PyWhatCMS – Unofficial WhatCMS API Package

Python package for whatcms.com APIThe package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems (CMS)Installationpip install pywhatcmsUsageFirst of all, import pywhatcms:from pywhatcms import whatcmsQuery a domain:whatcms(‘API-KEY’, ‘blog.underc0de.org’)Obtain info:whatcms.namewhatcms.codewhatcms.confidencewhatcms.cms_urlwhatcms.versionwhatcms.msgwhatcms.idwhatcms.requestwhatcms.request_webDownload Pywhatcms

Link: http://feedproxy.google.com/~r/PentestTools/~3/MipV-mhuXs0/pywhatcms-unofficial-whatcms-api-package.html

EasySploit – Metasploit Automation (EASIER And FASTER Than EVER)

EasySploit v3.1 (Linux) – Metasploit automation (EASIER and FASTER than EVER)Options:(1) Windows –> test.exe (payload and listener)(2) Android –> test.apk (payload and listener)(3) Linux –> test.py (payload and listener)(4) MacOS –> test.jar (payload and listener)(5) Web –> test.php (payload and listener)(6) Scan if a target is vulnerable to ms17_010(7) Exploit Windows 7/2008 x64 ONLY by IP (ms17_010_eternalblue)(8) Exploit Windows Vista/XP/2000/2003 ONLY by IP (ms17_010_psexec)(9) Exploit Windows with a link (HTA Server)(10) Contact with me – My accountsHow to install:git clone https://github.com/KALILINUXTRICKSYT/easysploit.gitcd easysploitbash installer.shHow to run (after installation):Type anywhere in your terminal “easysploit".Video tutorials:Download Easysploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/fAldiqcnlVY/easysploit-metasploit-automation-easier.html

Freddy – Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.This useful extension was originally developed by Nick Bloor (@nickstadb) for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented at Black Hat USA 2017 and DEF CON 25. In their work they reviewed a range of JSON and XML serialisation libraries for Java and .NET and found that many of them support serialisation of arbitrary runtime objects and as a result are vulnerable in the same way as many serialisation technologies are – snippets of code (POP gadgets) that execute during or soon after deserialisation can be controlled using the properties of the serialized objects, often opening up the potential for arbitrary code or command execution.Further modules supporting more formats including YAML and AMF are also included, based on the paper Java Unmarshaller Security – Turning your data into code execution and tool marshalsec by Moritz Bechler.This Burp Suite extension implements both passive and active scanning to identify and exploit vulnerable libraries.Freddy FeaturesPassive ScanningFreddy can passively detect the use of potentially dangerous serialisation libraries and APIs by watching for type specifiers or other signatures in HTTP requests and by monitoring HTTP responses for exceptions issued by the target libraries. For example the library FastJson uses a JSON field $types to specify the type of the serialized object.Active ScanningFreddy includes active scanning functionality which attempts to both detect and, where possible, exploit affected libraries.Active scanning attempts to detect the use of vulnerable libraries using three methods: exception-based, time-based, and Collaborator-based.Exception BasedIn exception-based active scanning, Freddy inserts data into the HTTP request that should trigger a known target-specific exception or error message. If this error message is observed in the application’s response then an issue is raised.Time BasedIn some cases time-based payloads can be used for detection because operating system command execution is triggered during deserialisation and this action blocks execution until the OS command has finished executing. Freddy uses payloads containing ping [-n|-c] 21 127.0.0.1 in order to induce a time delay in these cases.Collaborator BasedCollaborator-based payloads work either by issuing a nslookup command to resolve the Burp Suite Collaborator-generated domain name, or by attempting to load remote classes from the domain name into a Java application. Freddy checks for new Collaborator issues every 60 seconds and marks them in the issues list with RCE (Collaborator).Supported TargetsThe following targets are currently supported (italics are new in v2.0):JavaBlazeDS AMF 0 (detection, RCE)BlazeDS AMF 3 (detection, RCE)BlazeDS AMF X (detection, RCE)Burlap (detection, RCE)Castor (detection, RCE)FlexJson (detection)Genson (detection)Hessian (detection, RCE)Jackson (detection, RCE)JSON-IO (detection, RCE)JYAML (detection, RCE)Kryo (detection, RCE)Kryo using StdInstantiatorStrategy (detection, RCE)ObjectInputStream (detection, RCE)Red5 AMF 0 (detection, RCE)Red5 AMF 3 (detection, RCE)SnakeYAML (detection, RCE)XStream (detection, RCE)XmlDecoder (detection, RCE)YAMLBeans (detection, RCE).NETBinaryFormatter (detection, RCE)DataContractSerializer (detection, RCE)DataContractJsonSerializer (detection, RCE)FastJson (detection, RCE)FsPickler JSON support (detection)FsPickler XML support (detection)JavascriptSerializer (detection, RCE)Json.Net (detection, RCE)LosFormatter (detection, RCE) – Note not a module itself, supported through ObjectStateFormatterNetDataContractSerializer (detection, RCE)ObjectStateFormatter (detection, RCE)SoapFormatter (detection, RCE)Sweet.Jayson (detection)XmlSerializer (detection, RCE)Released under agpl-3.0, see LICENSE for more informationDownload Freddy

Link: http://feedproxy.google.com/~r/PentestTools/~3/9_sH_VhkADw/freddy-automatically-identify.html

FTPBruter – A FTP Server Brute Forcing Tool

Brute forcing tool for FTP server. FTPBruter can work in any OS if they have and support Python 3.FeatureBrute force a FTP server with a username or a list of usernames (That’s all).Install and Run on LinuxYou have to install Python 3 first:Install Python 3 on Arch Linux and its distros: sudo pacman -S python3 Install Python 3 on Debian and its distros: sudo apt install python3 git clone https://github.com/GitHackTools/FTPBrutercd FTPBruterpython3 ftpbruter.pyInstall and Run on WindowsDownload and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.Download and run Git setup file from Git-scm.com and choose Use Git from Windows Command Propmt.After that, open PowerShell or Command Propmt and enter these commands:git clone https://github.com/GitHackTools/FTPBrutercd FTPBruterpython3 ftpbruter.pyIf you don’t want to install Git, you can download FTPBruter-master.zip, extract and use it.ScreenshotsContact to coderWebsite: GitHackTools.blogspot.comTwitter: @SecureGFTo-do listsCheck anonymous login.Auto-change proxy with brute force.Download FTPBruter

Link: http://feedproxy.google.com/~r/PentestTools/~3/hudxodR8GrU/ftpbruter-ftp-server-brute-forcing-tool.html

mongoBuster – Hunt Open MongoDB Instances

Hunt Open MongoDB instances!FeaturesWorlds fastest and most efficient scanner ( Uses Masscan ).Scans entire internet by default, So fire the tool and chill.Hyper efficient – Uses Go-routines which are even lighter than threads.Pre-Requisites -Go language ( sudo apt install golang )Masscan ( sudo apt install masscan )Tested on Ubuntu & Kali linuxHow to install and run -git clone https://github.com/yashpl/mongoBuster.gitcd mongoBustergo build mongobuster.go utils.gosudo ./mongobusterNote: Run it with sudo as Masscan requires sudo access.Flags – Flag Description –max-rate= (int) Defines maximum rate at which packets are generated and sent. Default is 100. –out-file= (string) Name of file to which vulnerable IPs will be exported. -v Display error msgs from non-vulnerable servers NOTE -Using ridiculous values for max-rate flag like 10000+ will most likely bring down your own network infrastructure.Recommended value is to start with –max-rate 500 for consumer Gigabit routers.Download mongoBuster

Link: http://www.kitploit.com/2019/04/mongobuster-hunt-open-mongodb-instances.html

EfiGuard – Disable PatchGuard And DSE At Boot Time

EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).FeaturesCurrently supports all EFI-compatible versions of Windows x64 ever released, from Vista SP1 to Server 2019. Easy to use: can be booted from a USB stick via a loader application that automatically finds and boots Windows. The driver can also be loaded and configured manually using either the UEFI shell or the loader. Makes extensive use of the Zydis disassembler library for fast runtime instruction decoding to support more robust analysis than what is possible with signature matching, which often requires changes with new OS updates. Works passively: the driver does not load or start the Windows boot manager. Instead it acts on a load of bootmgfw.efi by the firmware boot manager via the boot selection menu or an EFI application such as the loader. If a non-Windows OS is booted, the driver will automatically unload itself. Supports four-stage patching for when bootmgfw.efi starts bootmgr.efi rather than winload.efi. This is the case when a WIM file is loaded to boot WinPE, Windows Setup or Windows Recovery mode. Graceful recovery: in case of patch failure, the driver will display error information and prompt to continue booting or to reboot by pressing ESC. This is true even up to the final kernel patch stage, because the last patch stage happens before ExitBootServices is called. Many UEFI Windows bootkits hook OslArchTransferToKernel which, while easy to find by pattern matching, is a function that executes in protected mode after ExitBootServices. This means no boot services are available to tell the user that something went wrong. Simulated patch failure with error information Debuggable: can output messages to a kernel debugger and to the screen (albeit buffered) during the kernel patching stage, and to a serial port or unbuffered to the screen during the boot manager and boot loader patching stages. If the driver is compiled with PDB debug information, it is possible to load the debug symbols at any point after HAL initialization by specifying the virtual DXE driver base and debugging it as you would a regular NT driver. DSE bypasses: available as either a straightforward UPGDSED-style DSE disable at boot time or as a hook on the SetVariable() EFI runtime service. The latter serves as an arbitrary kernel mode read/write backdoor that can be called from Windows using NtSetSystemEnvironmentValueEx and allows setting g_CiEnabled/g_CiOptions to the desired value. A small DSEFix-style application named EfiDSEFix.exe is provided that can be used to do this. It is also possible to leave DSE enabled and to disable only PatchGuard. The loader will use the SetVariable hook method by default, due to the fact that some anti-cheat and anti-virus programs do not understand the difference between cheats or malware and self-signed drivers in general and target the UPGDSED fix. Supports on-disk modified kernels and boot loaders by patching ImgpValidateImageHash at every stage as well as ImgpFilterValidationFailure, which may silently rat out some classes of violations to a TPM or the SI log file. Allows Secure Boot to work with Windows 7 (not a joke!). Windows 7 itself is oblivious to Secure Boot as it does not support it, or (officially) even booting without CSM. This is useful for people who want to use Windows 7 on a locked down device that requires WHQL Secure Boot. Wiki entry on how to get this to work here.  WinObjEx64 on Windows 7 with Secure Boot enabled Issues and limitationsEfiGuard can not disable Hypervisor-enforced Code Integrity (HVCI or HyperGuard) due to HVCI running at a greater privilege level. EfiGuard can coexist with HVCI and even successfully disables PatchGuard in the normal kernel, but this is not useful in practice because HVCI will catch what PatchGuard did previously. Both types of DSE bypass are rendered useless by HVCI: the boot time patch has no effect because the kernel defers to the secure kernel for integrity checks, and the SetVariable hook will cause a SECURE_KERNEL_ERROR bugcheck if it is used to write to g_CiOptions.Checked kernels are not supported due to the differences in PatchGuard and DSE initialization code caused by disabled optimizations and added asserts, as well as additional changes to PatchGuard in checked kernels. This should not be an issue as checked kernels are not generally useful without a kernel debugger attached, which disables PatchGuard.The loader application is currently not directly bootable on some PCs (e.g. Dell XPS). In this case the UEFI shell can be used as a fallback (see below).How to useThere are two ways to use EfiGuard: booting the loader (easiest), or using the UEFI shell to load the driver.Booting the loaderDownload or compile EfiGuard, go to EFI/Boot and rename one of Loader.efi or Loader.config.efi to bootx64.efi. The two are identical, except Loader.efi boots without user interaction whereas Loader.config.efi will prompt you to configure the DSE patch method used by the driver (if you want to change this).Place the files on a boot drive such as a USB stick (for physical machines) or an ISO/virtual disk (for VMs). The paths should be /EFI/Boot/{bootx64|EfiGuardDxe}.efi. It is recommended to use FAT32 formatted USB sticks.Boot the machine from the new drive instead of booting Windows. Most firmwares provide a boot menu to do this (accessible via F10/F11/F12). If not, you will need to configure the BIOS to boot from the new drive.If you are using the default loader, Windows should now boot, and you should see EfiGuard messages during boot. If you are using the configurable loader, answer the configuration prompts and Windows will boot.If you booted with the SetVariable hook (the default), run EfiDSEFix.exe -d from a command prompt after boot to disable DSE. Run EfiDSEFix.exe to see the full list of options.Using the UEFI shell to load the driverFollow the steps 1 and 2 as above, but do not rename the loader to bootx64.efi. Instead, either use the BIOS-provided shell (if you have one), or download the EDK2 UEFI Shell and rename it to bootx64.efi.Boot the machine to the UEFI shell.cd to /EFI/Boot on the correct filesystem and run load EfiGuardDxe.efi to load the driver.(Optional) Run either Loader.efi or Loader.config.efi from the same directory to boot Windows. You can also continue working in the shell, or exit to go back to the BIOS/boot menu and boot from there.After boot, apply the DSE fix as above if applicable.CompilationCompiling EfiGuardDxe and the loaderEfiGuard requires EDK2 to build. If you don’t have EDK2 installed, follow the steps in Getting Started with EDK2 first as the EDK2 build system is fairly complex to set up. This section assumes you have a workspace directory that your WORKSPACE environment variable points to, with a copy of EDK2 checked out in workspace/edk2. Supported compilers are MSVC, Clang, GCC and ICL.Clone the EfiGuard repository into workspace/edk2/EfiGuardPkg.Open a prompt or shell that sets up the environment variables for EDK2.Run build -a X64 -t VS2017 -p EfiGuardPkg/EfiGuardPkg.dsc -b RELEASE, substituting your toolchain for VS2017.This will produce EfiGuardDxe.efi and Loader.efi in workspace/Build/EfiGuard/RELEASE_VS2017/X64. To build the interactively configurable loader, append -D CONFIGURE_DRIVER=1 to the build command.Compiling EfiDSEFixEfiDSEFix requires Visual Studio to build.Open EfiGuard.sln and build the solution.The output binary EfiDSEFix.exe will be in Application/EfiDSEFix/bin.The Visual Studio solution also includes projects for EfiGuardDxe.efi and Loader.efi which can be used with VisualUefi, but these projects are not built by default as they will not link without additional code, and the build output will be inferior (bigger) than what EDK2 produces. Loader.efi will not link at all due to VisualUefi missing UefiBootManagerLib. These project files are thus meant as a development aid only and the EFI files should still be compiled with EDK2. To set up VisualUefi for this purpose, clone the repository into workspace/VisualUefi and open EfiGuard.sln.Architecture While EfiGuard is a UEFI bootkit, it did not start out as one. EfiGuard was originally an on-disk patcher running on NT (similar to UPGDSED), intended to test the viability of a disassembler-based aproach, as opposed to using PDB symbols and version-specific signatures. PatchNtoskrnl.c still looks very much like this original design. Only after this approach proved successful, with no modifications to code needed in over a year of Windows updates, did UEFI come into the picture as a way to further improve capabilities and ease of use.Some of the benefits provided by a bootkit approach include:No on-disk modifications to kernels or bootloaders needed.No need to modify the boot configuration store using bcdedit.No need to patch ImgpValidateImageHash (although this is still optionally done).Ironically, the use of a bootkit allows enabling Secure Boot, provided you own the Platform Key and are able to add your personal certificate to the db store.The initial incarnation of EfiGuard as a bootkit was an attempt to get dude719’s UEFI-Bootkit to work with recent versions of Windows 10, because it had become dated and no longer works on the latest versions (like UPGDSED, often caused by version-sensitive pattern scans). While I did eventually get this to work, I was unsatisfied with the result mostly due to the choice of hooking OslArchTransferToKernel, which as noted above executes in protected mode and after ExitBootServices has been called. Apart from this, I was not satisfied with only being able to patch some versions of Windows 10; I wanted the bootkit to work on every EFI-compatible version of Windows x64 released to date. Because of this, I rewrote the bootkit from scratch with the following aims:To provide patch information at every stage of boot including the kernel patch itself.To increase the number of supported EFI-compatible Windows versions to “all" (at the time of writing).To enable lazy instantiation of the bootkit and optionally a kernel backdoor, achieved by EFI System Table hooks.A big picture overview of the final EfiGuard boot flow is shown in the diagram above. For the individual component-specific hooks and patches, see EfiGuardDxe/PatchXxx.c in the source files. For driver initialization/unloading and the EFI Boot and Runtime Services hooks, see EfiGuardDxe.c.CreditsUPGDSED by hfiref0x and FyyreZydis by zyantificUninformed articles on PatchGuard v1, v2 and v3 by SkywingUEFI-Bootkit by dude719ReactOSDownload EfiGuard

Link: http://feedproxy.google.com/~r/PentestTools/~3/Er2ka-d-TW4/efiguard-disable-patchguard-and-dse-at.html

9 Best Free Screen Recorder or Screencasting Tools 2019

If you want to record your computer’s activity, you need some screencasting or screen recorder tools. Screen recording is useful when you need to create some software video tutorials on your computer. Some tutorials can be made easily with screenshots but sometimes you need videos to express ourselves better. Recording videos and then video editing […]
The post 9 Best Free Screen Recorder or Screencasting Tools 2019 appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/t4noSu7h1_I/best-screen-recording-tools.html

SilkETW – Flexible C# Wrapper For ETW (Event Tracing for Windows)

SilkETW is a flexible C# wrapper for ETW, it is meant to abstract away the complexities of ETW and give people a simple interface to perform research and introspection. While SilkETW has obvious defensive (and offensive) applications it is primarily a research tool in it’s current state.For easy consumption, output data is serialized to JSON. The JSON data can either be analyzed locally using PowerShell or shipped off to 3rd party infrastructure such as Elasticsearch.Implementation DetailsLibrariesSilkETW is buit on .Net v4.5 and uses a number of 3rd party libraries, as shown below. Please see LICENSE-3RD-PARTY for further details.ModuleId Version LicenseUrl ——– ——- ———- McMaster.Extensions.CommandLineUtils 2.3.2 https://licenses.nuget.org/Apache-2.0 Microsoft.Diagnostics.Tracing.TraceEvent 2.0.36 https://github.com/Microsoft/perfview/blob/master/LICENSE.TXTNewtonsoft.Json 12.0.1 https://licenses.nuget.org/MIT System.ValueTuple 4.4.0 https://github.com/dotnet/corefx/blob/master/LICENSE.TXT YaraSharp 1.3.1 https://github.com/stellarbear/YaraSharp/blob/master/LICENSECommand Line OptionsCommand line usage is fairly straight forward and user input is validated in the execution prologue. See the image below for further details.JSON Output StructureThe JSON output, prior to serialization, is formatted according to the following C# struct.public struct EventRecordStruct{ public Guid ProviderGuid; public List YaraMatch; public string ProviderName; public string EventName; public TraceEventOpcode Opcode; public string OpcodeName; public DateTime TimeStamp; public int ThreadID; public int ProcessID; public string ProcessName; public int PointerSize; public int EventDataLength; public Hashtable XmlEventData;}Note that, depending on the provider and the event type, you will have variable data in the XmlEventData hash table. Sample JSON output can be seen below for “Microsoft-Windows-Kernel-Process" -> "ThreadStop/Stop".{ "ProviderGuid":"22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716", "YaraMatch":[ ], "ProviderName":"Microsoft-Windows-Kernel-Process", "EventName":"ThreadStop/Stop", "Opcode":2, "OpcodeName":"Stop", "TimeStamp":"2019-03-03T17:58:14.2862348+00:00", "ThreadID":11996, "ProcessID":8416, "ProcessName":"", "PointerSize":8, "EventDataLength":76, "XmlEventData":{ "FormattedMessage":"Thread 11,996 (in Process 8,416) stopped. ", "StartAddr":"0x7fffe299a110", "ThreadID":"11,996", "UserStackLimit":"0x3d632000", "StackLimit":"0xfffff38632d39000", "MSec":"560.5709", "TebBase":"0x91c000", "CycleTime":"4,266,270", "ProcessID":"8,416", "PID":"8416", "StackBase":"0xfffff38632d40000", "SubProcessTag":"0", "TID":"11996", "ProviderName":"Microsoft-Windows-Kern el-Process", "PName":"", "UserStackBase":"0x3d640000", "EventName":"ThreadStop/Stop", "Win32StartAddr":"0x7fffe299a110" }}UsageFilter data in PowerShellYou can import JSON output from SilkETW in PowerShell using the following simple function.function Get-SilkData { param($Path) $JSONObject = @() Get-Content $Path | ForEach-Object { $JSONObject += $_ | ConvertFrom-Json } $JSONObject}In the example below we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with the following command.SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.jsonWith data in hand it is easy to sort, grep and filter for the properties we are interested in.YaraSilkETW includes Yara functionality to filter or tag event data. Again, this has obvious defensive capabilities but it can just as easily be used to augment your ETW research.In this example we will use the following Yara rule to detect Seatbelt execution in memory through Cobalt Strike’s execute-assembly.rule Seatbelt_GetTokenInformation{ strings: $s1 = "ManagedInteropMethodName=GetTokenInformation" ascii wide nocase $s2 = "TOKEN_INFORMATION_CLASS" ascii wide nocase $s3 = /bool\(native int,valuetype \w+\.\w+\/\w+,native int,int32,int32&/ $s4 = "locals (int32,int64,int64,int64,int64,int32& pinned,bool,int32)" ascii wide nocase condition: all of ($s*)}We can start collecting .Net ETW data with the following command. The "-yo" option here indicates that we should only write Yara matches to disk!SilkETW.exe -t user -pn Microsoft-Windows-DotNETRuntime -uk 0x2038 -l verbose -y C:\Users\b33f\Desktop\yara -yo matches -ot file -p C:\Users\b33f\Desktop\yara.jsonWe can see at runtime that our Yara rule was hit.Note also that we are only capturing a subset of the "Microsoft-Windows-DotNETRuntime" events (0x2038), specifically: JitKeyword, InteropKeyword, LoaderKeyword and NGenKeyword.ChangelogFor details on version specific changes, please refer to the Changelog.Download SilkETW

Link: http://feedproxy.google.com/~r/PentestTools/~3/BJmvoNfqSg4/silketw-flexible-c-wrapper-for-etw.html

Pepe – Collect Information About Email Addresses From Pastebin

Collect information about leaked email addresses from PastebinAboutScript parses Pastebin email:password dumps and gather information about each email address. It supports Google, Trumail, Pipl, FullContact and HaveIBeenPwned. Moreover, it allows you to send an informational mail to person about his leaked password, at the end every information lands in Elasticsearch for further exploration.It supports only one format – email:password.Everything else will not work!For now, notification works when it finds match on FullContact and next sends you email address and associated social media accounts.Requirements:Python 3FullContact API https://www.fullcontact.com/developer/GooglePipl API https://pipl.com/api/HaveIBeenPwnedSafePush (for notification – optional – In progress) https://www.pushsafer.com/Trumail https://trumail.io/Gmail account (sending emails)Elasticsearch (optional)pip install -r requirementsConfig{“domains": { #domains to whitelist or blacklist "whitelist": [""], "blacklist": ["yahoo.com"]},"keys": { #API KEYS "pushsafer": "API_KEY", "fullcontact": "API_KEY", "pipl": "API_KEY"},"gmail": { #GMAIL credentials and informational message that will be send "username": "your_username@gmail.com", "password": "password", "message": "Hey,\n\nI am a security researcher and I want to inform you that your password !PASSWORD! has been leaked and you should change it immediately.\nThis email is part of the research, you can find more about it on https://medium.com/@wojciech\n\nStay safe!"},"elasticsearch": { #ElasticSearch connection info "host": "127.0.0.1", "port": 9200}}Usageroot@kali:~/PycharmProjects/pepe# python pepe.py -husage: pepe.py [-h] [–file FILE] [–stream] [–interactive] [–modules MODULES [MODULES …]] [–elasticsearch] [–whitelist] [–blacklist] ,=. ,=””==.__.=" o".___ ,=.==" ___/ ,==.," , , \,==="" < ,==) "'"=._.==) `=='' `" ` clover/snark^ http://ascii.co.uk/art/platypus Post Exploitation Pastebin Emails github.com/woj-ciech medium.com/@woj_ciech Example: python pepe.py --file <dump.txt> –interactive –whitelist python pepe.py –file <dump.txt> –modules hibp google trumail –elasticsearch –blacklistoptional arguments: -h, –help show this help message and exit –file FILE Load file –stream Stream Pastebin –interactive Interactive mode –modules MODULES [MODULES …] Modules to check in non-interactive mode –elasticsearch Output to ElasticSearch –whitelist Whitelist –blacklist BlacklistExampleInteractive mode, each email is checked individually and specific module is executed.root@kali:~/PycharmProjects/pepe# python pepe.py –file paste.txt –interactive –blacklist———————–Found email [REDACTED]@hotmail.com with password [REDACTED]———————–[A] Add domain hotmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> G—Google Search—http://[REDACTED]http://[REDACTED]http://[REDACTED][A] Add domain gmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> N———————–Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]———————–[A] Add domain gmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> F—FullContact—[REDACTED] [REDACTED]< br/>https://twitter.com/[REDACTED]https://facebook.com/[REDACTED]https:/linkedin.com/[REDACTED][A] Add domain gmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> P—Pipl—Name: [REDACTED][REDACTED] years oldJobs:Quality Control [REDACTED] (since 2018)[REDACTED] Review [REDACTED] (2017-2018)[REDACTED] Attorney [REDACTED] (2017-2018)[REDACTED] Attorney at [REDACTED] (2017-2017)…[REDACTED] (2012-2012)[REDACTED] Assistant at [REDACTED] (2012-2012)Author/Founder at [REDACTED] (2009-2011)https://www.linkedin.com/in/[REDACTED]http://www.facebook.com/people/[REDACTED]http://twitter.com/[REDACTED]http://pinterest.com/[REDACTED]https://plus.google.com/[REDACTED]…[REDACTED]Non-interactive mode, when only choosen modules are executed against email addressess.root@kali:~/PycharmProjects/# python pepe.py –file pastetest.txt –blacklist –modules hibp google fullcontact trumail –elasticsearch———————–Found email [REDACTED]@hotmail.com with password [REDACTED]————————–Google Search—https://pastebin.com/[REDACTED]—Have I Been Pwned—LinkedIn—FullContact—No results—Trumail—Email test passed———————–Found email charlie.[REDACTED]@live.com with password [REDACTED]————————–Google Search—https://justpaste.it/[REDACTED]https://pastebin.com/[REDACTED]—Have I Been Pwned—MyHeritageRiverCityMediaTumblrYouveBeenScraped—FullContact—Charlie [REDACTED]https://twitter.com/[REDACTED][REDACTED]—Trumail—Email test passed———————–Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]———————– —Google Search—http://[REDACTED]http://[REDACTED]http://[REDACTED]https://pastebin.com/[REDACTED]—Have I Been Pwned—BTSecExactisHauteLookHouzzLinkedIn—FullContact—[REDACTED] [REDACTED]https://www.facebook.com/[REDACTED][REDACTED]—Trumail—Email test passed———————–Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]————————–Google Search—https://[REDACTED]https://[REDACTED]https://[REDACTED]https://pastebin.com/[REDACTED]—Have I Been Pwned—LastfmLinkedInMySpaceTrillianTumblr—FullContact—[REDACTED] [REDACTED] [REDACTED].https://www.facebook.com/[REDACTED]https://plus.google.com/[REDACTED]https://www.linkedin.com/in/[REDACTED]http://www.pinterest.com/[REDACTED]https://twitter.com/[REDACTED]https://youtube.com/user/[REDACTED][REDACTE D]ScreensDownload Pepe

Link: http://www.kitploit.com/2019/04/pepe-collect-information-about-email.html

W12Scan – A Simple Asset Discovery Engine For Cybersecurity

ChineseW12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use.Here is a web source program, but the scanning end is at w12scan-clientThinkingBased on python3 + django + elasticsearch + redis and use the web restful api to add scan targets.FeatureWebPowerful search syntaxSearch for cms, service, titles, country regions, etc., to quickly find relevant targets.title=“abc” # Search from the titleheader=“abc” # Search from http headerbody=“123” # Search from body texturl = “*.baidu.com” # Search for subdomains of baidu.comip = ‘1.1.1.1’ # Search from IP,support ‘192.168.1.0/24’ and ‘192.168.1.*’port = ‘80’ # Search form portapp = ’nginx’ # Search applicationcountry = ‘cn’ # Search from countryservice = ‘mysql’ # Search from servicebug = ‘xx’ # Search from VulnerabilityCustom assertBy customizing a company-related domain name or ip asset, w12scan will automatically help you find the corresponding asset target. When you browse the target, there is a prominent logo to remind you of the target’s ownership.Automatic associationEnter the target details. If the target is ip, all domain names on the ip and all domain names on the c class will be automatically associated. If the target is a domain name, the adjacent station, segment c and subdomain are automatically associated.Multi-node managementWEB will check the status of the node every few minutes, you can see the number of node scans and the node scan log.Task restfulProvides an interface to add tasks, you can add it on the WEB side or integrate it in any software.Scanning endPocCall the latest poc script online via airbugBuilt-in scan scriptCommon vulnerability verification service built into the scanner.ScanningUse masscan,nmap,wappalyzer,w11scanEasy to distributeThis is taken into account in the design of the program architecture. It is very easy to distribute and run the scan terminal directly on another machine. It also can be distributed based on docker, celery service.InstallationQuickly build an environment with dockergit clone https://github.com/boy-hack/w12scancd w12scandocker-compose up -dWait a while to visit http://127.0.0.1:8000Telegram GroupTelegram Group:https://t.me/joinchat/MZ16xA9dfmJCYm4kbv15nADownload W12Scan

Link: http://www.kitploit.com/2019/04/w12scan-simple-asset-discovery-engine.html