PyWhatCMS – Unofficial WhatCMS API Package

Python package for whatcms.com APIThe package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems (CMS)Installationpip install pywhatcmsUsageFirst of all, import pywhatcms:from pywhatcms import whatcmsQuery a domain:whatcms(‘API-KEY’, ‘blog.underc0de.org’)Obtain info:whatcms.namewhatcms.codewhatcms.confidencewhatcms.cms_urlwhatcms.versionwhatcms.msgwhatcms.idwhatcms.requestwhatcms.request_webDownload Pywhatcms

Link: http://feedproxy.google.com/~r/PentestTools/~3/MipV-mhuXs0/pywhatcms-unofficial-whatcms-api-package.html

mongoBuster – Hunt Open MongoDB Instances

Hunt Open MongoDB instances!FeaturesWorlds fastest and most efficient scanner ( Uses Masscan ).Scans entire internet by default, So fire the tool and chill.Hyper efficient – Uses Go-routines which are even lighter than threads.Pre-Requisites -Go language ( sudo apt install golang )Masscan ( sudo apt install masscan )Tested on Ubuntu & Kali linuxHow to install and run -git clone https://github.com/yashpl/mongoBuster.gitcd mongoBustergo build mongobuster.go utils.gosudo ./mongobusterNote: Run it with sudo as Masscan requires sudo access.Flags – Flag Description –max-rate= (int) Defines maximum rate at which packets are generated and sent. Default is 100. –out-file= (string) Name of file to which vulnerable IPs will be exported. -v Display error msgs from non-vulnerable servers NOTE -Using ridiculous values for max-rate flag like 10000+ will most likely bring down your own network infrastructure.Recommended value is to start with –max-rate 500 for consumer Gigabit routers.Download mongoBuster

Link: http://www.kitploit.com/2019/04/mongobuster-hunt-open-mongodb-instances.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/9xaMRbIv1Dk/zeebsploit-web-scanner-exploitation.html

XSStrike v3.1.4 – Most Advanced XSS Detection Suite

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\z</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)“>z</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main FeaturesReflected and DOM XSS scanningMulti-threaded crawlingContext analysisConfigurable coreWAF detection & evasionOutdated JS lib scanningIntelligent payload generatorHandmade HTML & JavaScript parserPowerful fuzzing engineBlind XSS supportHighly researched work-flowComplete HTTP supportBruteforce payloads from a filePowered by Photon, Zetanize and ArjunPayload EncodingDocumentationUsageCompatibility & DependenciesFAQIt says fuzzywuzzy isn’t installed but it is.What’s up with Blind XSS?Why XSStrike boasts that it is the most advanced XSS detection suite?I like the project, what enhancements and features I can expect in future?What’s the false positive/negative rate?Tool xyz works against the target, while XSStrike doesn’t!Can I copy it’s code?What if I want to embed it into a proprietary software?GalleryDOM XSSReflected XSSCrawlingFuzzingBruteforcing payloads from a fileInteractive HTTP Headers PromptHidden Parameter DiscoveryDownload XSStrike

Link: http://feedproxy.google.com/~r/PentestTools/~3/_ChCQ9dGpko/xsstrike-v314-most-advanced-xss.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/RZKskKnsCFU/zeebsploit-web-scanner-exploitation_10.html

ISF – Industrial Control System Exploitation Framework

ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it’s similar to metasploit framework.ISF is based on open source project routersploit.Read this in other languages: English, 简体中文,ICS Protocol Clients Name Path Description modbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP Client wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version 2 Client(Vxworks 6.x) s7_client icssploit/clients/s7_client.py s7comm Client(S7 300/400 PLC) Exploit Module Name Path Description s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC start/stop s7_1200_plc_control exploits/plcs/siemens/s7_1200_plc_control.py S7-1200 PLC start/stop/reset vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py Vxworks RPC remote dos(CVE-2015-7599) quantum_140_plc_control exploits/plcs/schneider/quantum_140_plc_control.py Schneider Quantum 140 series PLC start/stop crash_qnx_inetd_tcp_service exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py QNX Inetd TCP service dos qconn_remote_exec exploits/plcs/qnx/qconn_remote_exec.py QNX qconn remote code execution profinet_set_ip exploits/plcs/siemens/profinet_set_ip.py Profinet DCP device IP config Scanner Module Name Path Description profinet_dcp_scan scanners/profinet_dcp_scan.py Profinet DCP scanner vxworks_6_scan scanners/vxworks_6_scan.py Vxworks 6.x scanner s7comm_scan scanners/s7comm_scan.py S7comm scanner enip_scan scanners/enip_scan.py EthernetIP scanner ICS Protocols Module (Scapy Module)These protocol can used in other Fuzzing framework like Kitty or create your own client. Name Path Description pn_dcp icssploit/protocols/pn_dcp Profinet DCP Protocol modbus_tcp icssploit/protocols/modbus_tcp Modbus TCP Protocol wdbrpc2 icssploit/protocols/wdbrpc2 WDB RPC Version 2 Protocol s7comm icssploit/protocols/s7comm.py S7comm Protocol InstallPython requirementsgnureadline (OSX only)requestsparamikobeautifulsoup4pysnmppython-nmapscapy We suggest install scapy manual with this official documentInstall on Kaligit clone https://github.com/dark-lbp/isf/cd isfpython isf.pyUsage root@kali:~/Desktop/temp/isf# python isf.py _____ _____ _____ _____ _____ _ ____ _____ _______ |_ _/ ____|/ ____/ ____| __ \| | / __ \_ _|__ __| | || | | (___| (___ | |__) | | | | | || | | | | || | \___ \\___ \| ___/| | | | | || | | | _| || |____ ____) |___) | | | |___| |__| || |_ | | |_____\_____|_____/_____/|_| |______\____/_____| |_| ICS Exploitation Framework Note : ICSSPOLIT is fork from routersploit at https://github.com/reverse-shell/routersploit Dev Team : wenzhe zhu(dark-lbp) Version : 0.1.0 Exploits: 2 Scanners: 0 Creds: 13 ICS Exploits: PLC: 2 ICS Switch: 0 Software: 0 isf >Exploitsisf > use exploits/plcs/exploits/plcs/siemens/ exploits/plcs/vxworks/isf > use exploits/plcs/siemens/s7_300_400_plc_controlexploits/plcs/siemens/s7_300_400_plc_controlisf > use exploits/plcs/siemens/s7_300_400_plc_controlisf (S7-300/400 PLC Control) >You can use the tab key for completion.OptionsDisplay module options:isf (S7-300/400 PLC Control) > show optionsTarget options: Name Current settings Description —- —————- ———– target Target address e.g. 192.168.1.1 port 102 Target PortModule options: Name Current settings Description —- —————- ———– slot 2 CPU slot number. command 1 Command 0:start plc, 1:stop plc.isf (S7-300/400 PLC Control) >Set optionsisf (S7-300/400 PLC Control) > set target 192.168.70.210[+] {‘target’: ‘192.168.70.210’}Run moduleisf (S7-300/400 PLC Control) > run[*] Running module…[+] Target is alive[*] Sending packet to target[*] Stop plcisf (S7-300/400 PLC Control) >Display information about exploitisf (S7-300/400 PLC Control) > show infoName:S7-300/400 PLC ControlDescription:Use S7comm command to start/stop plc.Devices:- Siemens S7-300 and S7-400 programmable logic controllers (PLCs)Authors:- wenzhe zhu References:isf (S7-300/400 PLC Control) >DocumentsModbus-TCP Client usageWDBRPCV2 Client usageS7comm Client usageSNMP_bruteforce usageS7 300/400 PLC password bruteforce usageVxworks 6.x Scanner usageProfient DCP Scanner usageS7comm PLC Scanner usageProfinet DCP Set ip module usageLoad modules from extra folderHow to write your own moduleDownload ISF

Link: http://feedproxy.google.com/~r/PentestTools/~3/oT_vl-DqvbE/isf-industrial-control-system.html

Darksplitz – Exploit Framework

This tools is continued from Nefix, DirsPy and Xmasspy project.InstallationWill work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux.$ git clone https://github.com/koboi137/darksplitz$ cd darksplitz/$ sudo ./install.shFeaturesExtract mikrotik credential (user.dat)Password generatorReverse IP lookupMac address snifferOnline md5 crackerMac address lookupCollecting url from web.archive.orgWeb backdoor (Dark Shell)Winbox exploit (CVE-2018-14847)ChimeyRed exploit for mipsbe (Mikrotik)Exploit web applicationMass apple dos (CVE-2018-4407)Libssh exploit (CVE-2018-10933)Discovering Mikrotik deviceDirectory scannerSubdomain scannerMac address scannerMac address pingerVhost scanner (bypass cloudflare)Mass bruteforce (wordpress)Interactive msfrpc clientExploit web applicationplUpload file uploadjQuery file upload (CVE-2018-9206)Laravel (.env)sftp-config.json (misc)Wordpress register (enable)elfinder file uploadDrupal 7 exploit (CVE-2018-7600)Drupal 8 exploit (CVE-2018-7600)com_fabrik exploit (joomla)gravityform plugin file upload (wordpress)geoplace3 plugin file upload (wordpress)peugeot-music plugin file upload (wordpress)NotesThis tool will work fine under root, because scapy module and other need root user to access more features. But you can run as user too in some features. ;)Download Darksplitz

Link: http://feedproxy.google.com/~r/PentestTools/~3/i5XdO5H76m8/darksplitz-exploit-framework.html

Goscan – Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service enumeration not only in situations where being stealthy is not a priority and time is limited (think at CTFs, OSCP, exams, etc.), but also (with a few tweaks in its configuration) during professional engagements.GoScan is also particularly suited for unstable environments (think unreliable network connectivity, lack of “screen", etc.), given that it fires scans and maintain their state in an SQLite database. Scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously (more on this below). That is, data can be imported into GoScan at different stages of the process, without the need to restart the entire process from scratch if something goes wrong.In addition, the Service Enumeration phase integrates a collection of other tools (e.g., EyeWitness, Hydra, nikto, etc.), each one tailored to target a specific service.InstallationBinary installation (Recommended)Binaries are available from the Release page.# Linux (64bit)$ wget https://github.com/marco-lancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip$ unzip goscan_2.3_linux_amd64.zip# Linux (32bit)$ wget https://github.com/marco-lancini/goscan/releases/download/v2.3/goscan_2.3_linux_386.zip$ unzip goscan_2.3_linux_386.zip# After that, place the executable in your PATH$ chmod +x goscan$ sudo mv ./goscan /usr/local/bin/goscanBuild from source$ git clone https://github.com/marco-lancini/goscan.git$ cd goscan/goscan/$ make setup$ make buildTo create a multi-platform binary, use the cross command via make:$ make crossDocker$ git clone https://github.com/marco-lancini/goscan.git$ cd goscan/$ docker-compose up –buildUsageGoScan supports all the main steps of network enumeration: Step Commands 1. Load targets Add a single target via the CLI (must be a valid CIDR): load target SINGLE Upload multiple targets from a text file or folder: load target MULTI <path-to-file> 2. Host Discovery Perform a Ping Sweep: sweep <TYPE> <TARGET>Or load results from a previous discovery:Add a single alive host via the CLI (must be a /32): load alive SINGLE <IP>Upload multiple alive hosts from a text file or folder: load alive MULTI <path-to-file> 3. Port Scanning Perform a port scan: portscan <TYPE> <TARGET>Or upload nmap results from XML files or folder: load portscan <path-to-file> 4. Service Enumeration Dry Run (only show commands, without performing them): enumerate <TYPE> DRY <TARGET>Perform enumeration of detected services: enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET> 5. Special Scans EyeWitnessTake screenshots of websites, RDP services, and open VNC servers (KALI ONLY): special eyewitnessEyeWitness.py needs to be in the system pathExtract (Windows) domain information from enumeration dataspecial domain <users/hosts/servers>DNSEnumerate DNS (nmap, dnsrecon, dnsenum): special dns DISCOVERY <domain>Bruteforce DNS: special dns BRUTEFORCE <domain>Reverse Bruteforce DNS: special dns BRUTEFORCE_REVERSE <domain> <base_IP> Utils Show results: show <targets/hosts/ports>Automatically configure settings by loading a config file: set config_file <PATH>Change the output folder (by default ~/goscan): set output_folder <PATH>Modify the default nmap switches: set nmap_switches <SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD> <SWITCHES>Modify the default wordlists: set_wordlists <FINGER_USER/FTP_USER/…> <PATH> External IntegrationsThe Service Enumeration phase currently supports the following integrations: WHAT INTEGRATION ARP nmap DNS nmapdnsrecondnsenumhost FINGER nmapfinger-user-enum FTP nmapftp-user-enumhydra [AGGRESSIVE] HTTP nmapniktodirbEyeWitnesssqlmap [AGGRESSIVE]fimap [AGGRESSIVE] RDP nmapEyeWitness SMB nmapenum4linuxnbtscansamrdump SMTP nmapsmtp-user-enum SNMP nmapsnmpcheckonesixtyonesnmpwalk SSH hydra [AGGRESSIVE] SQL nmap VNC EyeWitness Download Goscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/QvZdo-L3mC8/goscan-interactive-network-scanner.html

Vuls – Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.Twitter: @vuls_enDEMOAbstractFor a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems.System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.Vuls is a tool created to solve the problems listed above. It has the following characteristics.Informs users of the vulnerabilities that are related to the system.Informs users of the servers that are affected.Vulnerability detection is done automatically to prevent any oversight.Report is generated on regular basis using CRON or other methods. to manage vulnerability.Main FeaturesScan for any vulnerabilities in Linux/FreeBSD ServerSupports major Linux/FreeBSDAlpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSDCloud, on-premise, DockerHigh quality scanVuls uses Multiple vulnerability databasesNVDJVN(Japanese)OVALRedHatDebianUbuntuSUSEOracle LinuxAlpine-secdbRed Hat Security AdvisoriesDebian Security Bug TrackerCommands(yum, zypper, pkg-audit)RHSA/ALAS/ELSA/FreeBSD-SAExploit DatabaseChangelogFast scan and Deep scanFast ScanScan without root privilege, no dependenciesAlmost no load on the scan target serverOffline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)Fast Root ScanScan with root privilegeAlmost no load on the scan target serverDetect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)Deep ScanScan with root privilegeParses the ChangelogChangelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software it’s possible to create a list of all vulnerabilities that need to be fixed.Sometimes load on the scan target serverRemote scan and Local scanRemote ScanUser is required to only setup one machine that is connected to other target servers via SSHLocal ScanIf you don’t want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.Dynamic AnalysisIt is possible to acquire the state of the server by connecting via SSH and executing the command.Vuls warns when the scan target server was updated the kernel etc. but not restarting it.Scan middleware that are not included in OS package managementScan middleware, programming language libraries and framework for vulnerabilitySupport software registered in CPEMISCNondestructive testingPre-authorization is NOT necessary before scanning on AWSVuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.Auto generation of configuration file templateAuto detection of servers set using CIDR, generate configuration file templateEmail and Slack notification is possible (supports Japanese language)Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI (VulsRepo).What Vuls Doesn’t DoVuls doesn’t update the vulnerable packages.Authorskotakanbe (@kotakanbe) created vuls and these fine people have contributed.Change LogPlease see CHANGELOG.Download Vuls

Link: http://www.kitploit.com/2019/03/vuls-vulnerability-scanner-for.html