Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/9xaMRbIv1Dk/zeebsploit-web-scanner-exploitation.html

Zeebsploit – Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hackingsearching for web information andscanning vulnerabilities of a webInstallation & Usageapt-get install gitgit clone https://github.com/jaxBCD/Zeebsploit.gitcd Zeebsploitchmod +x install./installpython3 zeebsploit.pytype ‘help’ for show modulesand follow instructionModules[Main modules]+———-+——————————-+| Modules | Description |+———-+——————————-+| Exploit | Exploitation Modules || Scanners | Scanners Modules || infoga | information Gathering Modules |+———-+——————————-+[Exploit Modules]+—————————+————————————————–+| Modules | Description |+—————————+————————————————–+| wp content injection | wordpress content injection version 4.7 or 4.7.1 || wp revslider | wordpress plugin revslider remote file upload || wp learndash | wordpress leardash remote file upload || wp swhobiz | wordpress plugin showbiz remote file upload || joomla com fabrik | joomla component fabrik file upload || joomla manager get config | joomla component manager auto get config || joomla jdownload | joomla component jdownloads remote file upload || joomla | Joomla ads manager component auto shell upload || apache struts rce | CVE: 2017-5638 – Apache Struts2 S2-045 || | remote command execution || drupal8 rce | drupal version 8 remote command execution || dvr cam leak credential | TBK DVR4104 / DVR4216 || | – Credentials Leak (Get User and password || webdav file upload | Nothing || —More— | Coming Soon the following version |+—————————+————————————————–+[Scanner Module]+——————–+—————————————-+| Modules | Description |+——————–+—————————————-+| subdomain scanner | Scan Subdomain for Web || sqli scanner | Scan Sql Injection Vulnerability || xss scanner | Scan XSS Injection Vulnerability || lfi scanner | Local File Includes Scanner etc/passwd || admin login finder | Scan Admin Login page || directory scanner | scan directory on web us e dirhunt || subdomain takeover | scan type subdomain takeover || —More— | Coming Soon the following version |+——————–+—————————————-+[Information Gathering]+——————–+——————————————+| Modules | Description |+——————–+——————————————+| cms detector | a tool for detecting cms on a web || port scanner | Scan Open Port use Nmap || information header | response header information || ip geolocation | detect the location of an ip or host || email searcher | searching email from web || traceroute | to show the route the package has pas sed || robot.txt detector | Scan Robot.txt from Web || header information | Response Header Checker || whois lookup | looking for registered users or || | recipients of Internet resource rights || —More— | Coming Soon the following version |+——————–+——————————————+Join Team : [Click This]Contact : [Contact]Download Zeebsploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/RZKskKnsCFU/zeebsploit-web-scanner-exploitation_10.html

Osmedeus – Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.How to useIf you have no idea what are you doing just type the command below or check out the Advance Usage./osmedeus.py -t example.comInstallationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageFeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.IP Discovery.CORS Scan.SSL Scan.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.SPA Web UI.Slack notifications.DemoScreenshotsContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/DCeXRDXo4J0/osmedeus-fully-automated-offensive.html

Osmedeus – Automatic Reconnaisance And Scanning In Penetration Testing

Automatic Reconnaisance and Scanning in Penetration TestingWhat is Osmedeus?Osmedeus allow you to doing boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools.Installationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeuschmod +x install.sh./install.shHow to useDoing normal routine include: Subdomain Scanning, Subdomain TakeOver Scanning, Port Scanning and ScreenShot the target../osmedeus.py -t example.comScanning subdomain and Subdomain TakeOver./osmedeus.py -m subdomain -t example.comGit repo scanning./osmedeus.py -m git –git https://github.com/whatever/repoDoing some stuff with Burp State file./osmedeus.py -m burp -t example.com –burp yourburpstate.xmlAvailable modules with list tool being usedSubdomain Scanning amasssubfindermassdnsSubdomain TakeOver Scanning subjackSubOverPort Scanning and ScreenShot the target aquatonEyeWitnessmasscanGit repo scanning truffleHoggitrobDoing some stuff with Burp State file sqlmapSleuthQLLinkFinderDemoContact@j3ssiejjjDownload Osmedeus

Link: http://feedproxy.google.com/~r/PentestTools/~3/WSk0NzgPyq8/osmedeus-automatic-reconnaisance-and.html

TakeOver v1 – Extracts CNAME Record Of All Subdomains At Once

What is Subdomain Takeover?Subdomain takeover is a class of vulnerability where subdomain points to an external service that has been deleted. The external services are Github, Heroku, Gitlab, Tumblr and so on. Let’s assume we have a subdomain sub.example.com that points to an external service such as GitHub. If the Github page is removed by its owner and forgot to remove the DNS entry that points to GitHub service. An attacker can simply takeover subdomain by adding CNAME file containing the sub.example.com.Here is the command that checks CNAME record of a subdomain.$dig CNAME apt.shopify.com –> apt.shopify.com.s3-website-us-east-1.amazonaws.com.How Can Takeover script help bug bounty hunters?There are a lot of sites having thousands of subdomain and it’s really hard to check each subdomain. Here we got a script that shows CNAME record for each domain. It takes a file name as an input and perform some action and finally produce it output, which shows CNAME record for each domain. The input file should contain a list of subdomains.How can I recognise if the subdomain is vulnerable to subdomain takeover?There are some fingerprints should be analysed when service is deleted and DNS entry remains as it is. The attacker get this error when visiting vulnerable subdomain such as “There isn’t a Github Pages site here.” or view below image for more detail.Security researcher @edoverflow has listed all services and their fingerprints. For more detail visit https://github.com/EdOverflow/can-i-take-over-xyzYoutubeDownload TakeOver-v1

Link: http://feedproxy.google.com/~r/PentestTools/~3/ZHQM026H0rI/takeover-v1-extracts-cname-record-of.html

SubScraper – External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTP(S) requests and DNS “A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to help prioritize targets and aid in potential next steps. Post-Enumeration, "CNAME" lookups are displayed to identify subdomain takeover opportunities. Usagepython3 subscraper.py example.compython3 subscraper.py -t 5 -o csv example.comOptions -s Only use internet to find subdomains -b Only use DNS brute forcing to find subdomains -o OUTFILE Define output file type: csv/txt (Default: None) -t MAX_THREADS Max threads (Default: 10) -w SUBLIST Custom subdomain wordlistDownload Subscraper

Link: http://feedproxy.google.com/~r/PentestTools/~3/N7uapcTydU0/subscraper-external-pentest-tool-that.html

SubFinder – A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors.We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike. FeaturesSimple and modular code base making it easy to contribute.Fast And Powerful Bruteforcing ModulePowerful Permutation generation engine. (In Development)Many Passive Data Sources (30 At Present)Multiple Output formatsAsk, Archive.is, Baidu, Bing, Censys, CertDB, CertSpotter, CrtSH, DnsDB, DNSDumpster, Dogpile, Entrust CT-Search, Exalead, FindSubdomains, GoogleTER, Hackertarget, IPv4Info, Netcraft, PassiveTotal, PTRArchive, Riddler, SecurityTrails, SiteDossier, Shodan, SSL Certificates, ThreatCrowd, ThreatMiner, Virustotal, WaybackArchive, Yahoo Usage./subfinder -h This will display help for the tool. Here are all the switches it supports. Flag Description Example -b Use bruteforcing to find subdomains ./subfinder -d example.com -b -c Don’t show colored output ./subfinder -c -d Domain to find subdomains for ./subfinder -d example.com -dL List of domains to find subdomains for ./subfinder -dl hosts.txt -nW Remove wildcard subdomains ./subfinder -nw -o Name of the output file (Optional) ./subfinder -o output.txt -oT Write output in Aquatone style JSON format (Required -nW) ./subfinder -o output.txt -nw -oA -oJ Write output in JSON format ./subfinder -o output.json -oJ -oD Output to directory (When using multiple hosts) ./subfinder -od ~/misc/out/ -r Comma-separated list of resolvers to use ./subfinder -r 8.8.8.8,1.1.1.1 -rL File containing list of resolvers to use ./subfinder -rL resolvers.txt –recursive Use recursive subdomain finding (default: true) ./subfinder –recursive –set-config Sets a configuration option ./subfinder –set-config example=something –set-settings Sets a setting option ./subfinder –set-settings CensysPages=10 –no-passive Do not perform passive subdomain enumeration ./subfinder -d freelancer.com –no-passive –silent Show only the subdomains found ./subfinder –silent –sources Comma separated list of sources to use (optional) ./subfinder –sources threatcrowd,virustotal –exclude-sources Comma separated list of sources not to use (optional) ./subfinder –exclude-sources threatcrowd,virustotal -t Number of concurrent threads (Bruteforce) ./subfinder -t 10 –timeout Seconds to wait until quitting connection ./subfinder –timeout 10 -v Display verbose output ./subfinder -v -w Wordlist for doing bruteforcing and permutation ./subfinder -w words.txt Installation InstructionsDirect InstallationSubFinder requires go1.10+ to install successfully !The installation is easy. Git clone the repo and run go build.go get github.com/subfinder/subfinderUpgradingIf you wish to upgrade the package you can use:go get -u github.com/subfinder/subfinderRunning in a Docker ContainerGit clone the repo, then build and run subfinder in a container with the following commandsClone the repo using git clone https://github.com/subfinder/subfinder.gitBuild your docker containerdocker build -t subfinder .After building the container, run the following.docker run -it subfinderThe above command is the same as running -hNOTE: Please follow the Post Install steps given after this to correctly configure the tool.For example, this runs the tool against uber.com and output the results to your host file system:docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it subfinder -d uber.com > uber.com.txtPost Installation InstructionsSubfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys. These following services do not work without an API key:VirustotalPassivetotalSecurityTrailsCensysRiddlerShodanThese are the configuration options you have to specify via the command line.VirustotalAPIKey PassivetotalUsername PassivetotalKeySecurityTrailsKeyRiddlerEmailRiddlerPasswordCensysUsernameCensysSecretShodanAPIKeyTheses values are stored in the $HOME/.config/subfinder/config.json file which will be created when you run the tool for the first time. To configure the services to use an API key, you need to use the tool with –set-config option which will allow you to set a configuration option. For example:./subfinder –set-config VirustotalAPIKey=0x41414141./subfinder –set-config PassivetotalUsername=hacker,PassivetotalKey=supersecretIf you are using docker, you need to first create your directory structure holding subfinder configuration file. You can either run the binary in your host system and let it create the directory structure of files, after which you can use –set-config flag to set the api values like before. Or you can run:mkdir $HOME/.config/subfindercp config.json $HOME/.config/subfinder/config.jsonnano $HOME/.config/subfinder/config.jsonAfter that, you can pass it as a volume using the following sample command.sudo docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it subfinder -d freelancer.comNow, you can also pass –set-config inside the docker to change the configuration options.Running SubfinderTo run the tool on a target, just use the following command../subfinder -d freelancer.comThis will run the tool against freelancer.com. There are a number of configuration options that you can pass along with this command. The verbose switch (-v) can be used to display verbose information.[CERTSPOTTER] www.fi.freelancer.com[DNSDUMPSTER] hosting.freelancer.com[DNSDUMPSTER] support.freelancer.com[DNSDUMPSTER] accounts.freelancer.com[DNSDUMPSTER] phabricator.freelancer.com[DNSDUMPSTER] cdn1.freelancer.com[DNSDUMPSTER] t1.freelancer.com[DNSDUMPSTER] wdc.t1.freelancer.com[DNSDUMPSTER] dal.t1.freelancer.comThe -o command can be used to specify an output file../subfinder -d freelancer.com -o output.txtYou can also get output in json format using -oJ switch. The –silent switch can be used to show only subdomains found without any other info. The –set-config switch can be used to set the value of any configuration option as explained above in the readme.You can also pass some special settings for the tool through the command line by using –set-setting flag. For example, you can pass the number of Censys pages to check using the following command../subfinder -d freelancer.com –sources censys –set-settings CensysPages=2 -v For checking all pages returned by censys, you can use “all" option. Note, It is a string.These are the settings currently supportedCensysPagesAskPagesBaiduPagesBingPagesFor using bruteforcing capabilities, you can use -b flag with -w option to specify a wordlist../subfinder -d freelancer.com -b -w jhaddix_all.txt -t 100 –sources censys –set-settings CensysPages=2 -v You can also write output in JSON format as used by Aquatone../subfinder -d freelancer.com -o result_aquatone.json -oT -nW -v You can specify custom resolvers too../subfinder -d freelancer.com -o result_aquatone.json -oT -nW -v -r 8.8.8.8,1.1.1.1./subfinder -d freelancer.com -o result_aquatone.json -oT -nW -v -rL resolvers.txtIf you want to do bruteforce only and do not want to run the passive subdomain discovery engine, you can use –no-passive flag which will not run passive discovery. You can use this functionality to run plain bruteforce, etc../subfinder -d freelancer.com –no-passive -v -b -w ~/dnslist.txtDownload SubFinder

Link: http://feedproxy.google.com/~r/PentestTools/~3/58lFnCeg94M/subfinder-subdomain-discovery-tool-that.html

SubOver v1.1.1 – A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it’s redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.InstallingYou need to have Golang installed on your machine. There are no additional requirements for this tool.go get github.com/Ice3man543/SubOverUsage./SubOver -l subdomains.txt-l List of Subdomains-t Number of concurrent threads. (Default 10)-v Show verbose output (Default False)-https Force HTTPS Connection (Default HTTP)-timeout Set custom timeout (Default 10)-h Show help messageCurrently Checked ServicesGithub, Heroku, Unbounce, Tumblr, Shopify, Instapage, Desk, Tictail, Campaignmonitor, Cargocollective, Statuspage, Amazonaws, Cloudfront, Bitbucket, Smartling, Acquia, Fastly, Pantheon, Zendesk, Uservoice, Ghost, Freshdesk, Pingdom, Tilda, WordPress, Teamwork, Helpjuice, Helpscout, Cargo, Feedpress, Surge, Surveygizmo, Mashery, Intercom, Webflow, Kajabi, Thinkific, Tave, Wishpond, Aftership, Aha, Brightcove, Bigcartel, Activecompaign, Compaignmonitor, Acquia, Proposify, Simplebooklet, Getresponse, Vend, Jetbrains, AzureCount : 51FAQQ: What should my wordlist look like?A: Your wordlist should include a list of subdomains you’re checking and should look something like:backend.example.comsomething.someone.comapo-setup.fxc.something.comChangelog[1.1.1] – 2018-03-20Providers corrected using EdOverflow’s Awesome ListAdded Information regarding various takeovers to the tool[1.1.0] – 2018-03-16Rewritten from scratch in GolangThis time it’s damn fast because of Go Concurrency.The console output looks better :-)[1.0.0] – 2018-02-04Initial Release with 35 Services written in Python.Pretty Slow :-)Download SubOver

Link: http://feedproxy.google.com/~r/PentestTools/~3/r3ZoXELD7J4/subover-v111-powerful-subdomain.html

SubOver – A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.InstallingYou need to have Python 2.7 installed on your machine. The following additional requirements are required -dnspythoncoloramagit clone https://github.com/Ice3man543/SubOver.git .cd SubOver# consider installing virtualenvpip install -r requirements.txtpython subover.py -hUsagepython subover.py -l subdomains.txt -o output_takeovers.txt-l subdomains.txt is the list of target subdomains. These can be discovered using various tool such as sublist3r or others.-o output_takeovers.txtis the name of the output file. (Optional & Currently not very well formatted)-t 20 is the default number of threads that SubOver will use. (Optional)-V is the switch for showing verbose output. (Optional, Default=False)Currently Checked ServicesGithubHerokuUnbounceTumblrShopifyInstapageDeskTictailCampaignmonitorCargocollectiveStatuspageAmazonawsCloudfrontBitbucketSquarespaceSmartlingAcquiaFastlyPantheonZendeskUservoiceWPEngineGhostFreshdeskPingdomTildaWordpressTeamworkHelpjuiceHelpscoutCargoFeedpressFreshdeskSurgeSurveygizmoMasheryCount : 36FAQQ: What should my wordlist look like?A: Your wordlist should include a list of subdomains you’re checking and should look something like:backend.example.comsomething.someone.comapo-setup.fxc.something.comYour tool sucks!Yes, you’re probably correct. Feel free to:Not use it.Show me how to do it better.ContactTwitter: @Ice3man543CreditsSubdomain Takeover Scanner by 0x94subjack : Hostile Subdomain Takeover Tool Written In GOAnshumanbh : tko-subsDownload SubOver

Link: http://feedproxy.google.com/~r/PentestTools/~3/rR7nBdy4pdY/subover-powerful-subdomain-takeover-tool.html