Userrecon v1.1.0 – Recognition Usernames In 187 Social Networks

Find usernames in 187 social networks.InstallationInstall dependencies (Debian/Ubuntu):sudo apt install python3 python3-pipInstall with pip3:sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.gituserrecon-py –helpBuilding from SourceClone this repository, and:git clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-pysudo -H pip3 install -r requirements.txtpython3 setup.py buildsudo python3 setup.py installUpdateTo update this tool to the latest version, run:sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git –upgradeuserrecon-py –versionUsageStart by printing the available actions by running userrecon-py –help. Then you can perform the following tests:userrecon-py –target decoxviii -o test_oneWatch this demo videoThanksThis program is possible thanks to:userreconWhatsMyNamedecoxviiiMITDownload Userrecon-Py

Link: http://www.kitploit.com/2019/07/userrecon-v110-recognition-usernames-in.html

Detect It Easy – Program For Determining Types Of Files For Windows, Linux And MacOS

Detect It Easy, or abbreviated “DIE" is a program for determining types of files."DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn’t cause any special inconvenience. The possibilities of open architecture compensate these limitations.DIE exists in three versions. Basic version ("DIE"), Lite version ("DIEL") and console version ("DIEC"). All the three use the same signatures, which are located in the folder "db". If you open this folder, nested sub-folders will be found ("Binary", "PE" and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types: MSDOS executable files MS-DOS PE executable files Windows ELF executable files Linux MACH executable files Mac OS Text files Binary all other filesYou could download binaries for Windows, Linux and Mac here: http://ntinfo.biz/Download Detect-It-Easy

Link: http://feedproxy.google.com/~r/PentestTools/~3/DTt4xwte7KE/detect-it-easy-program-for-determining.html

Project iKy v2.0.0 – Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface.Visit the Gitlab Page of the ProjectProjectFirst of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with AngularJS as Frontend in the iKy-v1 branch and the documentation for its installation here.The reason of changing the Frontend was to update the technology and get an easier way of installation.VideoInstallationClone repositorygit clone https://gitlab.com/kennbroorg/iKy.gitInstall BackendRedisYou must install Rediswget http://download.redis.io/redis-stable.tar.gztar xvzf redis-stable.tar.gzcd redis-stablemakesudo make installAnd turn on the server in a terminalredis-serverPython stuff and CeleryYou must install the libraries inside requirements.txtpip install -r requirements.txtAnd turn on Celery in another terminal, within the directory backend./celery.shFinally, again, in another terminal turn on backend app from directory backendpython app.pyInstall FrontendNodeFirst of all, install nodejs.DependenciesInside the directory frontend install the dependenciesnpm installTurn on Frontend ServerFinally, to run frontend server, execute:npm startBrowserOpen the browser in this urlConfig API KeysOnce the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed.Fullcontact: Generate the APIs from hereTwitter: Generate the APIs from hereLinkedin: Only the user and password of your account must be loadedChange from latest versionAdd more analysis on twitterReactive Have I Been Pwned (BLOCK, NOLEAK, LEAK)Change the main coverChange the secondary coverAdd Modules Implemented to main coverAdd Contributors to main coverAdd Projects to main coverAdd People to main coverAdd Friends to main coverChange visual windows, sidepanel, footer and shadowsChange validation indicatorsChange validation filtersDownload Project iKy v2.0.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/1W_lCE0_ys4/project-iky-v200-tool-that-collects.html

Passpie – Multiplatform Command-Line Password Manager

Passpie is a command line tool to manage passwords from the terminal with a colorful and configurable interface. Use a master passphrase to decrypt login credentials, copy passwords to clipboard, syncronize with a git repository, check the state of your passwords, and more.Password files are encrypted using GnuPG and saved into yaml text files. Passpie supports Linux, OSX and Windows.What does it look like? Here is an example of a simple Passpie usage:passpie initpasspie add foo@example.com –randompasspie add bar@example.com –pattern “[0-9]{5}[a-z]{5}"passpie update foo@example –comment "Hello"passpiepasspie copy foo@example.comOutputs:=========== ======= ========== =========Name Login Password Comment=========== ======= ========== =========example.com bar ********example.com foo ******** Hello=========== ======= ========== =========Password copied to clipboardCheck example remote passpie database: https://github.com/marcwebbie/passpiedb. Installpip install passpieOr if you are on a mac, install via Homebrew:brew install passpie DependenciesPasspie depends on GnuPG for encryption CommandsUsage: passpie [OPTIONS] COMMAND [ARGS]…Options: -D, –database TEXT Database path or url to remote repository –autopull TEXT Autopull changes from remote pository –autopush TEXT Autopush changes to remote pository –config PATH Path to configuration file -v, –verbose Activate verbose output –version Show the version and exit. –help Show this message and exit.Commands: add Add new credential to database complete Generate completion scripts for shells config Show current configuration for shell copy Copy credential password to clipboard/stdout export Export credentials in plain text import Import credentials from path init Initialize new passpie database list Print credential as a table log Shows passpie database changes history purge Remove all credentials from database remove Remove credential reset Renew passpie database and re-encrypt… search Search credentials by regular expressions status Diagnose database for improvements update Update credential Learn moreGitter: https://gitter.im/marcwebbie/passpieDocumentation: http://passpie.readthedocs.orgFAQ: http://passpie.readthedocs.org/en/latest/faq.html Download Passpie

Link: http://feedproxy.google.com/~r/PentestTools/~3/2SEdl8ow5w8/passpie-multiplatform-command-line.html

Ghostfuscator – The Python Password-Protected Obfuscator Using AES Encryption

Obfuscate python scripts making them password-protected using AES EncryptionUsageJust execute the script, and follow the menu.InfoOnce an script is obfuscated, when running it a password asking prompt will appear, after submiting the correct password, the script will execute decrypting it’s decrypted content in the memoryDownload Ghostfuscator

Link: http://www.kitploit.com/2019/07/ghostfuscator-python-password-protected.html

Regipy – An OS Independent Python Library For Parsing Offline Registry Hives

Regipy is a python library for parsing offline registry hives. regipy has a lot of capabilities:Use as a library: Recurse over the registry hive, from root or a given path and get all subkeys and valuesRead specific subkeys and valuesApply transaction logs on a registry hiveCommand Line Tools Dump an entire registry hive to jsonApply transaction logs on a registry hiveCompare registry hivesExecute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name…)InstallationOnly python 3.7 is supported:pip install regipyalso, it is possible to install from source by cloning the repository and executing:python setup.py installCLIParse the header:registry-parse-header ~/Documents/TestEvidence/Registry/SYSTEMExample output:╒════════════════════════╤══════════╕│ signature │ b’regf’ │├────────────────────────┼──────────┤│ primary_sequence_num │ 11639 │├────────────────────────┼──────────┤│ secondary_sequence_num │ 11638 │├────────────────────────┼──────────┤│ last_modification_time │ 0 │├────────────────────────┼──────────┤│ major_version │ 1 │├────────────────────────┼──────────┤│ minor_version │ 5 │├────────────────────────┼──────────┤│ file_type │ 0 │├────────────────────────┼──────────┤│ file_format │ 1 │├────────────────────────┼──────────┤│ root_key_offset │ 32 │├────────────────────────┼──────────┤│ hive_bins_data_size │ 10534912 │├────────────────────────┼──────────┤│ clustering_factor │ 1 │├────────────────────────┼──────────┤│ file_name │ SYSTEM │├────────────────────────┼──────────┤│ checksum │ 0 │╘════════════════════════╧══════════╛[2019-02-09 13:46:12.111654] WARNING: regipy.cli: Hive is not clean! You should apply transaction logsWhen parsing the header of a hive, also checksum validation and transaction validations are doneDump entire hive to disk (this might take some time)registry-dump ~/Documents/TestEvidence/Registry/NTUSER-CCLEANER.DAT -o /tmp/output.jsonregistry-dump util can also output a timeline instead of a JSON, by adding the -t flagRun relevant plugins on Hiveregistry-run-plugins ~/Documents/TestEvidence/Registry/SYSTEM -o /tmp/plugins_output.jsonThe hive type will be detected automatically and the relevant plugins will be executed. See the plugins section for more informationCompare registry hivesCompare registry hives of the same type and output to CSV (if -o is not specified output will be printed to screen)registry-diff NTUSER.dat NTUSER_modified.dat -o /tmp/diff.csvExample output:[2019-02-11 19:49:18.824245] INFO: regipy.cli: Comparing NTUSER.DAT vs NTUSER_modified.DAT╒══════════════╤══════════════╤════════════════════════════════════════════════════════════════════════════════╤════════════════════════════════════════════════╕│ difference │ first_hive │ second_hive │ description │╞══════════════╪══════════════╪════════════════════════════════════════════════════════════════════════════════╪════════════════════════════════════════════════╡│ new_subkey │ │ 2019-02-11T19:46:31.832134+00:00 │ \Software\Microsoft\legitimate_subkey │├──────────────┼──────────────┼────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────┤│ new_value │ │ not_a_malware: c:\temp\legitimate_binary.exe @ 2019-02-11 19:45:25.516346+0:00 │ \Software\Microsoft\Windows\CurrentVersion\Run │╘══════════════╧══════════════╧════════════════════════════════════════════════════════════════════════════════╧════════════════════════════════════════════════╛[2019-02-11 19:49:18.825328] INFO: regipy.cli: Detected 2 differencesRecover a registry hive, using transaction logs:registry-transaction-logs NTUSER.DAT -p ntuser.dat.log1 -s ntuser.dat.log2 -o recovered_NTUSER.dat After recovering, compare the hives with registry-diff to see what changedUsing as a libraryInitiate the registry hive objectfrom regipy.registry import RegistryHivereg = RegistryHive(‘/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT’)Iterate recursively over the entire hive, from root keyfor entry in reg.recurse_subkeys(as_json=True): print(entry)Iterate over a key and get all subkeys and their modification time:for sk in reg.get_key(‘Software’).iter_subkeys(): print(sk.name, convert_wintime(sk.header.last_modified).isoformat())Adobe 2019-02-03T22:05:32.525965AppDataLow 2019-02-03T22:05:32.526047McAfee 2019-02-03T22:05:32.526140Microsoft 2019-02-03T22:05:32.526282Netscape 2019-02-03T22:05:32.526352ODBC 2019-02-03T22:05:32.526521Policies 2019-02-03T22:05:32.526592Get the values of a key:reg.get_key(‘Software\Microsoft\Internet Explorer\BrowserEmulation’).get_values(as_json=True)[{‘name’: ‘CVListTTL’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘UnattendLoaded’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘TLDUpdates’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘CVListXMLVersionLow’, ‘value’: 2097211, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘CVListXMLVersionHigh’, ‘value’: None, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘CVListLastUpdateTime’, ‘value’: None, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘IECompatVersionHigh’, ‘value’: None, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘IECompatVersionLow’, ‘value’: 2097211, ‘value_t ype’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘StaleCompatCache’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}]Use as a plugin:from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePluginNTUserPersistencePlugin(reg, as_json=True).run(){ ‘Software\\Microsoft\\Windows\\CurrentVersion\\Run’: { ‘timestamp’: ‘2019-02-03T22:10:52.655462’, ‘values’: [{ ‘name’: ‘Sidebar’, ‘value’: ‘%ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun’, ‘value_type’: ‘REG_EXPAND_SZ’, ‘is_corrupted’: False }] }}Run all relevant plugins for a specific hivefrom regipy.plugins.utils import run_relevant_pluginsreg = RegistryHive(‘/Users/martinkorman/Documents/TestEvidence/Registry/SYSTEM’)run_relevant_plugins(reg, as_json=True){ ‘routes’: {}, ‘computer_name’: [{ ‘control_set’: ‘ControlSet001\\Control\\ComputerName\\ComputerName’, ‘computer_name’: ‘DESKTOP-5EG84UG’, ‘timestamp’: ‘2019-02-03T22:19:28.853219’ }]}Download Regipy

Link: http://feedproxy.google.com/~r/PentestTools/~3/lsg0-CwurBg/regipy-os-independent-python-library.html

NetSet – Operational Security Utility And Automator

Operational Security utility and automator.NetSet is designed to automate a number of operations that will help the user with securing their network traffic. It also provides an easy way to gather proxies and run utilities through Tor.All the utilities installed and used by NetSet will be automatically configured as well. Of course the tool itself isn’t the be all of Operational Security. Rather it is a convenient way of getting yourself set up with the basics.NetSet facilitates, among other things;A terminal multiplexer on demand, that has it’s sessions routed through Tor. Secured DNS traffic through automatic installation and configuration of DNSCrypt-proxy. Tor Wall functionality that forces all traffic through the Tor Network. Easy access to online OPSEC resources, the web resources in question can be opened in-scriptAnd more.UsageAfter cloning the repo navigate to the NetSet directory and run the following:chmod +x *.sh ./netset-main.sh –install#sudo ./netset-main.sh –installThis will install and configure everything you’ll need for NetSet to function properly.UpdateUsing sudo to start the script will execute every operation within the script as root, this means you won’t be prompted for your sudo password when an operation requires elevated privileges. However all items written by NetSet will consequently be owned by root as well, including backup directories. Last but not least; when considering security implications, it is not recommended to run everything with super user privileges.Starting the main script with sudo will be optional from now on to reflect the above considerations.OptionsPlease see an option overview below.CLI Arguments ‘-t’ or ‘–terminal’ Starts terminal multiplexer with all connections routed through Tor ‘-s’ or ‘–status’ prints a status overview of NetSet related network utilities and their current state. ‘-i’ or ‘–install’ runs a script designed to install all of NetSet’s dependencies and configures themMenu Options ‘Usage’ – Print options overview ‘Status’ – Print Status overview ‘Spoof MAC’ – Spoof MAC Address ‘Random Proxies’ – Scrape random proxies ‘GeoSort Proxies’- Scrape GeoSorted proxies ‘ProtonVPN’ – Start ProtonVPN ‘Tor Terminal’ – Start terminal multi- plexer, with all sessions routed through Tor ‘Tor Wall’ – Configures iptables to force all connections through Tor. ‘OPSEC Resources’- Display NetSet’s included list of web resources. Select an entry to open it in your default browserNoteTested on Ubuntu 19.04I plan on expanding this tool in the future with even more OPSEC related resources and/or operations.Should you happen to come across a bug or have any questions regarding this tool. Please feel free to Open a TicketDownload NetSet

Link: http://feedproxy.google.com/~r/PentestTools/~3/sSGRFqUYMbE/netset-operational-security-utility-and.html

Hash-Identifier – Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords

Software to identify the different types of hashes used to encrypt data and especially passwords.Encryption formats supported:ADLER-32CRC-32CRC-32BCRC-16CRC-16-CCITTDES(Unix)FCS-16GHash-32-3GHash-32-5GOST R 34.11-94Haval-160Haval-192 110080 ,Haval-224 114080 ,Haval-256Lineage II C4Domain Cached CredentialsXOR-32MD5(Half)MD5(Middle)MySQLMD5(phpBB3)MD5(Unix)MD5(WordPress)MD5(APR)Haval-128MD2MD4MD5MD5(HMAC(WordPress))NTLMRAdmin v2.xRipeMD-128SNEFRU-128Tiger-128MySQL5 – SHA-1(SHA-1($pass))MySQL 160bit – SHA-1(SHA-1($pass))RipeMD-160SHA-1SHA-1(MaNGOS)Tiger-160Tiger-192md5($pass.$salt) – JoomlaSHA-1(Django)SHA-224RipeMD-256SNEFRU-256md5($pass.$salt) – JoomlaSAM – (LM_hash:NT_hash)SHA-256(Django)RipeMD-320SHA-384SHA-256SHA-384(Django)SHA-512WhirlpoolAnd more…Encryption algorithms that can not be differentiated unless they have been decrypted, so the efficiency of the software also depends on the user’s criteria.Download Hash-Identifier

Link: http://feedproxy.google.com/~r/PentestTools/~3/CPuDEL0K_JI/hash-identifier-software-to-identify.html