EasySploit – Metasploit Automation (EASIER And FASTER Than EVER)

EasySploit v3.1 (Linux) – Metasploit automation (EASIER and FASTER than EVER)Options:(1) Windows –> test.exe (payload and listener)(2) Android –> test.apk (payload and listener)(3) Linux –> test.py (payload and listener)(4) MacOS –> test.jar (payload and listener)(5) Web –> test.php (payload and listener)(6) Scan if a target is vulnerable to ms17_010(7) Exploit Windows 7/2008 x64 ONLY by IP (ms17_010_eternalblue)(8) Exploit Windows Vista/XP/2000/2003 ONLY by IP (ms17_010_psexec)(9) Exploit Windows with a link (HTA Server)(10) Contact with me – My accountsHow to install:git clone https://github.com/KALILINUXTRICKSYT/easysploit.gitcd easysploitbash installer.shHow to run (after installation):Type anywhere in your terminal “easysploit".Video tutorials:Download Easysploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/fAldiqcnlVY/easysploit-metasploit-automation-easier.html

W12Scan – A Simple Asset Discovery Engine For Cybersecurity

ChineseW12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use.Here is a web source program, but the scanning end is at w12scan-clientThinkingBased on python3 + django + elasticsearch + redis and use the web restful api to add scan targets.FeatureWebPowerful search syntaxSearch for cms, service, titles, country regions, etc., to quickly find relevant targets.title=“abc” # Search from the titleheader=“abc” # Search from http headerbody=“123” # Search from body texturl = “*.baidu.com” # Search for subdomains of baidu.comip = ‘1.1.1.1’ # Search from IP,support ‘192.168.1.0/24’ and ‘192.168.1.*’port = ‘80’ # Search form portapp = ’nginx’ # Search applicationcountry = ‘cn’ # Search from countryservice = ‘mysql’ # Search from servicebug = ‘xx’ # Search from VulnerabilityCustom assertBy customizing a company-related domain name or ip asset, w12scan will automatically help you find the corresponding asset target. When you browse the target, there is a prominent logo to remind you of the target’s ownership.Automatic associationEnter the target details. If the target is ip, all domain names on the ip and all domain names on the c class will be automatically associated. If the target is a domain name, the adjacent station, segment c and subdomain are automatically associated.Multi-node managementWEB will check the status of the node every few minutes, you can see the number of node scans and the node scan log.Task restfulProvides an interface to add tasks, you can add it on the WEB side or integrate it in any software.Scanning endPocCall the latest poc script online via airbugBuilt-in scan scriptCommon vulnerability verification service built into the scanner.ScanningUse masscan,nmap,wappalyzer,w11scanEasy to distributeThis is taken into account in the design of the program architecture. It is very easy to distribute and run the scan terminal directly on another machine. It also can be distributed based on docker, celery service.InstallationQuickly build an environment with dockergit clone https://github.com/boy-hack/w12scancd w12scandocker-compose up -dWait a while to visit http://127.0.0.1:8000Telegram GroupTelegram Group:https://t.me/joinchat/MZ16xA9dfmJCYm4kbv15nADownload W12Scan

Link: http://www.kitploit.com/2019/04/w12scan-simple-asset-discovery-engine.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/9xaMRbIv1Dk/zeebsploit-web-scanner-exploitation.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/RZKskKnsCFU/zeebsploit-web-scanner-exploitation_10.html

mXtract v1.2 – Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes.ScreenshotsScan with verbose and with a simple IP regex, scanning every data segment, displaying process info and scanning environment files. Scan with verbose and with a simple IP regex, scanning only heap and stack, displaying process info and scanning environment files. Scan without verbose, and with a simple IP regex, displaying process info and scanning environment files.Why dump directly from memory?In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.FeaturesAbility to enter regex listsClear and Readable DisplayAbility to Mass Scan Every Proccess or a Specific PIDAble to choose memory sections to scanAbility to Show Detailed Process InformationAbility to Scan Process Environment FilesMemory dumps automatically removes unicode characters which allows for processing with other tools or manuallyGetting startedDownloading: git clone https://github.com/rek7/mXtractCompiling: cd mXtract && sh compile.shThis will create the directory bin/ and compile the binary as mXtractCommandsGeneral: -v Enable Verbose Output -s Suppress Banner -h Help -c Suppress Colored OutputTarget and Regex: -i Show Detailed Process/User Info -a Scan all Memory Ranges not just Heap/Stack -e Scan Process Environment Files -r= Regex Database to Use -p= Specify Single PID to ScanOutput: -wm Write Raw Memory to File Default Directory is: ‘pid/’ -wi Write Process Info to Beginning of File (Used in Conjunction with -w) -wr Write Regex Output to File (Will Appear in the Output Directory) -f= Regex Results Filename Default is: ‘regex_results.txt’ -d= Custom Ouput DirectoryDownload mXtract

Link: http://feedproxy.google.com/~r/PentestTools/~3/afNZNO7w4Xk/mxtract-v12-memory-extractor-analyzer.html

Osmedeus – Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.How to useIf you have no idea what are you doing just type the command below or check out the Advance Usage./osmedeus.py -t example.comInstallationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageFeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.IP Discovery.CORS Scan.SSL Scan.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.SPA Web UI.Slack notifications.DemoScreenshotsContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/DCeXRDXo4J0/osmedeus-fully-automated-offensive.html

Flightsim – A Utility To Generate Malicious Network Traffic And Evaluate Controls

flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.InstallationDownload the latest flightsim binary for your OS from the GitHub Releases page. Alternatively, the utility can be built using Golang in any environment (e.g. Linux, MacOS, Windows), as follows:go get -u github.com/alphasoc/flightsim/…Running Network Flight SimulatorUpon installation, test flightsim as follows:$ flightsim –helpAlphaSOC Network Flight Simulator™ (https://github.com/alphasoc/flightsim)flightsim is an application which generates malicious network traffic for securityteams to evaluate security controls (e.g. firewalls) and ensure that monitoring toolsare able to detect malicious traffic.Usage: flightsim [command]Available Commands: help Help about any command run Run all simulators (default) or a particular test version Print version and exitFlags: -h, –help help for flightsimUse “flightsim [command] –help" for more information about a commandThe utility runs individual modules to generate malicious traffic. To perform all available tests, simply use flightsim run which will generate traffic using the first available non-loopback network interface. NB: when running the C2 modules, flightsim will gather current C2 addresses from the Cybercrime Tracker and AlphaSOC API, so requires egress Internet access.To list the available modules, use flightsim run –help. To execute a particular test, use flightsim run , as below.$ flightsim run –helpRun all simulators (default) or a particular testUsage: flightsim run [c2-dns|c2-ip|dga|hijack|scan|sink|spambot|tunnel] [flags]Flags: -n, number of hosts generated for each simulator (default 10) –fast run simulator fast without sleep intervals -h, –help help for run -i, –interface string network interface to use$ flightsim run dgaAlphaSOC Network Flight Simulator™ (https://github.com/alphasoc/flightsim)The IP address of the network interface is 172.31.84.103The current time is 10-Jan-18 09:30:28Time Module Description——————————————————————————–09:30:28 dga Starting09:30:28 dga Generating list of DGA domains09:30:30 dga Resolving rdumomx.xyz09:30:31 dga Resolving rdumomx.biz09:30:31 dga Resolving rdumomx.top09:30:32 dga Resolving qtovmrn.xyz09:30:32 dga Resolving qtovmrn.biz09:30:33 dga Resolving qtovmrn.top09:30:33 dga Resolving pbuzkkk.xyz09:30:34 dga Resolving pbuzkkk.biz09:30:34 dga Resolving pbuzkkk.top09:30:35 dga Resolving wfoheoz.xyz09:30:35 dga Resolving wfoheoz.biz09:30:36 dga Resolving wfoheoz.top09:30:36 dga Resolving lhecftf.xyz09:30:37 dga Resolving lhecftf.biz09:30:37 dga Resolving lhecftf.top09:30:38 dga FinishedAll done! Check your SIEM for alerts using the timestamps and details above.Description of ModulesThe modules packaged with the utility are listed in the table below. Module Description c2-dns Generates a list of current C2 destinations and performs DNS requests to each c2-ip Connects to 10 random current C2 IP:port pairs to simulate egress sessions dga Simulates DGA traffic using random labels and top-level domains hijack Tests for DNS hijacking support via ns1.sandbox.alphasoc.xyz scan Performs a port scan of 10 random RFC 1918 addresses using common ports sink Connects to 10 random sinkholed destinations run by security providers spambot Resolves and connects to random Internet SMTP servers to simulate a spam bot tunnel Generates DNS tunneling requests to *.sandbox.alphasoc.xyz Download Flightsim

Link: http://feedproxy.google.com/~r/PentestTools/~3/iP4qxku8k_8/flightsim-utility-to-generate-malicious.html

H2T – Scans A Website And Suggests Security Headers To Apply

h2t is a simple tool to help sysadmins to hardening their websites.Until now h2t checks the website headers and recommends how to make it better.DependencesPython 3coloramarequestsInstall$ git clone https://github.com/gildasio/h2t$ cd h2t$ pip install -r requirements.txt$ ./h2t.py -hUsageh2t has subcommands: list and scan.$ ./h2t.py -husage: h2t.py [-h] {list,l,scan,s} …h2t – HTTP Hardening Toolpositional arguments: {list,l,scan,s} sub-command help list (l) show a list of available headers in h2t catalog (that can be used in scan subcommand -H option) scan (s) scan url to hardening headersoptional arguments: -h, –help show this help message and exitList SubcommandThe list subcommand lists all headers cataloged in h2t and can show informations about it as a description, links for more information and for how to’s.$ ./h2t.py list -husage: h2t.py list [-h] [-p PRINT [PRINT …]] [-B] [-a | -H HEADERS [HEADERS …]]optional arguments: -h, –help show this help message and exit -p PRINT [PRINT …], –print PRINT [PRINT …] a list of additional information about the headers to print. For now there are two options: description and refs (you can use either or both) -B, –no-banner don’t print the h2t banner -a, –all list all available headers [default] -H HEADERS [HEADERS …], –headers HEADERS [HEADERS …] a list of headers to look for in the h2t catalogScan SubcommandThe scan subcommand perform a scan in a website looking for their headers.$ ./h2t.py scan -husage: h2t.py scan [-h] [-v] [-a] [-g] [-b] [-H HEADERS [HEADERS …]] [-p PRINT [PRINT …]] [-i IGNORE_HEADERS [IGNORE_HEADERS …]] [-B] [-E] [-n] [-u USER_AGENT] [-r | -s] urlpositional arguments: url url to look foroptional arguments: -h, –help show this help message and exit -v, –verbose increase output verbosity: -v print response headers, -vv print response and request headers -a, –all scan all cataloged headers [default] -g, –good scan good headers only -b, –bad scan bad headers only -H HEADERS [HEADERS …], –headers HEADERS [HEADERS …] scan only these headers (see available in list sub- command) -p PRINT [PRINT …], –print PRINT [PRINT …] a list of additional information about the headers to print. For now there are two options: description and refs (you can use either or both) -i IGNORE_HEADERS [IGNORE_HEADERS …], –ignore-headers IGNORE_HEADERS [IGNORE_HEADERS …] a list of headers to ignore in the results -B, –no-banner don’t print the h2t banner -E, –no-explanation don’t print the h2t output explanation -o {normal,csv,json}, –output {normal,csv,json} choose which output format to use (available: normal, csv, json) -n, –no-redirect don’t follow http redirects -u USER_AGENT, –user-agent USER_AGENT set user agent to scan request -k, –insecure don’t verify SSL certificate as valid -r, –recommendation output only recommendations [default] -s, –status output actual status (eg: existent headers only)OutputFor now the output is only in normal mode. Understant it as follows:[+] Red Headers are bad headers that open a breach on your website or maybe show a lots of information. We recommend fix it.[+] Yellow Headers are good headers that is not applied on your website. We recommend apply them.[-] Green Headers are good headers that is already used in your website. It’s shown when use -s flag.Example:Cookie HTTP Only would be good to be appliedCookie over SSL/TLS would be good to be appliedServer header would be good to be removedReferrer-Policy would be good to be appliedX-Frame-Options is already in use, nothing to do hereX-XSS-Protection is already in use, nothing to do hereScreenshotsList h2t catalogScan from fileScan urlScan verboseHeaders informationDownload H2T

Link: http://feedproxy.google.com/~r/PentestTools/~3/LaZLa7zlv9k/h2t-scans-website-and-suggests-security.html

mXtract – Memory Extractor & Analyzer

An opensource linux based tool that analyses and dumps memory. Its developed as an offensive pentration testing tool which can be used to scan memory for private keys, ips, and passwords using regexes. Remember your results are only as good as your regexes.ScreenshotsScan with verbose and with a simple IP regex, scanning every data segment.Scan with verbose and with a simple IP regex, scanning only heap and stack.Scan without verbose, and with a simple IP regex.Why dump directly from memory?In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.FeaturesAbility to enter regex listsClear and Readable DisplayAbility to Mass Scan Every Proccess or a Specfic PIDAble to choose memory sections to scanMemory dumps automatically removes unicode characters which allows for processing with other tools or manuallyGetting startedCompiling: g++ -std=c++11 -O2 src/main.cpp -o mxtractCommands -v Enable Verbose Output -s Suppress Banner -h Help -c suppress colored output -r= Regex DB -a Scan all memory ranges not just heap/stack -w Write raw memory to file Default directory is pid/ -o Write regex output to file -d= Custom Ouput Directory -p= Specify single pid to scan Either -r= or -w neededDownload mXtract

Link: http://feedproxy.google.com/~r/PentestTools/~3/klmJCxzlVRA/mxtract-memory-extractor-analyzer.html

Freevulnsearch – Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API

This NMAP NSE script is part of the Free OCSAF project – https://freecybersecurity.org. In conjunction with the version scan “-sV" in NMAP, the corresponding vulnerabilities are automatically assigned using CVE (Common Vulnerabilities and Exposures) and the severity of the vulnerability is assigned using CVSS (Common Vulnerability Scoring System). For more clarity, the CVSS are still assigned to the corresponding v3.0 CVSS ratings:Critical (CVSS 9.0 – 10.0)High (CVSS 7.0 – 8.9)Medium (CVSS 4.0 – 6.9)Low (CVSS 0.1 – 3.9)None (CVSS 0.0)The CVEs are queried by default using the CPEs determined by NMAP via the ingenious and public API of the cve-search.org project, which is provided by circl.lu. For more information visit https://www.cve-search.org/api/.Confidentiality information:The queries are made using the determined CPE via the circl.lu API. For further information on the confidentiality of the circl.lu API, please visit https://www.circl.lu/services/cve-search/ directly.The best way is to install cve-search (https://github.com/cve-search/cve-search) locally and use your own API withnmap -sV –script freevulnsearch –script-args apipath= <target>Installation:You can either specify the script path directly in the NMAP command, for examplenmap -sV –script ~/freevulnsearch <target>or copy the script into the appropriate directory of your NMAP installation.In KALI LINUXâ„¢ for example: /usr/share/nmap/scripts/sudo nmap –script-ubdatedbImportant note: First read the confidentiality information. It is recommended to run freevulnsearch.nse separately without additional NSE scripts. If you do not want to make an assignment to the category safe, vuln and external, then do not execute the nmap –script-updatedb command mentioned above.Usage:The usage is simple, just use NMAP -sV and this script.nmap -sV –script freevulnsearch <target>According to my tests, for stability reasons, only http without TLS should be used when querying the API for many simultaneous requests. For this reason, you can optionally disable TLS using an input argument. Important, after that the API query to circl.lu is unencrypted.nmap -sV –script freevulnsearch –script-args notls=yes <target>If you scan with the categories safe or vuln then exclude the script or the category external or do not add the script to the NMAP default directory. It is recommended to run freevulnsearch.nse separately without additional NSE scripts.CPE exception handling for format:If a NMAP CPE is not clear, several functions in the freevulnsearch.nse script check whether the formatting of the CPE is inaccurate. For example:(MySQL) 5.0.51a-3ubuntu5 -to- 5.0.51a(Exim smtpd) 4.90_1 -to- 4.90(OpenSSH) 6.6.1p1 -to- 6.6:p1(OpenSSH) 7.5p1 -to- 7.5:p1…Download Freevulnsearch

Link: http://www.kitploit.com/2019/03/freevulnsearch-free-and-open-nmap-nse.html