Getsploit v0.2.2 – Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.Python versionUtility was tested on a python2.6, python2.7, python3.6 with SQLite FTS4 support. If you have found any bugs, don’t hesitate to open issueHow to useInstall: pip install getsploit Search# git clone https://github.com/vulnersCom/getsploit# cd getsploit# ./getsploit.py wordpress 4.7.0Total found exploits: 8Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0+———————-+——————————–+—————————————————-+| ID | Exploit Title | URL |+======================+================================+====================================================+| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 || | PHP Code Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 || | Insert PHP – PHP Code | || | Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41223 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41223 || | Unauthenticated Content | || | Injection (PoC) | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 || | API Privilege Escalation | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 || | Content Injection / Code | || | Execution | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 || | Content Injection Proof Of | || | Concept | |+———————-+——————————–+—————————————————-+| EDB-ID:41224 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41224 || | Unauthenticated Content | || | Injection Arbitrary Code | || | Execution | |+———————-+——————————–+—————————————————-+| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 || | injection | |+———————-+——————————–+—————————————————-+Save exploit files# ./getsploit.py -m wordpress 4.7.0Total found exploits: 8Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0+———————-+——————————–+—————————————————-+| ID | Exploit Title | URL |+======================+================================+====================================================+| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 || | PHP Code Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 || | Insert PHP – PHP Code | || | Injection | |+———————-+——————————–+—————————————————-+| EDB-ID:41223 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41223 || | Unauthenticated Content | || | Injection (PoC) | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 || | API Privilege Escalation | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 || | Content Injection / Code | || | Execution | |+———————-+——————————–+—————————————————-+| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 || | Content Injection Proof Of | || | Concept | |+———————-+——————————–+—————————————————-+| EDB-ID:41224 | WordPress 4.7.0/4.7.1 – | https://vulners.com/exploitdb/EDB-ID:41224 || | Unauthenticated Content | || | Injection Arbitrary Code | || | Execution | |+———————-+——————————–+—————————————————-+| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 || | injection | |+———————-+——————————–+—————————————————-+# lsLICENSE README.md getsploit.py wordpress-470# cd wordpress-470# lsedb-id41223.txt edb-id41224.txt edb-id41308.txt packetstorm140893.txt packetstorm140901.txt packetstorm140902.txt packetstorm141039.txt ssv-92637.txtLocal databaseIf your Python supports sqlite3 lib(builtin) you can use –update and –local commands to download whole exploit database to your PC. After update you can perform local offline searches.# ./getsploit.py –updateDownloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.219642496/219642496 [100.00%]Unpacking database.Database download complete. Now you may search exploits using –local key ‘./getsploit.py -l wordpress 4.7’Download Getsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/ik5Cki-nwIQ/getsploit-v022-command-line-utility-for.html

BillCipher – Information Gathering Tool For A Website Or IP Address

Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby.FeaturesDNS LookupWhois LookupGeoIP LookupSubnet LookupPort ScannerPage LinksZone TransferHTTP HeaderHost FinderIP-LocatorFind Shared DNS ServersGet Robots.txtHost DNS FinderReserve IP LookupEmail Gathering (use Infoga)Subdomain listing (use Sublist3r)Find Admin login site (use Breacher)Check and Bypass CloudFlare (use HatCloud)Website Copier (use httrack) NEW!Host Info Scanner (use WhatWeb) NEW!Install and Run in Linuxsudo apt update && sudo apt install ruby python python-pip python3 python3-pipsudo apt install httrack whatwebgit clone https://github.com/GitHackTools/BillCiphercd BillCipherpip install -r requirements.txtpip3 install -r requirements.txtpython3 billcipher.pyInstall and Run in WindowsDownload and run Python 2.7.x and Python 3.7 setup file from Python.org:In Customize Python 2.7.x, find Add python.exe to Path and select Will be installed on local hard drive.In Install Python 3.7, enable Add Python 3.6 to PATHDownload and run Ruby-lang setup file from RubyInstaller.org, choose Add Ruby executables to your PATH and Use UTF-8 as default external encoding.Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Prompt.After that, Run Command Propmt and enter this commands:git clone https://github.com/GitHackTools/BillCiphercd BillCipherpip install -r requirements.txtpip3 install -r requirements.txtpython3 billcipher.pyNotesBillCipher uses some ideas from Devploit and that is use HackerTarget API.All the tools: Breacher, Infoga, HatCloud and Sublist3r are tools from other developers, not programmed by GitHackTools.ScreenshotsContact to AuthorWebsite: GitHackTools.blogspot.comTwitter: @SecureGFFacebook: @GitHackToolsGoogle Plus: +TVT618Download BillCipher

Link: http://feedproxy.google.com/~r/PentestTools/~3/2Bb03henkHo/billcipher-information-gathering-tool.html

Syhunt Community Hybrid Scanner v6.2

Syhunt Community is a hybrid static and dynamic web application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed vulnerability information – Syhunt is also composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks.ChangeLog:Added source code scan for Node.js based web applications. Syhunt 6.2 is able to scan the source code of the Node.js web applications for security vulnerabilities with coverage for the Express and Koa frameworks. Version 6.2 adds code checks targeting Node.js web apps, covering: Cross-Site Scripting (XSS), Code Injection, HTTP Header Injection, Log Forging and more.Added the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities. Syhunt tested and reviewed the 6.1 code scanner results with the help of over 1600 vulnerable Java web apps originated from the WAVSEP project, the NIST SAMATE project and Syhunt Lab’s own test cases, reaching highly accurate detection rates of security flaws. Added the ability to scan (though in beta form) the source code of Lua-based web applications compatible with Apache’s mod_lua, CGILua and Lua Pages for vulnerabilities such as XSS, Code Injection, HTTP Header Injection and more.Other improvements:Improved XSS detection in multiple languages (classic ASP, ASP.NET & PSP).Improved input filtering analysis.Improved speed (scan optimization).Improved support for short write tag in multiple languages.Automatic Python WSGI script detection.Download Syhunt Community hybrid scanner version 6.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/naMgg9bwzAY/syhunt-community-hybrid-scanner-v62.html

RouterSploit v3.3.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload Routersploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/bGEb3P4Ibw4/routersploit-v330-exploitation.html

JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.com Enumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;" Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.6 [#BHUSA]Updated vulnerability databasesAdded new module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security])Added exploit for com_joomanagerUpdated list of common log pathsA few enhancementsDownload Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/LkQh4-Er0AQ/joomscan-006-owasp-joomla-vulnerability.html

WAScan v0.2.1 – Web Application Scanner

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box" method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.FeaturesFingerprintContent Management System (CMS) -> 6Web Frameworks -> 22Cookies/Headers SecurityLanguages -> 9Operating Systems (OS) -> 7Server -> ALLWeb App Firewall (WAF) -> 50+AttacksBash Commands InjectionBlind SQL InjectionBuffer OverflowCarriage Return Line FeedSQL Injection in HeadersXSS in HeadersHTML InjectionLDAP InjectionLocal File InclusionOS CommandingPHP Code InjectionSQL InjectionServer Side InjectionXPath InjectionCross Site ScriptingXML External EntityAuditApache Status PageOpen RedirectPHPInfoRobots.txtXSTBruteforceAdmin PanelCommon BackdoorCommon Backup DirCommon Backup FileCommon DirCommon FileHidden ParametersDisclosureCredit CardsEmailsPrivate IPErrors -> (fatal errors,…)SSNInstallation$ git clone https://github.com/m4ll0k/WAScan.git wascan$ cd wascan $ pip install BeautifulSoup$ python wascan.pyUsageFingerprint:$ python wascan.py –url http://xxxxx.com/ –scan 0Attacks:$ python wascan.py –url http://xxxxx.com/index.php?id=1 –scan 1Audit:$ python wascan.py –url http://xxxxx.com/ –scan 2Bruteforce:$ python wascan.py –url http://xxxxx.com/ –scan 3Disclosure:$ python wascan.py –url http://xxxxx.com/ –scan 4Full Scan:$ python wascan.py –url http://xxxxx.com –scan 5 Bruteforce Hidden Parameters:$ python wascan.py –url http://xxxxx.com/test.php –bruteAdvanced Usage$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234"$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –data "id=1" –method POST$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234" –proxy xxx.xxx.xxx.xxx $ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234" –proxy xxx.xxx.xxx.xxx –proxy-auth "root:4321"$ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth "admin:1234" –proxy xxx.xxx.xxx.xxx –proxy-auth "root:4321 –ragent -vDownload WAScan

Link: http://feedproxy.google.com/~r/PentestTools/~3/MVArfkpK9js/wascan-v021-web-application-scanner.html

Pure Blood v2.0 – A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter.Web Pentest / Information Gathering:Banner GrabWhoisTracerouteDNS RecordReverse DNS LookupZone Transfer LookupPort ScanAdmin Panel ScanSubdomain ScanCMS IdentifyReverse IP LookupSubnet LookupExtract Page LinksDirectory Fuzz (NEW)File Fuzz (NEW)Shodan Search (NEW)Shodan Host Lookup (NEW)Web Application Attack: (NEW)Wordpress     | WPScan     | WPScan Bruteforce     | WordPress Plugin Vulnerability Checker         Features: // I will add more soon.         | WordPress Woocommerce – Directory Craversal         | WordPress Plugin Booking Calendar 3.0.0 – SQL Injection / Cross-Site Scripting         | WordPress Plugin WP with Spritz 1.0 – Remote File Inclusion         | WordPress Plugin Events Calendar – ‘event_id’ SQL InjectionAuto SQL Injection     Features:     | Union Based     | (Error Output = False) Detection     | Tested on 100+ WebsitesGenerator:Deface PagePassword Generator // NEWText To Hash //NEWInstallationAny Python Version.$ git clone https://github.com/cr4shcod3/pureblood$ cd pureblood$ pip install -r requirements.txtDEMOWeb Pentest Web Application Attack Build WithColoramaRequestsPython-whoisDnspythonBeautifulSoupShodanAuthorsCr4sHCoD3 – Pure BloodDownload Pure Blood v2.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/PcrKCodaoSA/pure-blood-v20-penetration-testing.html

Cred Scanner – A Simple File-Based Scanner To Look For Potential AWS Access And Secret Keys In Files

A simple command line tool for finding AWS credentials in files. Optimized for use with Jenkins and other CI systems.I suspect there are other, better tools out there (such as git-secrets), but I couldn’t find anything to run a quick and dirty scan that also integrates well with Jenkins.Usage:To install just copy it where you want it and install the requirements:pip install -r ./requirements.txtThis was written in Python 3.6.To run:python cred_scanner.py That will scan the local directory and all subdirectories. It will list the files, which ones have potential access keys, and which files can’t be scanned due to the file format. cred_scanner exits with a code of 1 if it finds any potential keys.Usage: cred_scanner.py [OPTIONS]Options: –path TEXT Path other than the local directory to scan –secret Also look for Secret Key patterns. This may result in many false matches due to the nature of secret keys. –help Show this message and exit.To run as a test in Jenkins just use the command line or add it as a step to your Jenkins build. Jenkins will automatically fail the build if it sees the exit code 1.Download Cred Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/TbqapF5_yuQ/cred-scanner-simple-file-based-scanner.html

Pure Blood – A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug HunterMenuWeb Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Page LinksGenerator | Deface PageInstallationAny Python Version.Modules$ pip install -r requirements.txt OR$ pip install colorama requests python-whois dnspython bs4Path (Optional)Linux$ sudo nano ~/.bashrc# Add this in the bottom of the fileexport PATH=$PATH:/pureblood$ pureblood.pyWindowsWindows Search > Edit The System Environment Variables > Environment Variables > Path > Edit > New > (Path to the Tool) > Ok > Ok > Apply / Ok$ purebloodMAC$ nano /etc/paths# Add this in the bottom of the fileexport PATH=$PATH:<Path of the Tool>/pureblood/$ pureblood.pyAndroid (Termux / GNURoot)$ nano ~/.bashrc# Add this in the bottom of the fileexport PATH=$PATH:<Path of the Tool>/pureblood/$ pureblood.pyBuild WithColoramaRequestsPython-whoisDnspythonBeautifulSoupAuthorsCr4sHCoD3 – Pure BloodDownload Pureblood

Link: http://feedproxy.google.com/~r/PentestTools/~3/Rj8IZDAp3ZU/pure-blood-penetration-testing.html

Firebase Exploiting Tool – Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databasesPrerequisitesNon-standard python modules:dnsdumpsterbs4requestsInstallationIf the following commands run successfully, you are ready to use the script:git clone https://github.com/Turr0n/firebase.gitcd firebasepip install -r requirements.txtUsagepython3 firebase.py [-h] [–dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]Arguments: -h Show the help message -d Absolute path to the downloaded HTML file. -o Output file name. Default: results.json -c Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000 -p How many processes to execute. Default: 1 -l Path to a file containing the DBs to crawl. One DB name per line. This option can’t be used with -d or -c –dnsdumpster Use the DNSDumpster API to gather DBs –just-v Ignore “non-vulnerable" DBs –amass Path of the output file of an amass scan ([-o] argument)Example: python3 firebase.py -p 4 -f results_1.json -c 150 –dnsdumpster This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json and the whole script will execute using 4 parallel processesThe script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:-2: DB doesn’t exists-1: means it’s not vulnerable0: further explotation may be possible1: vulnerableFor a better results head to pentest-tools.com and in its subdomain scanner introduce the following domain: firebaseio.com. Once the scan has finished, save the page HTML(CRL+S) and use the -d [path] argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.Now we support the amass scanner by @caffix! By running any desired scann with that tool against firebaseio.com using the -o argument, the script will be able to digest the output file and crawl for the discovered DBs.Firebase DBs work using this structure: https://[DB name].firebaseio.com/. If you are using the -l [path] argument, the supplied file needs to contain a [DB name] per line, for example:airbnbtwittermicrosoftUsing that file will check for these DBs: https://airbnb.firebaseio.com/.json, https://twitter.firebaseio.com/.json, https://microsoft.firebaseio.com/.jsonDownload Firebase

Link: http://feedproxy.google.com/~r/PentestTools/~3/i5hgSAIPl6I/firebase-exploiting-tool-exploiting.html