Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/9xaMRbIv1Dk/zeebsploit-web-scanner-exploitation.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/RZKskKnsCFU/zeebsploit-web-scanner-exploitation_10.html

Censys Subdomain Finder – Perform Subdomain Enumeration Using The Certificate Transparency Logs From Censys

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA.See it in action:$ python censys_subdomain_finder.py github.com[*] Searching Censys for subdomains of github.com[*] Found 42 unique subdomains of github.com in ~1.7 seconds – hq.github.com – talks.github.com – cla.github.com – github.com – cloud.github.com – enterprise.github.com – help.github.com – collector-cdn.github.com – central.github.com – smtp.github.com – cas.octodemo.github.com – schrauger.github.com – jobs.github.com – classroom.github.com – dodgeball.github.com – visualstudio.github.com – branch.github.com – www.github.com – edu.github.com – education.github.com – import.github.com – styleguide.github.com – community.github.com – server.github.com – mac-installer.github.com – registry.github.com – f.cloud.github.com – offer.github.com – helpnext.github.com – foo.github.com – porter.github.com – id.github.com – atom-installer.github.com – review-lab.github.com – vpn-ca.iad.github.com – maintainers.github.com – raw.github.com – status.github.com – camo.github.com – support.enterprise.github.com – stg.github.com – rs.github.comSetupRegister an account (free) on https://censys.io/registerBrowse to https://censys.io/account, and set two environment variables with your API ID and API secret$ export CENSYS_API_ID=…$ export CENSYS_API_SECRET=…Clone the repository$ git clone https://github.com/christophetd/censys-subdomain-finder.gitInstall the dependencies$ cd censys-subdomain-finder$ pip install -r requirements.txtRun the script on example.com to make sure everything works as expected.$ python censys_subdomain_finder.py example.com[*] Searching Censys for subdomains of example.com[*] Found 5 unique subdomains of example.com – products.example.com – www.example.com – dev.example.com – example.com – support.example.comUsageusage: censys_subdomain_finder.py [-h] [-o OUTPUT_FILE] [–censys-api-id CENSYS_API_ID] [–censys-api-secret CENSYS_API_SECRET] domainpositional arguments: domain The domain to scanoptional arguments: -h, –help show this help message and exit -o OUTPUT_FILE, –output OUTPUT_FILE A file to output the list of subdomains to (default: None) –censys-api-id CENSYS_API_ID Censys API ID. Can also be defined using the CENSYS_API_ID environment variable (default: None) –censys-api-secret CENSYS_API_SECRET Censys API secret. Can also be defined using the CENSYS_API_SECRET environment variable (default: None)CompatibilityShould run on Python 2.7 and 3.5.NotesThe Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.Feel free to open an issue or to tweet @christophetd for suggestions or remarks.Download Censys-Subdomain-Finder

Link: http://feedproxy.google.com/~r/PentestTools/~3/bPFQtNdU4Fw/censys-subdomain-finder-perform.html

SubScraper – External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTP(S) requests and DNS “A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to help prioritize targets and aid in potential next steps. Post-Enumeration, "CNAME" lookups are displayed to identify subdomain takeover opportunities. Usagepython3 subscraper.py example.compython3 subscraper.py -t 5 -o csv example.comOptions -s Only use internet to find subdomains -b Only use DNS brute forcing to find subdomains -o OUTFILE Define output file type: csv/txt (Default: None) -t MAX_THREADS Max threads (Default: 10) -w SUBLIST Custom subdomain wordlistDownload Subscraper

Link: http://feedproxy.google.com/~r/PentestTools/~3/N7uapcTydU0/subscraper-external-pentest-tool-that.html

Firebase Exploiting Tool – Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databasesPrerequisitesNon-standard python modules:dnsdumpsterbs4requestsInstallationIf the following commands run successfully, you are ready to use the script:git clone https://github.com/Turr0n/firebase.gitcd firebasepip install -r requirements.txtUsagepython3 firebase.py [-h] [–dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]Arguments: -h Show the help message -d Absolute path to the downloaded HTML file. -o Output file name. Default: results.json -c Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000 -p How many processes to execute. Default: 1 -l Path to a file containing the DBs to crawl. One DB name per line. This option can’t be used with -d or -c –dnsdumpster Use the DNSDumpster API to gather DBs –just-v Ignore “non-vulnerable" DBs –amass Path of the output file of an amass scan ([-o] argument)Example: python3 firebase.py -p 4 -f results_1.json -c 150 –dnsdumpster This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json and the whole script will execute using 4 parallel processesThe script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:-2: DB doesn’t exists-1: means it’s not vulnerable0: further explotation may be possible1: vulnerableFor a better results head to pentest-tools.com and in its subdomain scanner introduce the following domain: firebaseio.com. Once the scan has finished, save the page HTML(CRL+S) and use the -d [path] argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.Now we support the amass scanner by @caffix! By running any desired scann with that tool against firebaseio.com using the -o argument, the script will be able to digest the output file and crawl for the discovered DBs.Firebase DBs work using this structure: https://[DB name].firebaseio.com/. If you are using the -l [path] argument, the supplied file needs to contain a [DB name] per line, for example:airbnbtwittermicrosoftUsing that file will check for these DBs: https://airbnb.firebaseio.com/.json, https://twitter.firebaseio.com/.json, https://microsoft.firebaseio.com/.jsonDownload Firebase

Link: http://feedproxy.google.com/~r/PentestTools/~3/i5hgSAIPl6I/firebase-exploiting-tool-exploiting.html

SubFinder – A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors.We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike. FeaturesSimple and modular code base making it easy to contribute.Fast And Powerful Bruteforcing ModulePowerful Permutation generation engine. (In Development)Many Passive Data Sources (30 At Present)Multiple Output formatsAsk, Archive.is, Baidu, Bing, Censys, CertDB, CertSpotter, CrtSH, DnsDB, DNSDumpster, Dogpile, Entrust CT-Search, Exalead, FindSubdomains, GoogleTER, Hackertarget, IPv4Info, Netcraft, PassiveTotal, PTRArchive, Riddler, SecurityTrails, SiteDossier, Shodan, SSL Certificates, ThreatCrowd, ThreatMiner, Virustotal, WaybackArchive, Yahoo Usage./subfinder -h This will display help for the tool. Here are all the switches it supports. Flag Description Example -b Use bruteforcing to find subdomains ./subfinder -d example.com -b -c Don’t show colored output ./subfinder -c -d Domain to find subdomains for ./subfinder -d example.com -dL List of domains to find subdomains for ./subfinder -dl hosts.txt -nW Remove wildcard subdomains ./subfinder -nw -o Name of the output file (Optional) ./subfinder -o output.txt -oT Write output in Aquatone style JSON format (Required -nW) ./subfinder -o output.txt -nw -oA -oJ Write output in JSON format ./subfinder -o output.json -oJ -oD Output to directory (When using multiple hosts) ./subfinder -od ~/misc/out/ -r Comma-separated list of resolvers to use ./subfinder -r 8.8.8.8,1.1.1.1 -rL File containing list of resolvers to use ./subfinder -rL resolvers.txt –recursive Use recursive subdomain finding (default: true) ./subfinder –recursive –set-config Sets a configuration option ./subfinder –set-config example=something –set-settings Sets a setting option ./subfinder –set-settings CensysPages=10 –no-passive Do not perform passive subdomain enumeration ./subfinder -d freelancer.com –no-passive –silent Show only the subdomains found ./subfinder –silent –sources Comma separated list of sources to use (optional) ./subfinder –sources threatcrowd,virustotal –exclude-sources Comma separated list of sources not to use (optional) ./subfinder –exclude-sources threatcrowd,virustotal -t Number of concurrent threads (Bruteforce) ./subfinder -t 10 –timeout Seconds to wait until quitting connection ./subfinder –timeout 10 -v Display verbose output ./subfinder -v -w Wordlist for doing bruteforcing and permutation ./subfinder -w words.txt Installation InstructionsDirect InstallationSubFinder requires go1.10+ to install successfully !The installation is easy. Git clone the repo and run go build.go get github.com/subfinder/subfinderUpgradingIf you wish to upgrade the package you can use:go get -u github.com/subfinder/subfinderRunning in a Docker ContainerGit clone the repo, then build and run subfinder in a container with the following commandsClone the repo using git clone https://github.com/subfinder/subfinder.gitBuild your docker containerdocker build -t subfinder .After building the container, run the following.docker run -it subfinderThe above command is the same as running -hNOTE: Please follow the Post Install steps given after this to correctly configure the tool.For example, this runs the tool against uber.com and output the results to your host file system:docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it subfinder -d uber.com > uber.com.txtPost Installation InstructionsSubfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys. These following services do not work without an API key:VirustotalPassivetotalSecurityTrailsCensysRiddlerShodanThese are the configuration options you have to specify via the command line.VirustotalAPIKey PassivetotalUsername PassivetotalKeySecurityTrailsKeyRiddlerEmailRiddlerPasswordCensysUsernameCensysSecretShodanAPIKeyTheses values are stored in the $HOME/.config/subfinder/config.json file which will be created when you run the tool for the first time. To configure the services to use an API key, you need to use the tool with –set-config option which will allow you to set a configuration option. For example:./subfinder –set-config VirustotalAPIKey=0x41414141./subfinder –set-config PassivetotalUsername=hacker,PassivetotalKey=supersecretIf you are using docker, you need to first create your directory structure holding subfinder configuration file. You can either run the binary in your host system and let it create the directory structure of files, after which you can use –set-config flag to set the api values like before. Or you can run:mkdir $HOME/.config/subfindercp config.json $HOME/.config/subfinder/config.jsonnano $HOME/.config/subfinder/config.jsonAfter that, you can pass it as a volume using the following sample command.sudo docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it subfinder -d freelancer.comNow, you can also pass –set-config inside the docker to change the configuration options.Running SubfinderTo run the tool on a target, just use the following command../subfinder -d freelancer.comThis will run the tool against freelancer.com. There are a number of configuration options that you can pass along with this command. The verbose switch (-v) can be used to display verbose information.[CERTSPOTTER] www.fi.freelancer.com[DNSDUMPSTER] hosting.freelancer.com[DNSDUMPSTER] support.freelancer.com[DNSDUMPSTER] accounts.freelancer.com[DNSDUMPSTER] phabricator.freelancer.com[DNSDUMPSTER] cdn1.freelancer.com[DNSDUMPSTER] t1.freelancer.com[DNSDUMPSTER] wdc.t1.freelancer.com[DNSDUMPSTER] dal.t1.freelancer.comThe -o command can be used to specify an output file../subfinder -d freelancer.com -o output.txtYou can also get output in json format using -oJ switch. The –silent switch can be used to show only subdomains found without any other info. The –set-config switch can be used to set the value of any configuration option as explained above in the readme.You can also pass some special settings for the tool through the command line by using –set-setting flag. For example, you can pass the number of Censys pages to check using the following command../subfinder -d freelancer.com –sources censys –set-settings CensysPages=2 -v For checking all pages returned by censys, you can use “all" option. Note, It is a string.These are the settings currently supportedCensysPagesAskPagesBaiduPagesBingPagesFor using bruteforcing capabilities, you can use -b flag with -w option to specify a wordlist../subfinder -d freelancer.com -b -w jhaddix_all.txt -t 100 –sources censys –set-settings CensysPages=2 -v You can also write output in JSON format as used by Aquatone../subfinder -d freelancer.com -o result_aquatone.json -oT -nW -v You can specify custom resolvers too../subfinder -d freelancer.com -o result_aquatone.json -oT -nW -v -r 8.8.8.8,1.1.1.1./subfinder -d freelancer.com -o result_aquatone.json -oT -nW -v -rL resolvers.txtIf you want to do bruteforce only and do not want to run the passive subdomain discovery engine, you can use –no-passive flag which will not run passive discovery. You can use this functionality to run plain bruteforce, etc../subfinder -d freelancer.com –no-passive -v -b -w ~/dnslist.txtDownload SubFinder

Link: http://feedproxy.google.com/~r/PentestTools/~3/58lFnCeg94M/subfinder-subdomain-discovery-tool-that.html

Takeover – SubDomain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. For more information: hereInstallation:# git clone https://github.com/m4ll0k/takeover.git# cd takeover# python takeover.pyor:wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python takeover.pyDownload Takeover

Link: http://feedproxy.google.com/~r/PentestTools/~3/bCpPqZo0iAg/takeover-subdomain-takeover.html

Zoom – Automatic & Lightning Fast WordPress Vulnerability Scanner

Zoom is a lightning fast wordpress vulnerability scanner equipped with subdomain & infinite username enumeration.. It doesn’t support plugin & theme enumeration at the moment.What’s infinite enumeration? Try enumerating usernames of cybrary.com with Zoom & wpscan (or your fav tool).Twitter: @weareultimate Website: teamultimate.inUsagesManual Modepython zoom.py -u In the manual mode, you will need to specify a wordpress website to scan for vulnerabilities and to enumerate subdomains.Automatic Modepython zoom.py -u <website> –autoIn the automatic mode, Zoom will find subdomains and check the ones using wordpress for vulnerabilities.Automatic Mode DemoManual Mode DemoDownload Zoom

Link: http://feedproxy.google.com/~r/PentestTools/~3/9k6EJHM3rPs/zoom-automatic-lightning-fast-wordpress.html

Subfinder – Subdomain Discovery Tool That Can Discover Massive Amounts Of Valid Subdomains For Any Target

SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors.Why?This project began it’s life as a Bug Bounty World slack channel discussion. @ice3man & @codingo were talking about how the cornerstone subdomain tool at the time, sublist3r, appeared to have been abandoned. The goal of this project was to make a low dependancy, manageable project in Go that would continue to be maintained over time. @Ice3man decided to rewrite the sublist3r project and posted about it. @codingo offered to contribute to the project and subfinder was born.FeaturesSimple and modular code base making it easy to contribute.Fast And Powerful Bruteforcing Module (In Development)Powerful Permutation generation engine. (In Development)Many Passive Data Sources (CertDB, CertSpotter, crtsh, DNSDumpster, FindSubdomains, Hackertarget, Netcraft, PassiveTotal, PTRArchive, SecurityTrails, Threatcrowd, VirusTotal)Internet Archives support for finding subdomains (In development)InstallThe installation is easy. Git clone the repo and run go build.go get github.com/ice3man543/subfinderTo configure it to work with certain services, you need to have an API key for them. These are the services that do not work without an API key.VirustotalPassivetotalSecurityTrailsPut these values in the config.json file and you should be good to go.If your $GOPATH is /home/go, make sure to place your config.json file in $GOPATH/bin folder or wherever you have the binary. Otherwise, it will not work.Download Subfinder

Link: http://feedproxy.google.com/~r/PentestTools/~3/Gscbz8mZ4bI/subfinder-subdomain-discovery-tool-that.html

Th3Inspector – Tool for Information Gathering

Tool For Information Gathering.UsageShort FormLong FormDescription-i–infoWebsite Information-n–numberPhone Number Information-mx–mailserverFind IP Address And E-mail Server-w–whoisDomain Whois Lookup-l–locationFind Website/IP Address Location-c–cloudflareBypass CloudFlare-a–ageDomain Age Checker-ua–useragentUser Agent Info-p–portCheck Active Services On Resource-b–binCredit Card Bin Checker-s–subdomainSubdomain Scanner-e–emailE-mail Address Checker-cms–cmsContent Management System Checker-h–helpshow the help message and exitExamplesTo list all the basic options and switches use -h switch:perl Th3inspector.pl -hTo Get Website Information:perl Th3inspector.pl -i example.comTo Get Phone Number Information :perl Th3inspector.pl -n xxxxxxxTo Find IP Address And E-mail Server:perl Th3inspector.pl -mx example.comTo Find Website Or IP Address Location :perl Th3inspector.pl -l example.comTo Get Real IP Of Website Using CloudFlare Protectionperl Th3inspector.pl -c example.comScreenshotsVideoInstallation Linuxgit clone https://github.com/Moham3dRiahi/Th3inspector.gitcd Th3inspectorchmod +x install.sh && ./install.shInstallation AndroidDownload Termuxgit clone https://github.com/Moham3dRiahi/Th3inspector.gitcd Th3inspectorchmod +x install.sh && ./install.shInstallation WindowsDownload PerlDownload Th3inspectorcpan install JSONExtract Th3inspector into DesktopOpen CMD and type the following commands:cd Desktop/Th3inspector-master/perl Th3inspector.plVersionCurrent version is 1.9 What’s New • speed up• Bug fixesDownload Th3inspector

Link: http://feedproxy.google.com/~r/PentestTools/~3/0v9YVZHwqTs/th3inspector-tool-for-information.html