Stretcher – Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information

Stretcher is a tool to search for open elasticsearch servers.Usage: python stretcher.py –shodan {key} –action analyze –threads {0..100} –dork python stretcher.py –help _____ __ __ __ / ___// /_________ / /______/ /_ ___ _____ \__ \/ __/ ___/ _ \/ __/ ___/ __ \/ _ \/ ___/ ___/ / /_/ / / __/ /_/ /__/ / / / __/ / /____/\__/_/ \___/\__/\___/_/ /_/\___/_/ Tool designed to help identify incorrectly Applications that are exposing sensitive [+] Interesting indexes were found payment, address, email, user Browser: http://34.224.104.129:80 Organization: Amazon.com Hostnames: ec2-34-224-104-129.compute-1.amazonaws.com Domains: amazonaws.com City: Ashburn Country: United States Status: Without authentication (Open)Installation$ sudo pip3 install pyfiglet shodan elasticsearch $ cd $HOME/$ git clone https://github.com/6IX7ine/stretcher/$ sudo chmod -R 777 stretcher/DisclaimerCode samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages from misuse of this information or code.Download Stretcher

Link: http://feedproxy.google.com/~r/PentestTools/~3/PdXu9zuRDIg/stretcher-tool-designed-to-help.html

SQLMap v1.3 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-devsqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.UsageTo get a list of basic options and switches use:python sqlmap.py -hTo get a list of all options and switches use:python sqlmap.py -hhYou can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual.DemoLinksHomepage: http://sqlmap.orgDownload: .tar.gz or .zipCommits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atomIssue tracker: https://github.com/sqlmapproject/sqlmap/issuesUser’s manual: https://github.com/sqlmapproject/sqlmap/wikiFrequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQTwitter: @sqlmapDemos: http://www.youtube.com/user/inquisb/videosScreenshots: https://github.com/sqlmapproject/sqlmap/wiki/ScreenshotsTranslationsBulgarianChineseCroatianFrenchGreekIndonesianItalianJapanesePortugueseSpanishTurkishDownload SQLMap v1.2.11

Link: http://feedproxy.google.com/~r/PentestTools/~3/RNZTk3qTooc/sqlmap-v13-automatic-sql-injection-and.html

Exrex – Irregular Methods On Regular Expressions

Exrex is a command line tool and python module that generates all – or random – matching strings to a given regular expression and more. It’s pure python, without external dependencies.There are regular expressions with infinite matching strings (eg.: [a-z]+), in these cases exrex limits the maximum length of the infinite parts.Exrex uses generators, so the memory usage does not depend on the number of matching strings.FeaturesGenerating all matching stringsGenerating a random matching stringCounting the number of matching stringsSimplification of regular expressionsInstallationTo install exrex, simply:$ pip install exrexor$ easy_install exrexUsageas python module>>> import exrex>>> exrex.getone(‘(ex)r\\1’)’exrex’>>> list(exrex.generate(‘((hai){2}|world!)’))[‘haihai’, ‘world!’]>>> exrex.getone(‘\d{4}-\d{4}-\d{4}-[0-9]{4}’)’3096-7886-2834-5671’>>> exrex.getone(‘(1[0-2]|0[1-9])(:[0-5]\d){2} (A|P)M’)’09:31:40 AM’>>> exrex.count(‘[01]{0,9}’)1023>>> print ‘\n’.join(exrex.generate(‘This is (a (code|cake|test)|an (apple|elf|output))\.’))This is a code.This is a cake.This is a test.This is an apple.This is an elf.This is an output.>>> print exrex.simplify(‘(ab|ac|ad)’)(a[bcd])Command line usage> exrex –helpusage: exrex.py [-h] [-o FILE] [-l] [-d DELIMITER] [-v] REGEXexrex – regular expression string generatorpositional arguments: REGEX REGEX stringoptional arguments: -h, –help show this help message and exit -o FILE, –output FILE Output file – default is STDOUT -l N, –limit N Max limit for range size – default is 20 -c, –count Count matching strings -m N, –max-number N Max number of strings – default is -1 -r, –random Returns a random string that matches to the regex -s, –simplify Simplifies a regular expression -d DELIMITER, –delimiter DELIMITER Delimiter – default is \n -v, –verbose Verbose modeExamples:$ exrex ‘[asdfg]’asdfg$ exrex -r ‘(0[1-9]|1[012])-\d{2}’09-85$ exrex ‘[01]{10}’ -c1024Documentationhttp://exrex.readthedocs.org/en/latest/Fun/artsBoat: exrex ‘( {20}(\| *\\|-{22}|\|)|\.={50}| ( ){0,5}\\\.| {12}~{39})’Eyes: exrex ‘(o|O|0)(_)(o|O|0)’Similar projectsTools that generate a list of all possible strings that match a given pattern:regldg (features a live demo on the website)regex-genex (supports using multiple regex patterns simultaneously)Tools that generate random strings, one by one, that match a given pattern:randexp.js (features several live demos on the website)rstr.xeger (a method of the rstr Python module)Profilingpython -m cProfile exrex.py ‘[a-zA-Z][a-zA-Z][a-zA-Z][a-zA-Z]’ -o /dev/nullpython -m cProfile exrex.py ‘[0-9]{6}’ -o /dev/nullDownload Exrex

Link: http://feedproxy.google.com/~r/PentestTools/~3/Ec04s7GUw1c/exrex-irregular-methods-on-regular.html

Shodanploit – Shodan Command Line Interface Written In Python

Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service, SCADA systems, and more. Moreover, more specific searches are possible. As a result of the search, Shodan shows us the number of vulnerable hosts on Earth.So what does shodansploit do ?With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches. All you have to do without running Shodansploiti is to add shodan api. Note : The quality of the search will change according to the api privileges you have used.Shodan API Documention : REST API Documentation Exploits REST API Documentation Shodan API Specification :Banner Specification The banner is the main type of information that Shodan provides through the REST and Streaming API. This document outlines the various properties that are always present and which ones are optional. Exploit Specification The exploit type contains the normalized data from a variety of vulnerability data sources. The Exploits REST API returns this type for its search results. This document outlines the various properties that are always present and which ones are optional. Programming Languages :PythonSystem :[email protected]:~# git clone https://github.com/ismailtasdelen/[email protected]:~# cd [email protected]:~/shodansploit# python shodansploit.pyWhat’s on the tool menu ?[1] GET > /shodan/host/{ip} [2] GET > /shodan/host/count[3] GET > /shodan/host/search [4] GET > /shodan/host/search/tokens [5] GET > /shodan/ports [6] GET > /shodan/exploit/author[7] GET > /shodan/exploit/cve[8] GET > /shodan/exploit/msb[9] GET > /shodan/exploit/bugtraq-id[10] GET > /shodan/exploit/osvdb[11] GET > /shodan/exploit/title[12] GET > /shodan/exploit/description[13] GET > /shodan/exploit/date[14] GET > /shodan/exploit/code[15] GET > /shodan/exploit/platform[16] GET > /shodan/exploit/port[17] GET > /dns/resolve[18] GET > /dns/reverse [19] GET > /labs/honeyscore/{ip}[20] GET > /account/profile [21] GET > /tools/myip [22] GET > /tools/httpheaders[23] GET > /api-info [24] ExitCloning an Existing Repository ( Clone with HTTPS )[email protected]:~# git clone https://github.com/ismailtasdelen/shodansploit.gitCloning an Existing Repository ( Clone with SSH )[email protected]:~# git clone https://github.com/ismailtasdelen/ismailtasdelen.gitContact :Mail : [email protected] : https://www.linkedin.com/in/ismailtasdelen/GitHub : https://github.com/ismailtasdelen/Telegram : https://t.me/ismailtasdelen/Download Shodanploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/EPn0Sf3TI7Q/shodanploit-shodan-command-line.html

PRETty – “PRinter Exploitation Toolkit” LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can be used to automate command/payload delivery to any given list of printers (See the “Lists" section)GUIDE:InstallationInstall PRET and all required dependenciesInstall requirements: sudo pip install termcolorNavigate to where you installed PRET: cd $PRETInstall PRETty into PRET: git clone https://github.com/BusesCanFly/PRETtyNavigate to PRETty: cd PRETtyMake PRETty executable: chmod +x PRETty.pyOne line variant (from PRET folder): sudo pip install termcolor && git clone https://github.com/BusesCanFly/PRETty && cd PRETty && chmod +x PRETty.pyListsPRETty automatically scans the LAN for HP printers and creates an IP list for itselfHowever, you can place custom IP lists in PRETty/IP/PRETty comes with pre-made command files for PRET located in PRETty/commands/ However, you can place additional command files in PRETty/commands/UsageRun PRETty with ./PRETty.py and follow the prompts :DDownload PRETty

Link: http://feedproxy.google.com/~r/PentestTools/~3/eXVjm-qdcmA/pretty-printer-exploitation-toolkit-lan.html

JSShell – An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).Version 2.0 is created entirely from scratch, introducing new exciting features, stability and maintainability.AuthorDaniel Abeles.Shell VideoFeaturesMulti client supportCyclic DOM objects supportPre flight scriptsCommand Queue & ContextExtensible with PluginsInjectable via