Month: May 2018

NEW TOOLSReverse EngineeringApk filesReverse EngineerCommon VulnerabilitiesjavaReverseAPK

ReverseAPK – Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications.FEATURES:Displays all extracted files for easy referenceAutomatically decompile APK files to Java and Smali formatAnalyze AndroidManifest.xml for common vulnerabilities and behaviorStatic source code analysis for common vulnerabilities and behaviorDevice infoIntentsCommand executionSQLite referencesLogging referencesContent providersBroadcast recieversService referencesFile referencesCrypto referencesHardcoded secretsURL'sNetwork connectionsSSL referencesWebView referencesINSTALL:./installUSAGE:reverse-apk <apk_name>Download ReverseAPK

TUTORIALSpenetration testing

Linux Privilege Escalation Using PATH Variable

After solving several OSCP Challenges we decided to write the article on the various method used for Linux privilege escalation, that could be helpful for our readers in their penetration testing project. In this article, we will learn “various method to manipulate $PATH variable” to gain root access of a remote host machine and the techniques used by CTF challenges to generate $PATH vulnerability that lead to Privilege escalation. If you have solved CTF challenges for Post exploit then by reading this article you…

NEW TOOLSMacScanNmapDiscoverySniffingCrawlingNmap ScriptsFile SharingFileshareNetwork AnalysisSharesnifferSniffer

Sharesniffer – Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares.How to useExample to find all hosts in network and auto-mount at /mnt:python -l 4 --hosts -a -m /mntRequirementsPython 2.7 or 3.5Linux or macOSNmap in PATHNmap scripts (.nse) in PATH (on Linux/macOS they are usually in /usr/local/share/nmap/), if you don't have the ones required are also in the rootdir of sharesniffer.python-nmap…


Attackintel – Tool To Query The MITRE ATT&CK API For Tactics, Techniques, Mitigations, & Detection Methods For Specific Threat Groups

A simple python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups.GoalsQuickly align updated tactics, techniques, mitigation, and detection information from MITRE ATT&CK API for a specific threatBrush up on my python skills and get familiar with GIT while drinking coffeeHow ToUse one of two methods:If (python3 is installed):Download script from gitpython3 attackintel.pyElse:Cut & paste script from git into your favorite online python emulatorSelect a threat number from the menu to get tactics, techniques, mitigation,…

NEW TOOLSCrawlerAWSDiskoverDuplicate FilesElasticsearchFile IndexingFilesystem AnalysisFilesystem IndexerFilesystem VisualizationKibanaRedisSearch Engine

Diskover – File System Crawler, Storage Search Engine And Analytics Powered By Elasticsearch

diskover is an open source file system crawler and disk usage software that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files and system administrators are able to manage storage infrastructure, efficiently provision storage, monitor and report on storage use, and effectively make decisions about new infrastructure purchases.As the amount of file data generated by business' continues to expand, the stress on expensive storage infrastructure, users and system administrators, and…

NEW TOOLSGNUPassword GeneratorLama

Lama – Tool To Obtain A Custom Password Dictionary To A Particular Target

Lama, the application that does not mince words.DescriptionLama is a GNU Linux tool to generate a word list. The goal is to obtain a custom password dictionary to a particular target, whether physical or moral.It is therefore important that words in this list correspond to the target.Keep in mind that Lama generates a simple password list and not complex, the goal is to be fast and targeted rather than slow and exhaustive.CompilationInstallNote that the make install must be run as root, because the binary…

Kali LinuxNEW TOOLSKaliHacked EmailsHacked PasswordsHaveIBeenPwnedHaveIBeenPwned APIpwnedOrNotPython Script

pwnedOrNot – Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account.It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin DumpsThis script has been tested on Kali Linux 18.2 and Ubuntu 18.04.InstallationIt's a pure python script and relies on common python modules and does not need installation :osretimejsonrequestsUsagegit clone pwnedOrNot/python pwnedornot.pyFeatureshaveibeenpwned offers a lot of…

NEW TOOLSScanKaliMetasploit FrameworkCrawlingPenetration TestGyoiThonMachine LearningMetasploit Pro

GyoiThon – A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning.GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. GyoiThon executes the above processing automatically.Processing steps GyoiThon executes the above "Step1" - "Step4" fully automatically.User's only operation is to input the top URL of the target web server in GyoiThon.It is very easy!You can identify vulnerabilities of…

NEW TOOLSMacGenerate PayloadsPayload GeneratorTerminator

Terminator – Metasploit Payload Generator

Terminator Metasploit Payload Generator.Payload List :Binaries Payloads1) Android2) Windows3) Linux4) Mac OSScripting Payloads1) Python2) Perl3) BashWeb Payloads1) ASP2) JSP3) WarEncrypters1) APK Encrypter2) Python EncrypterThe author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law.Download Terminator