SQLMap v1.3.7 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-devsqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.UsageTo get a list of basic options and switches use:python sqlmap.py -hTo get a list of all options and switches use:python sqlmap.py -hhYou can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual.DemoLinksHomepage: http://sqlmap.orgDownload: .tar.gz or .zipCommits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atomIssue tracker: https://github.com/sqlmapproject/sqlmap/issuesUser’s manual: https://github.com/sqlmapproject/sqlmap/wikiFrequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQTwitter: @sqlmapDemos: http://www.youtube.com/user/inquisb/videosScreenshots: https://github.com/sqlmapproject/sqlmap/wiki/ScreenshotsTranslationsBulgarianChineseCroatianFrenchGreekIndonesianItalianJapanesePortugueseSpanishTurkishDownload SQLMap v1.3.7

Link: http://feedproxy.google.com/~r/PentestTools/~3/D9B7vLLX4C8/sqlmap-v137-automatic-sql-injection-and.html

Lst2X64Dbg – Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database

This script extracts all the labels found in the LST file that is given as the script’s single argument. An x64dbg database is created in the current directory based on the extracted labels.The LST file can be generated in IDA from the File menu: Produce file -> Create LST file…Example$ python3 lst2x64dbg.py sample.lstghidra2x64dbgThis script extracts all the labels found in the CSV file that is given as the script’s single argument. An x64dbg database is created in the current directory based on the extracted labels. The imagebase value must be supplied.The CSV file can be generated in Ghidra from the Window menu by selecting Symbol TableIn the symbol table window that opens, sort the data by the Location column. Then select all symbols that are not external locations. With the desired symbols selected, right click and select: Export -> Export to CSV…Name this file .csvExample$ python3 ghidra2x64dbg.py -i 400000 sample.csvThe imagebase value can be found at the very top of the disassembly panel in the CodeBrowser window. It’s part of the DOS header.ToDoConvert to package with console scriptDownload Lst2X64Dbg

Link: http://feedproxy.google.com/~r/PentestTools/~3/OxAp_RBBjkQ/lst2x64dbg-extract-labels-from-ida-lst.html

Spyse.Py – Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

Python API wrapper and command-line client for the tools hosted on spyse.com.”Spyse is a developer of complete DAAS (Data-As-A-Service) solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business analysts. All Spyse online solutions are represented by thematic services that have a single platform for collecting, processing and aggregating information." – spyse.comSupports the following APIs:DNStableFindSubdomainsCertDBASlookupPortMapDomainsDBNOTE: This API is currently under active development.Installationpip3 install spyse.pyUsing the clientRequired Arguments-target-paramOptional Arguments-page-apikey–rawThe deal with parametersSpyse allows you to search their database for IPs, IP ranges, domain names, URLs, etc. The parameter argument is meant to specify the type of your input.List of parametersAPI_TARGET_PARAMS = [ ‘cidr’, ‘domain’, ‘ip’, ‘page’, ‘url’, ‘hash’, ‘q’]Example usagesspyse -target xbox.com -param domain –subdomainsspyse -target -param cidr –domains-on-ipspyse -target hotmail.com -param domain –ssl-certificatesspyse -target google.com -param domain –dns-allspyse -target xbox.com -param domain -apikey -page 2 –ssl-certificates –rawPiping to jqUsing the libraryWithout API Keyfrom pprint import pprintfrom spyse import spyses = spyse()pprint(s.subdomains_aggregate("xbox.com", param="domain"))With API Keyfrom spyse import spyses = spyse(‘API_TOKEN_GOES_HERE’)pprint(s.subdomains_aggregate("xbox.com", param="domain"))Search using CIDRfrom spyse import spysefrom pprint import pprints = spyse()pprint(s.domains_on_ip("", param="cidr"))Fetch subdomainsfrom spyse import spyseTARGET = "TARGET_HOST_HERE"s = spyse()data = s.subdomains_aggregate(TARGET, param="domain")[‘cidr’]keys = data.keys()for key in keys: domains = data[key][‘results’] for d in domains: domain = d[‘data’][‘domains’] if len(domain) > 1: for i in domain: print(i) else: print(domain[0])Available MethodsAll of the methods listed on https://api-doc.spyse.com/ API_METHODS = { "DNS_PTR": "/dns-ptr", "DNS_SOA": "/dns-soa", "DNS_MX": "/dns-mx", "DNS_AAAA": "/dns-aaaa", "DNS_NS": "/dns-ns", "DNS_A": "/dns-a", "DNS_TXT": "/dns-txt", "domains_with_same_ns": "/domains-with-same-ns", "domains_using_as_mx": "/domains-using-as-mx", "domains_on_ip": "/domains-on-ip", "domains_with_same_mx": "/domains-with-same-mx", "domains_using_as_ns": "/domains-using-as-ns", "download_dns_aaaa": "/download-dns-aaaa", "download_dns_soa": "/download-dns-soa", "download_dns_ns": "/download-dns-ns", "download_dns_ptr": "/download-ns-ptr", "download_dns_mx": "/download-dns-mx", "download_dns_a": "/download-dns-a", "download_dns_txt": "/download-dns-txt", "download_domains_with_same_mx": "/download-domains-with-same-mx", "download_domains_on_ip": "/download-domains-on-ip", "download_domains_with_same_ns": "/download-domains -with-same-ns", "download_domains_using_as_ns": "/download-domains-using-as-ns", "download_domains_using_as_mx": "/download-domains-using-as-mx", "ip_port_lookup_aggregate": "/ip-port-lookup-aggregate", "ip_port_lookup": "/ip-port-lookup", "ssl_certificates": "/ssl-certificates", "ssl_certificate_raw": "/ssl-certificate-raw", "ssl_certificates_aggregate": "ssl-certificates-aggregate", "ssl_certificate": "/ssl-certificate", "ssl_certificate_public_key": "/ssl-certificate-public-key", "ssl_certificate_json": "/ssl-certificate-json", "subdomains": "/subdomains", "subdomains_aggregate": "/subdomains-aggregate", "domains_starts_with": "/domains-starts-with", "domains_starts_with_aggregate": "/domains-starts-with-aggregate" }Download Spyse.Py

Link: http://feedproxy.google.com/~r/PentestTools/~3/U5Ijood5kOA/spysepy-python-api-wrapper-and-command.html

PTF v2.3 – The Penetration Testers Framework Is A Way For Modular Support For Up-To-Date Tools

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those “go to" tools that we use on a regular basis, and using the latest and greatest is important.PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It’s all up to you.The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It’s super simple to configure and add them and only takes a few minute.Instructions:First check out the config/ptf.config file which contains the base location of where to install everything. By default this will install in the /pentest directory. Once you have that configured, move to running PTF by typing ./ptf (or python ptf).This will put you in a Metasploitesque type shell which has a similar look and feel for consistency. Show modules, use , etc. are all accepted commands. First things first, always type help or ? to see a full list of commands.For a video tutorial on how to use PTF, check out our Vimeo page here: https://vimeo.com/137133837Update EVERYTHING!If you want to install and/or update everything, simply do the following:./ptfuse modules/install_update_allyesThis will install all of the tools inside of PTF. If they are already installed, this will iterate through and update everything for you automatically.You can also individually install each module, then use the use modules/update_installed which will only update what you’ve previously installed.For example:./ptfuse modules/update_installedThis will only update previous ones you’ve installed.You can also show options to change information about the modules.If you only want to install only for example exploitation tools, you can run:./ptfuse modules/exploitation/install_update_allThis will only install the exploitation modules. You can do this for any module category.Customize your own installed toolsYou can only install the tools you want to by going to the modules/custom_list/list.py section. Modify the list.py file and add the tools you only want to install or update.Then when in PTF:./ptfuse modules/custom_list/listyesThis allows you to carry your module configuration over and only install the tools that you want and keep them updated.Modules:First, head over to the modules/ directory, inside of there are sub directories based on the Penetration Testing Execution Standard (PTES) phases. Go into those phases and look at the different modules. As soon as you add a new one, for example testing.py, it will automatically be imported next time you launch PTF. There are a few key components when looking at a module that must be completed.Below is a sample moduleAUTHOR="David Kennedy (ReL1K)"DESCRIPTION="This module will install/update the Browser Exploitation Framework (BeEF)"INSTALL_TYPE="GIT"REPOSITORY_LOCATION="https://github.com/beefproject/beef"X64_LOCATION="https://github.com/something_thats_x64_instead_of_x86INSTALL_LOCATION="beef"DEBIAN="ruby1.9.3,sqlite3,ruby-sqlite3"ARCHLINUX = "arch-module,etc"BYPASS_UPDATE="NO"AFTER_COMMANDS="cd {INSTALL_LOCATION},ruby install-beef"LAUNCHER="beef"TOOL_DEPEND="modules/exploitation/metasploit"Module Development:All of the fields are pretty easy, on the repository locations, you can use GIT, SVN or FILE. Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all your tools to /pentest/PTES_PHASE/TOOL_FOLDERNote in modules, you can specify after commands {INSTALL_LOCATION}. This will append where you want the install location to go when using after commands.You can also specify {PTF_LOCATION} which will pull the base path for your PTF installation.You also have the ability for repository locations to specify both a 32 bit and 64 bit location. Repository location should always be the x86 download path. To add a 64 bit path for a tool, specify X64_LOCATION and give it a URL. When PTF launches it will automatically detect the architecture and attempt to use the x64 link instead of the x86.Note that ArchLinux packages are also supported, it needs to be specified for both DEBIAN and ARCH in order for it to be properly installed on either platform in the moduleGITLAB SupportYou can create your own modules and also supports gitlab access. Instead of specify git, wget, etc., simply specify gitlab and point to your own internal gitlab tools for modules.BYPASS UPDATES:When using traditional git or svn as a main method, what will happen after a module is installed is it will just go and grab the latest version of the tool. With after commands, normally when installing, you may need to run the after commands after each time you update. If you specify bypass updates to YES (BYPASS_UPDATE="YES"), each time the tool is run, it will check out the latest version and still run after commands. If this is marked to no, it will only git pull the latest version of the system. For FILE options, it is recommended to always use BYPASS_UPDATE="YES" so that it will overwrite the files each time.After Commands:After commands are commands that you can insert after an installation. This could be switching to a directory and kicking off additional commands to finish the installation. For example in the BEEF scenario, you need to run ruby install-beef afterwards. Below is an example of after commands using the {INSTALL_LOCATION} flag.AFTER_COMMANDS="cp config/dict/rockyou.txt {INSTALL_LOCATION}"For AFTER_COMMANDS that do self install (don’t need user interaction).Automatic LaunchersThe flag LAUNCHER= in modules is optional. If you add LAUNCHER="setoolkit" for example, PTF will automatically create a launcher for the tool under /usr/local/bin/. In the setoolkit example, when run – PTF will automatically create a file under /usr/local/bin/setoolkit so you can launch SET from anywhere by simply typing setoolkit. All files will still be installed under the appropriate categories, for example /pentest/exploitation/setoolkit however an automatic launcher will be created.You can have multiple launchers for an application. For example, for Metasploit you may want msfconsole, msfvenom, etc. In order to add multiple launchers, simply put a , between them. For example LAUNCHER="msfconsole,msfvenom". This would create launchers for both.Automatic Command LineYou can also just run ./ptf –update-all and it will automatically update everything for you without having to go into the framework.Running UnattendedIf you’re running ptf in an automatic build, you can use a heredoc so you don’t have to interactively type the modules you wish to install. Example:./ptf <<EOFuse modules/exploitation/metasploitrunuse modules/password-recovery/johntheripperrunEOFTOOL DEPENDSSome tools such as Veil, SET, etc. require tools such as the Metasploit Framework. You can add in the module TOOL_DEPEND="modules/exploitation/metasploit,module/exploitation/set" and multiple other tools if there is a tool required to be installed prior to installing the tool. This will force PTF to install the required tool first, then install the module that requires it. Example:TOOL_DEPEND="modules/exploitation/metasploit"This will install Metasploit first or ensured its installed first prior to installing the application.IGNORE Modules or CategoriesThe IGNORE_THESE_MODULES= config option can be found under config/ptf.config in the PTF root directory. This will ignore modules and not install them – everything is comma separated and based on name – example: modules/exploitation/metasploit,modules/exploitation/set or entire module categories, like /modules/code-audit/*,/modules/reporting/*IGNORE Modules from Update/Install AllThe IGNORE_UPDATE_ALL_MODULES= config option can be found under config/ptf.config in the PTF root directory. This will ignore modules only when doing install_update_all which are used when you want to install all tools. This could be for large applications that take substantial time, ones that require user interaction, or open up a number of ports and protocols on the system. This works very similar in the IGNORE_THESE_MODULES, except that they can be manually installed and updated through the modules/update_installed. These are comma deliminated, so for example modules/exploitation/tool1,modules/exploitation/tool2, when running install_update_all, this would not install the tools unless you went to use modules/exploitation/tool1 and installed via that method.INCLUDE_ONLY_THESE_MODULESThe INCLUDE_ONLY_THESE_MODULES in the config option under config/ptf.config will only install and include specific modules that is specified here. This is good for baselining your tools that you want and only install them.Written by: David Kennedy (@HackingDave)https://www.trustedsec.comDownload PTF

Link: http://www.kitploit.com/2019/06/ptf-v23-penetration-testers-framework.html

Lynis 2.7.5 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.7.5 (2019-06-24)### Added- Danish translation- Slackware end-of-life information- Detect BSD-style (rc.d) init in Linux systems- Detection of Bro and Suricata (IDS)### Changed- Corrected end-of-life entries for CentOS 5 and 6- AUTH-9204 – change name to check in /etc/passwd file for QNAP devices- AUTH-9268 – AIX enhancement to use correct find statement- FILE-6310 – Filter on correct field for AIX- NETW-3012 – set ss command as preferred option for Linux and changed output format- List of PHP ini file locations has been extended- Removed several pieces of the code as part of cleanup and code health- Extended helpDownload Lynis 2.7.5

Link: http://feedproxy.google.com/~r/PentestTools/~3/gBCubq1rp1w/lynis-275-security-auditing-tool-for.html

Project iKy – Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface.Visit the Gitlab Page of the ProjectProjectFirst of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with AngularJS as Frontend in the iKy-v1 branch and the documentation for its installation here.The reason of changing the Frontend was to update the technology and get an easier way of installation.VideoInstallationClone repositorygit clone https://gitlab.com/kennbroorg/iKy.gitInstall BackendRedisYou must install Rediswget http://download.redis.io/redis-stable.tar.gztar xvzf redis-stable.tar.gzcd redis-stablemakesudo make installAnd turn on the server in a terminalredis-serverPython stuff and CeleryYou must install the libraries inside requirements.txtpip install -r requirements.txtAnd turn on Celery in another terminal, within the directory backend./celery.shFinally, again, in another terminal turn on backend app from directory backendpython app.pyInstall FrontendNodeFirst of all, install nodejs.DependenciesInside the directory frontend install the dependenciesnpm installTurn on Frontend ServerFinally, to run frontend server, execute:npm startBrowserOpen the browser in this urlConfig API KeysOnce the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed.Fullcontact: Generate the APIs from hereTwitter: Generate the APIs from hereLinkedin: Only the user and password of your account must be loadedDownload Project iKy

Link: http://feedproxy.google.com/~r/PentestTools/~3/M4KiPTUKSVo/project-iky-tool-that-collects.html

One-Lin3r v2.0 – Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won’t even need to copy the one-liners).ScreenshotsIt consists of various one-liners types with various functions, some of them are: One-liner function What this function refers to Reverse Shell Various methods and commands to give you a reverse shell. PrivEsc Many commands to help in Enumeration and Privilege Escalation Bind Shell Various methods and commands to give you a bind shell. Dropper Many ways to download and execute various payload types with various methods. Features A lot of liners use with different purposes, currently are more than 155 liner. The auto-complete feature that has been implemented in this framework is not the usual one you always see, here are some highlights: It’s designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.Finally, you’ll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc… Automation You can automatically copy the liner you want to clipboard with command copy instead of using use <liner> and then copying it which saves a lot of time, of course, if you merged it with the following features.As you may noticed, you can use a resource file from command-line arguments before starting the framework itself or send commands directly.Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.There are history and resource commands so you don’t need to exit the framework.You can execute as many commands as you want at the same time by splitting them with semi-colon.Searching for any liner here is so easy, you can search for a liner by its name, function or even the liner author name. You can add your own liners by following these steps to create a liner as a python file. After that you can make a Pull request with it then it will be added in the framework and credited with your name of course . The ability to reload the database if you added any liner without restarting the framework. You can add any platform to the liners database just by making a folder in liners folder and creating a “.liner" file there. More… Note: The liners database is not too big but it will get bigger with updates and contributions.Usagef Command-line argumentsusage: one-lin3r [-h] [-r R] [-x X] [-q]optional arguments: -h, –help show this help message and exit -r Execute a resource file (history file). -x Execute a specific command (use ; for multiples). -q Quiet mode (no banner).Framework commandsCommand Description——– ————-help/? Show this help menu.list/show List all one-liners in the database.search [Keywords..] Search database for a specific liner by its name, author name or description.use <liner> Use an available one-liner.copy <liner> Use an available one-liner and copy it to clipboard automatically.info <liner> Get information about an available liner.set <variable> <value> Sets a context-specific variable to a value to use while using one-liners.variables Prints all previously specified variables.banner Display banner.reload/refresh Reload the liners database.check Prints the core version and checks if you are up-to-date.history Display command-line most important history from t he beginning.makerc Save command-line history to a file.resource <file> Run the commands stored in a fileos <command> Execute a system command without closing the frameworkexit/quit Exit the frameworkPrerequisites before installingPython 3.x.Any OS, it should work on all but it’s tested on Kali 2018+, Ubuntu 18+, Windows 10, Android with termux and MacOs 10.11Installing and runningUsing pip (The best way to install on any OS):pip install one-lin3rone-lin3r -hInstalling it from GitHub: For windows : (After downloading ZIP and upzip it)python -m pip install ./One-Lin3r-masterone-lin3r -hFor Linux :git clone https://github.com/D4Vinci/One-Lin3r.gitapt install libncurses5-devpip3 install ./One-Lin3rone-lin3r -hUpdating the framework or the databaseIf you installed it from pip do:pip install one-lin3r –upgradeIf you installed it from github do: On Linux while outside the directorycd One-Lin3r && git pull && cd ..pip3 install ./One-Lin3r –upgradeOn Windows if you don’t have git installed, redownload the framework zipped!Note: As the liners are written as python modules, it considered as a part of the framework. So every new liner added to the framework, its version will get updated.ContactTwitterTelegramCredits and referencesPayloadsAllTheThingsPowerSploit repoarno0x0x – Windows oneliners to download remote payload and execute arbitrary codeDownload One-Lin3r

Link: http://feedproxy.google.com/~r/PentestTools/~3/tpDLaHMBIEQ/one-lin3r-v20-gives-you-one-liners-that.html

Konan – Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.InstallationDownload Konan by cloning the Git repository:git clone https://github.com/m4ll0k/Konan.git konanInstall requirements with pipcd konan && pip install -r requirements.txtRun Konanpython konan.pySupport PlatformsLinuxWindowsMacOSXFeatures Features Konan dirsearch dirb gobuster MultiThreaded yes yes yes yes Multiple Extensions yes yes no no HTTP Proxy Support yes yes yes yes Reporting yes (text and json) yes (text and json) yes (text) no User-Agent randomization yes yes no no Ignore word in wordlist using regexp yes no no no Split extension in wordlist yes no no no Multiple Methods yes no no no Response Size Process yes no no no Provide Sub-Dir for Brute Force yes no no no Provide Dir for Recursively Brute Force yes no no no URL Injection Point yes no no no UsageBasic:python konan.py -u/–url http://example.com/URL: http://testphp.vulnweb.com/PERCENT – TIME – CODE – METHOD – LENGHT – URL——————————————————-0.39% – 01:32:50 – 200 – GET – 4958 – http://testphp.vulnweb.com/index.php 0.43% – 01:32:52 – 200 – GET – 4732 – http://testphp.vulnweb.com/search.php 0.54% – 01:32:57 – 200 – GET – 5523 – http://testphp.vulnweb.com/login.php 0.81% – 01:33:12 – 200 – GET – 4830 – http://testphp.vulnweb.com/logout.php 8.77% – 01:40:02 – 302 – GET – 14 – http://testphp.vulnweb.com/userinfo.php -> login.phpInjection Point:python konan.py -u/–url http://example.com/%%/index.phpURL: http://testphp.vulnweb.com/%%/index.phpPERCENT – TIME – CODE – METHOD – LENGHT – URL——————————————————-0.39% – 01:32:50 – 200 – GET – 4958 – http://testphp.vulnweb.com/test/index.php 0.43% – 01:32:52 – 200 – GET – 4732 – http://testphp.vulnweb.com/search/index.php python konan.py -u/–url http://example.com/test%% -w /root/numbers.txtURL: http://testphp.vulnweb.com/test%%PERCENT – TIME – CODE – METHOD – LENGHT – URL——————————————————-0.39% – 01:32:50 – 200 – GET – 4958 – http://testphp.vulnweb.com/test120.43% – 01:32:52 – 200 – GET – 4732 – http://testphp.vulnweb.com/test34 Provide wordlist, default /db/dict.txt:python konan.py -u/–url http://example.com/ -w/–wordlist /root/dict.txt Provide extensions with -f/–force option:python konan.py -u/–url http://example.com/ -e/–extension php,html -f/–forceURL: http://testphp.vulnweb.com/PERCENT – TIME – CODE – METHOD – LENGHT – URL——————————————————-0.39% – 02:00:21 – 200 – GET – 4958 – http://testphp.vulnweb.com/index.html 0.43% – 02:00:23 – 200 – GET – 4732 – http://testphp.vulnweb.com/search.php 0.54% – 02:00:30 – 200 – GET – 5523 – http://testphp.vulnweb.com/login.php 0.81% – 02:00:46 – 200 – GET – 4830 – http://testphp.vulnweb.com/logout.html 0.87% – 02:00:50 – 200 – GET – 6115 – http://testphp.vulnweb.com/categories.htmlProvide status code exclusion:python konan.py -u/–url http://example.com/ -x/–exclude 400,403,401Provide only status code for output:python konan.py -u/–url http://example.com/ -o/–only 200,301,302Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):python konan.py -u/–url http://example.com/ -w/–wordlist /root/dict.txt [-l/–lowercase OR -p/–uppercase]Wordlist split (test.php -> to -> test):python konan.py -u/–url http://example.com/ -w/–wordlist /root/dict.txt -s/–splitWordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_python konan.py -u/–url http://example.com/ -w/–wordlist -I/–ignore “\?+"Output without -I/–ignore options:URL: http://testphp.vulnweb.com/PERCENT – TIME – CODE – METHOD – LENGHT – URL——————————————————-0.39% – 02:06:31 – 200 – GET – 4958 – http://testphp.vulnweb.com/???.php 0.43% – 02:06:32 – 200 – GET – 4732 – http://testphp.vulnweb.com/??????????? 0.54% – 02:06:35 – 200 – GET – 5523 – http://testphp.vulnweb.com/admin/ Output with -I/–ignore (in this case \?+) options: URL: http://testphp.vulnweb.com/PERCENT – TIME – CODE – METHOD – LENGHT – URL——————————————————-0.54% – 02:06:35 – 200 – GET – 5523 – http://testphp.vulnweb.com/admin/ Recursive:_python konan.py -u/–url http://example.com/ -E/–recursiveRecursive directory found and directory provided by -D/–dir-rec:python konan.py -u/–url http://example.com/ -E/–recursive -D/–dir-rec "admin,tests,dev,internal"Brute Force directory provided by -S/–sub-dir:python konan.py -u/–url http://example.com/ -S/–sub-dir "admin,test,internal,dev"Multiple Methods (check GET,POST,PUT and DELETE for word entry):Note: Much web application if not make the request with right method return 404 code, this option test all methodspython konan.py -u/–url http://example.com/ -m/–methods"Content size process (show response if the response size is ">[number]","<[number]","=[number]"):python konan.py -u/--url http://example.com/ -C/--lenght "<1000"URL: http://testphp.vulnweb.com/PERCENT - TIME - CODE - METHOD - LENGHT - URL-------------------------------------------------------0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/1.73% – 02:12:37 – 301 – GET – 184 – http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/Download Konan

Link: http://feedproxy.google.com/~r/PentestTools/~3/00MhPW6Sun0/konan-advanced-web-application-dir.html

Rustbuster – DirBuster For Rust

DirBuster for Rust.UsageThere are three modules currently implemented: Dirbuster (default) rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x “Hello" _ _ _ _ _ _ _ _ _ _ /\ \ /\_\ / /\ /\ \ / /\ /\_\ / /\ /\ \ /\ \ /\ \ / \ \/ / / _ / / \ \_\ \ / / \ / / / _ / / \ \_\ \ / \ \ / \ \ / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / /\ \ \ / /\ \ \ / / /\ \_\ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \ \ \ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \_\ / / /\ \_\ / / /_/ / /\__ / / / /\ \ \ \/___/ / /\ \ \/ / /\ \_\ \ \__ / / / /\ \ \ \/___/ / /\ \ \/ /_/_ \/_/ / / /_/ / / / / /__\/ / / / / / / / \ \ \ / / / \/_/ / /\ \ \___\ / / / / / / \ \ \ / / / \/_/ /____/\ / / /__\/ / / / /_____/ / / / / / _ \ \ \ / / / / / / \ \ \__// / / / / _ \ \ \ / / / / /\____\/ / / /_____/ / / /\ \ \ / / /___/ / /_/\__/ / / / / / / / /____\_\ \ / / /___/ / /_/\__/ / / / / / / / /______ / / /\ \ \ / / / \ \ \/ / /____\/ /\ \/___/ / /_/ / / / /__________/ / /____\/ /\ \/___/ / /_/ / / / /_______/ / / \ \ \ \/_/ \_\/\/_________/ \_____\/ \_\/ \/_____________\/_________/ \_____\/ \_\/ \/__________\/_/ \_\/ ~ rustbuster v. 1.2.0 ~ by phra & ps1dr3x ~USAGE: rustbuster [FLAGS] [OPTIONS] –url –wordlist <wordlist>FLAGS: -f, –append-slash Tries to also append / to the base request -K, –exit-on-error Exits on connection errors -h, –help Prints help information -k, –ignore-certificate Disables TLS certificate validation –no-banner Skips initial banner –no-progress-bar Disables the progress bar -V, –version Prints version information -v, –verbose Sets the level of verbosityOPTIONS: -d, –domain <domain> Uses the specified domain -e, –extensions <extensions> Sets the extensions [default: ] -b, –http-body <http-body> Uses the specified HTTP method [default: ] -H, –http-header <http-header>… Appends the specified HTTP header -X, –http-method <http-method> Uses the specified HTTP method [default: GET] -S, –ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404] -x, –ignore-string <ignore-string>… Ignores results with specified string in vhost mode -s, –include-status-cod es <include-status-codes> Sets the list of status codes to include [default: ] -m, –mode <mode> Sets the mode of operation (dir, dns, fuzz) [default: dir] -o, –output <output> Saves the results in the specified file [default: ] -t, –threads <threads> Sets the amount of concurrent requests [default: 10] -u, –url <url> Sets the target URL -a, –user-agent <user-agent> Uses the specified User-Agent [default: rustbuster] -w, –wordlist <wordlist> Sets the wordlistDownload Rustbuster

Link: http://feedproxy.google.com/~r/PentestTools/~3/HFSIPHDgci8/rustbuster-dirbuster-for-rust.html