RouterSploit v3.3.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload Routersploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/bGEb3P4Ibw4/routersploit-v330-exploitation.html

JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.com Enumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;" Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.6 [#BHUSA]Updated vulnerability databasesAdded new module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security])Added exploit for com_joomanagerUpdated list of common log pathsA few enhancementsDownload Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/LkQh4-Er0AQ/joomscan-006-owasp-joomla-vulnerability.html

WAScan v0.2.1 – Web Application Scanner

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box" method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.FeaturesFingerprintContent Management System (CMS) -> 6Web Frameworks -> 22Cookies/Headers SecurityLanguages -> 9Operating Systems (OS) -> 7Server -> ALLWeb App Firewall (WAF) -> 50+AttacksBash Commands InjectionBlind SQL InjectionBuffer OverflowCarriage Return Line FeedSQL Injection in HeadersXSS in HeadersHTML InjectionLDAP InjectionLocal File InclusionOS CommandingPHP Code InjectionSQL InjectionServer Side InjectionXPath InjectionCross Site ScriptingXML External EntityAuditApache Status PageOpen RedirectPHPInfoRobots.txtXSTBruteforceAdmin PanelCommon BackdoorCommon Backup DirCommon Backup FileCommon DirCommon FileHidden ParametersDisclosureCredit CardsEmailsPrivate IPErrors -> (fatal errors,…)SSNInstallation$ git clone https://github.com/m4ll0k/WAScan.git wascan$ cd wascan $ pip install BeautifulSoup$ python wascan.pyUsageFingerprint:$ python wascan.py –url http://xxxxx.com/ –scan 0Attacks:$ python wascan.py –url http://xxxxx.com/index.php?id=1 –scan 1Audit:$ python wascan.py –url http://xxxxx.com/ –scan 2Bruteforce:$ python wascan.py –url http://xxxxx.com/ –scan 3Disclosure:$ python wascan.py –url http://xxxxx.com/ –scan 4Full Scan:$ python wascan.py –url http://xxxxx.com –scan 5 Bruteforce Hidden Parameters:$ python wascan.py –url http://xxxxx.com/test.php –bruteAdvanced Usage$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234"$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –data "id=1" –method POST$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234" –proxy xxx.xxx.xxx.xxx $ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234" –proxy xxx.xxx.xxx.xxx –proxy-auth "root:4321"$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234" –proxy xxx.xxx.xxx.xxx –proxy-auth "root:4321 –ragent -vDownload WAScan

Link: http://feedproxy.google.com/~r/PentestTools/~3/MVArfkpK9js/wascan-v021-web-application-scanner.html

Pure Blood v2.0 – A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter.Web Pentest / Information Gathering:Banner GrabWhoisTracerouteDNS RecordReverse DNS LookupZone Transfer LookupPort ScanAdmin Panel ScanSubdomain ScanCMS IdentifyReverse IP LookupSubnet LookupExtract Page LinksDirectory Fuzz (NEW)File Fuzz (NEW)Shodan Search (NEW)Shodan Host Lookup (NEW)Web Application Attack: (NEW)Wordpress     | WPScan     | WPScan Bruteforce     | WordPress Plugin Vulnerability Checker         Features: // I will add more soon.         | WordPress Woocommerce – Directory Craversal         | WordPress Plugin Booking Calendar 3.0.0 – SQL Injection / Cross-Site Scripting         | WordPress Plugin WP with Spritz 1.0 – Remote File Inclusion         | WordPress Plugin Events Calendar – ‘event_id’ SQL InjectionAuto SQL Injection     Features:     | Union Based     | (Error Output = False) Detection     | Tested on 100+ WebsitesGenerator:Deface PagePassword Generator // NEWText To Hash //NEWInstallationAny Python Version.$ git clone https://github.com/cr4shcod3/pureblood$ cd pureblood$ pip install -r requirements.txtDEMOWeb Pentest Web Application Attack Build WithColoramaRequestsPython-whoisDnspythonBeautifulSoupShodanAuthorsCr4sHCoD3 – Pure BloodDownload Pure Blood v2.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/PcrKCodaoSA/pure-blood-v20-penetration-testing.html

Cred Scanner – A Simple File-Based Scanner To Look For Potential AWS Access And Secret Keys In Files

A simple command line tool for finding AWS credentials in files. Optimized for use with Jenkins and other CI systems.I suspect there are other, better tools out there (such as git-secrets), but I couldn’t find anything to run a quick and dirty scan that also integrates well with Jenkins.Usage:To install just copy it where you want it and install the requirements:pip install -r ./requirements.txtThis was written in Python 3.6.To run:python cred_scanner.py That will scan the local directory and all subdirectories. It will list the files, which ones have potential access keys, and which files can’t be scanned due to the file format. cred_scanner exits with a code of 1 if it finds any potential keys.Usage: cred_scanner.py [OPTIONS]Options: –path TEXT Path other than the local directory to scan –secret Also look for Secret Key patterns. This may result in many false matches due to the nature of secret keys. –help Show this message and exit.To run as a test in Jenkins just use the command line or add it as a step to your Jenkins build. Jenkins will automatically fail the build if it sees the exit code 1.Download Cred Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/TbqapF5_yuQ/cred-scanner-simple-file-based-scanner.html

Pure Blood – A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug HunterMenuWeb Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Page LinksGenerator | Deface PageInstallationAny Python Version.Modules$ pip install -r requirements.txt OR$ pip install colorama requests python-whois dnspython bs4Path (Optional)Linux$ sudo nano ~/.bashrc# Add this in the bottom of the fileexport PATH=$PATH:/pureblood$ pureblood.pyWindowsWindows Search > Edit The System Environment Variables > Environment Variables > Path > Edit > New > (Path to the Tool) > Ok > Ok > Apply / Ok$ purebloodMAC$ nano /etc/paths# Add this in the bottom of the fileexport PATH=$PATH:<Path of the Tool>/pureblood/$ pureblood.pyAndroid (Termux / GNURoot)$ nano ~/.bashrc# Add this in the bottom of the fileexport PATH=$PATH:<Path of the Tool>/pureblood/$ pureblood.pyBuild WithColoramaRequestsPython-whoisDnspythonBeautifulSoupAuthorsCr4sHCoD3 – Pure BloodDownload Pureblood

Link: http://feedproxy.google.com/~r/PentestTools/~3/Rj8IZDAp3ZU/pure-blood-penetration-testing.html

Firebase Exploiting Tool – Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databasesPrerequisitesNon-standard python modules:dnsdumpsterbs4requestsInstallationIf the following commands run successfully, you are ready to use the script:git clone https://github.com/Turr0n/firebase.gitcd firebasepip install -r requirements.txtUsagepython3 firebase.py [-h] [–dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]Arguments: -h Show the help message -d Absolute path to the downloaded HTML file. -o Output file name. Default: results.json -c Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000 -p How many processes to execute. Default: 1 -l Path to a file containing the DBs to crawl. One DB name per line. This option can’t be used with -d or -c –dnsdumpster Use the DNSDumpster API to gather DBs –just-v Ignore “non-vulnerable" DBs –amass Path of the output file of an amass scan ([-o] argument)Example: python3 firebase.py -p 4 -f results_1.json -c 150 –dnsdumpster This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json and the whole script will execute using 4 parallel processesThe script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:-2: DB doesn’t exists-1: means it’s not vulnerable0: further explotation may be possible1: vulnerableFor a better results head to pentest-tools.com and in its subdomain scanner introduce the following domain: firebaseio.com. Once the scan has finished, save the page HTML(CRL+S) and use the -d [path] argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.Now we support the amass scanner by @caffix! By running any desired scann with that tool against firebaseio.com using the -o argument, the script will be able to digest the output file and crawl for the discovered DBs.Firebase DBs work using this structure: https://[DB name].firebaseio.com/. If you are using the -l [path] argument, the supplied file needs to contain a [DB name] per line, for example:airbnbtwittermicrosoftUsing that file will check for these DBs: https://airbnb.firebaseio.com/.json, https://twitter.firebaseio.com/.json, https://microsoft.firebaseio.com/.jsonDownload Firebase

Link: http://feedproxy.google.com/~r/PentestTools/~3/i5hgSAIPl6I/firebase-exploiting-tool-exploiting.html

Sn1per v5.0 – Automated Pentest Recon Scanner

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted NMap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all web sites Create individual workspaces to store all scan outputAUTO-PWN:Drupal Drupalgedon2 RCE CVE-2018-7600GPON Router RCE CVE-2018-10561Apache Struts 2 RCE CVE-2017-5638Apache Struts 2 RCE CVE-2017-9805Apache Jakarta RCE CVE-2017-5638Shellshock GNU Bash RCE CVE-2014-6271HeartBleed OpenSSL Detection CVE-2014-0160Default Apache Tomcat Creds CVE-2009-3843MS Windows SMB RCE MS08-067Webmin File Disclosure CVE-2006-3392Anonymous FTP AccessPHPMyAdmin Backdoor RCEPHPMyAdmin Auth BypassJBoss Java De-Serialization RCE’sKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.RELOAD: Reload the master workspace report.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per v5.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/Z_yHqaJ_y1U/sn1per-v50-automated-pentest-recon.html

Masc – A Web Malware Scanner

A malware (web) scanner developed during CyperCamp Hackathon 2017.FeaturesAt the moment, there are some features avaiable for any type of website (custom or CMS) and some of them only available for specific platforms:Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules databases and ClamAV engine (if available)Perform some cleaning operations to improve website protectionMonitor the website for changes. Details are written in a log fileScan your site to know if it has been infected with some malwareList your local backupsLogging supportBackup your siteRestore websiteScan for suspect files and compare with a clean installation (for WordPress and Drupal)Clean up your site to avoid giving extra information to attackers (only available for WordPress)RequirementsFirst of all, notice that this tool is developed under Linux and, at the moment, it has been tested only under this Operating SystemPython >= 3Some Python librariespython-magicyara-pythonwatchdogtermcolorpypandocprogresssanti@zenbook:$ pip3 install python-magic yara-python watchdog termcolor pypandoc progressClamAV to integrate with its engine (optional but recommended)NoticeIn my notebook, after upgrading to Debian testing, masc became to show an error related to YaraOSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directoryAfter trying a lot of solutions I found in the Internet, I realized that this file was located in my computer in /usr/local/lib/python3.5/dist-packages/usr/lib, so I created a symbolic link from the previous path to /usr/libsanti@zenbook:$ ln -s /usr/local/lib/python3.5/dist-packages/usr/lib/libyara.so /usr/lib/libyara.soAnd now, masc and Yara library are running with no problems.Noticemasc is developed under Linux and it has not been tested under any other Operating System.Anyway, it should run without problems under any Unix-friendly OS. In particular, in Mac OSX I have noticed it’s neccesary to install Homebrew to use python-magic library propery as libmagic. Check first the previous link to the brew homepage and then you will be able to install as I show below:santi@zenbook:$ brew install libmagicInstallationTo install masc on your computer, you can download a release, untar it and try. You can also install it usign pip (‘pip3 install masc’)Usagemasc 0.2.2 (http://github.com/sfaci/masc)usage: masc.py [-h] [–add-file FILENAME] [–add-word STRING] [–clean-cache] [–clean-site] [–list-backups] [–make-backup] [–monitor] [–name NAME] [–path PATH] [–rollback] [–scan] [–site-type {wordpress,drupal,custom}]optional arguments: -h, –help show this help message and exit –add-file FILENAME Add a suspect file to the dictionary –add-word STRING Add a suspect content to the dictionary –clean-cache Clean masc cache (cache and logs files, NO backups) –clean-site Clean up the site to hide information to attackers –list-backups List local backups –make-backup Create a local backupv of the current installation –monitor Monitor site to detect changes –name NAME Name assigned to the scanned installation –path PATH Website installation path –rollback Restore a local backup –scan Scan website for malware –site-type {wordpress,drupal,custom} which type of web you want to scan:: wordpress, joomla, drupal or magentoTestThere is a repository in the Docker Hub to perform tests masc-wordpressDocumentationYou can find a complete tutorial about how to use masc in the wikiAuthorSantiago Faci santi@arkabytes.comDownload Masc

Link: http://feedproxy.google.com/~r/PentestTools/~3/O45kS_1jZAs/masc-web-malware-scanner.html

Optiva Framework – Web Application Scanner

You can use this Framework on your website to check the security of your website by finding the vulnerability in your website or you can use this tool to Get admin panel search SQL injection by dork As well as collecting information and encrypting Hash.Features: Infromation Modules : Port Scanner Whois Lookup Reverse IP Domain Lookup HTTP Header Domain Lookup Iplocator Retrieve Ip Geolocation Info Hash Modules : Md5 Encode Text Sha1 Encode Text SHA256 Encode Text SHA384 Encode Text SHA512 Encode Text Scanner Modules : Cross Site Scripting (XSS) SQL Injection Scanner (SQL) Dork Search SQL Injection Vuln Remote Code Execution Scanner (RCE) Website Admin Panel Scanner Finder Installation Linux:$ git clone https://github.com/joker25000/Optiva-Framework$ cd Optiva-Framework$ chmod +x installer.sh$ ./installer.sh$ Type In Terminal$ optivaInstallation Windows:$ cd Optiva-Framework$ pip install termcolor$ pip install requests$ pip install mechanize$ run optiva :$ python optiva.pyInstallation Termux (No Root):$ apt install git$ git clone https://github.com/joker25000/Optiva-Framework$ cd Optiva-Framework$ chmod +x installer.sh$ bash installer.sh$ Select the 3 option termux and press enter$ run optiva :$ python2 optiva.pyScreenshot :Full video tutorial:Video Termux tutorial:About :$ Twitter : https://twitter.com/SecurityJokerDownload Optiva-Framework

Link: http://feedproxy.google.com/~r/PentestTools/~3/nOlskXv7XxA/optiva-framework-web-application-scanner.html