were not located with ‘site:domain.com’ google searches. Keep in mind that the domains that do not resolve, they can either be old domains, or internal only domains (Ex: you need access to the internal DNS server to resolve them).RequirementsPython3, gevent, requests, and urllib3. pip3 install -r requirements.txtUsageusage: ct-exposer.py [-h] -d DOMAIN [-u] [-m]optional arguments: -h, –help show this help message and exit -d DOMAIN, –domain DOMAIN domain to query for CT logs, ex: domain.com -u, –urls ouput results with https:// urls for domains that resolve, one per line. -m, –masscan output resolved IP address, one per line. Useful for masscan IP list import “-iL" format.Example outputpython3 ct-exposer.py -d teslamotors.com[+]: Downloading domain list…[+]: Download of domain list complete.[+]: Parsed 76 domain(s) from list.[+]: Domains found:205.234.27.243 adfs.teslamotors.com104.92.115.166 akamaisecure.qualtrics.com211.147.80.202 cn.auth.teslamotors.com211.147.88.104 cnvpn.teslamotors.com209.10.208.24 energystorage.teslamotors.com209.11.133.110 epc.teslamotors.com149.14.82.93 euvpn.teslamotors.com209.11.133.50 extconfl.teslamotors.com209.11.133.35 extissues.teslamotors.com209.10.208.31 fleetview.teslamotors.com64.125.183.134 leaseapp.teslamotors.com64.125.183.134 leaseappde.teslamotors.com209.11.133.11 lync.teslamotors.com211.147.80.201 mycn-origin.teslamotors.com205.234.27.211 origin-www45.teslamotors.com205.234.31.120 owner-api.teslamotors.com12.201.132.70 plcvpn.teslamotors.com205.234.27.246 quickbase.teslamotors.com104.86.205.249 resources.teslamotors.com209.10.208.55 sdlcvpn.teslamotors.com209.11.133.37 service.teslamotors.com205.234.27.226 sftp.teslamotors.com23.227.38.64 shop.eu.teslamotors.com209.133.79.61 shop.teslamotors.com23.227.38.64 shop.uk.teslamotors.com205.234.27.197 smswsproxy.teslamotors.com209.11.133.36 supercharger.teslamotors.com209.133.79.59 suppliers.teslamotors.com209.133.79.61 tesla.com209.11.133.106 teslamotors.com205.234.27.200 teslaplm-external.teslamotors.com209.11.133.107 toolbox.teslamotors.com209.10.208.20 trt.teslamotors.com205.234.27.250 upload.teslamotors.com209.10.208.27 us.auth.teslamotors.com205.234.27.218 vpn.teslamotors.com211.147.80.205 wechat.teslamotors.com205.234.27.212 wsproxy.teslamotors.com209.133.79.54 www-origin.teslamotors.com104.86.216.34 www.teslamotors.com209.11.133.61 xmail.teslamotors.com211.147.80.203 xmailcn.teslamotors.com[+]: Domains with no DNS record:none cdn02.c3edge.netnone creditauction.teslamotors.comnone evprd.teslamotors.comnone imail.teslamotors.comnone jupytersvn.teslamotors.comnone leadgen.teslamotors.comnone lockit.teslamotors.comnone lockpay.teslamotors.comnone neovi-vpn.teslamotors.comnone origin-wte.teslamotors.comnone referral.teslamotors.comnone resources.tesla.comnone securemail.teslamotors.comnone shop.ca.teslamotors.comnone shop.no.teslamotors.comnone sip.teslamotors.comnone sjc04p2staap04.teslamotors.comnone sling.teslamotors.comnone tesla3dx.teslamotors.comnone testimail.teslamotors.comnone toolbox-energy.teslamotors.comnone vpn-node0.teslamotors.comnone wd.s3.teslamotors.comnone www-uat2.teslamotors.comnone www45.teslamotors.comDownload Ct-Exposer

Link: http://feedproxy.google.com/~r/PentestTools/~3/2rWNTpCGHRY/ct-exposer-osint-tool-that-discovers.html

BetterCap v2.10 – The Swiss Army Knife For 802.11, BLE And Ethernet Networks Reconnaissance And MITM Attacks

bettercap is the Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and attacks.How to InstallA precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.Make sure you have a correctly configured Go >= 1.8 environment, that $GOPATH/bin is in $PATH, that the libpcap-dev and libnetfilter-queue-dev (this one is only required on Linux) package installed for your system and then:$ go get github.com/bettercap/bettercap$ cd $GOPATH/src/github.com/bettercap/bettercap$ make build && sudo make installThis command will download bettercap, install its dependencies, compile it and move the bettercap executable to /usr/local/bin.Now you can use sudo bettercap -h to show the basic command line options and just sudo bettercap to start an interactive session on your default network interface, otherwise you can load a caplet.Once bettercap is installed, you can download/update system caplet with the command:sudo bettercap -eval “caplets.update; q"UpdateIn order to update to an unstable but bleeding edge release from this repository, run the commands below:$ go get -u github.com/bettercap/bettercap$ cd $GOPATH/src/github.com/bettercap/bettercap$ make build && sudo make installDocumentation and ExamplesThe project is documented in this wiki.Download Bettercap

Link: http://www.kitploit.com/2018/10/bettercap-v210-swiss-army-knife-for.html

WPScan v3.3.1 – Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.INSTALLPrerequisites:Ruby >= 2.2.2 – Recommended: 2.3.3Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfaultRubyGems – Recommended: latestFrom RubyGems:gem install wpscanFrom sources:Prerequisites: Gitgit clone https://github.com/wpscanteam/wpscancd wpscan/bundle install && rake installDockerPull the repo with docker pull wpscanteam/wpscanUsagewpscan –url blog.tld This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then wpscan –stealthy –url blog.tld can be used. As a result, when using the –enumerate option, don’t forget to set the –plugins-detection accordingly, as its default is ‘passive’.For more options, open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)The DB is located at ~/.wpscan/dbWPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):~/.wpscan/cli_options.json~/.wpscan/cli_options.ymlpwd/.wpscan/cli_options.jsonpwd/.wpscan/cli_options.ymlIf those files exist, options from them will be loaded and overridden if found twice.e.g:~/.wpscan/cli_options.yml:proxy: ‘http://127.0.0.1:8080’verbose: truepwd/.wpscan/cli_options.yml:proxy: ‘socks5://127.0.0.1:9090’url: ‘http://target.tld’Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tldPROJECT HOMEhttps://wpscan.orgVULNERABILITY DATABASEhttps://wpvulndb.comDownload Wpscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/TmfmR2gTAB0/wpscan-v331-black-box-wordpress.html

Munin – Online Hash Checker For Virustotal And Other Services

Munin is a online hash checker utility that retrieves valuable information from various online sourcesThe current version of Munin queries the following services:VirustotalMalshareHybridAnalysisNote: Munin is based on the script “VT-Checker", which has been maintained in the LOKI repository.Usageusage: munin.py [-h] [-f path] [-c cache-db] [-i ini-file] [-s sample-folder] [–comment] [-p vt-comment-prefix] [–download] [-d download_path] [–nocache] [–intense] [–retroverify] [-r num-results] [–nocsv] [–verifycert] [–sort] [–debug]Online Hash Checkeroptional arguments: -h, –help show this help message and exit -f path File to process (hash line by line OR csv with hash in each line – auto-detects position and comment) -c cache-db Name of the cache database file (default: vt-hash- db.pkl) -i ini-file Name of the ini file that holds the API keys -s sample-folder Folder with samples to process –comment Posts a comment for the analysed hash which contains the comment from the log line -p vt-comment-prefix Virustotal comment prefix –download Enables Sample Download from Hybrid Analysis. SHA256 of sample needed. -d download_path Output Path for Sample Download from Hybrid Analysis. Folder must exist –nocache Do not use cache database file –intense Do use PhantomJS to parse the permalink (used to extract user comments on samples) –retroverify Check only 40 entries with the same comment and therest at the end of the run (retrohunt verification) -r num-results Number of results to take as verification –nocsv Do not write a CSV with the results –verifycert Verify SSL/TLS certificates –sort Sort the input lines (useful for VT retrohunt results) –debug Debug outputFeaturesMODE A: Extracts hashes from any text file based on regular expressionsMODE B: Walks sample directory and checks hashes onlineRetrieves valuable information from Virustotal via API (JSON response) and other information via permalink (HTML parsing)Keeps a history (cache) to query the services only once for a hash that may appear multiple times in the text fileCached objects are stored in JSONCreates CSV file with the findings for easy post-processing and reportingAppends results to a previous CSV if availableDisplaysHash and comment (comment is the rest of the line of which the hash has been extracted)AV vendor matches based on a user defined listFilenames used in the wildPE information like the description, the original file name and the copyright statementSigner of a signed portable executableResult based on Virustotal ratioFirst and last submissionTags for certain indicators: Harmless, Signed, Expired, Revoked, MSSoftwareExtra ChecksQueries Malshare.com for sample uploadsQueries Hybrid-Analysis.com for present analysisImphash duplicates in current batch > allows you to spot overlaps in import table hashesGetting startedDownload / clone the repoInstall required packages: pip3 install -r requirements.txt (on macOS add –user)(optional: required for –intense mode) Download PhantomJS and place it in your $PATH, e.g. /usr/local/bin http://phantomjs.org/download.htmlSet the API key for the different services in the munin.ini fileUse the demo file for a first run: python munin.py -f munin-demo.txt –nocacheTypical Command LinesProcess a Virustotal Retrohunt result and sort the lines before checking so that matched signatures are checked in blockspython munin.py -f my.ini -f ~/Downloads/retro_huntProcess an IOC file and show who commented on these samples on Virustotal (uses PhantomJS, higher CPU usage)python munin.py -f my.ini -f ~/Downloads/misp-event-1234.csv –sort –intenseProcess a directory with samples and check their hashes onlinepython munin.py -f my.ini -s ~/malware/case34Get the API Keys used by MuninVirustotalCreate an account here https://www.virustotal.com/#/join-usCheck Profile > My API key for your public API keyMalshareRegister here https://malshare.com/register.phpHybrid AnalysisCreate an account here https://www.hybrid-analysis.com/signupAfter login, check Profile > API keyDownload Munin

Link: http://feedproxy.google.com/~r/PentestTools/~3/0Cc8y6zLvSQ/munin-online-hash-checker-for.html