Month: June 2018

NEW TOOLSSSHCommand LineAutomate SSHFirecall

Firecall – Automate SSH Communication With Firewalls, Switches, Etc.

Automate SSH communication with firewalls, switches, etc.DescriptionThese scripts are designed to automate sending commands to a Cisco ASA firewall. The intended purpose here is to eliminate the need to manually log in to a firewall to make changes. This code can be run directly via command line or it can be incorporated into other scripts. These scripts were created with automation/orchestration in mind - if done securely, these scripts could ingest security intelligence data to automatically block malicious IPs based on certain criteria.ConfigurationRun bash…

TUTORIALSpenetration testing

3 Ways Extract Password Hashes from NTDS.dit

Hello friends!! Today we are going to discuss some forensic tool which is quite helpful in penetration testing to obtain NTLM password hashes from inside the host machine. As we know while penetration testing we get lots of stuff from inside the host machine and if you found some files like NTDS.dit and system hive then read this article to extract user information from those files. Impacket-secretsdump Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing…

NEW TOOLSSSHAkerBastion HostElk StackFreeipaJumpboxJumpserverSSH Gateway

Aker – SSH Bastion/Jump Host/Jumpserver

Aker is a security tool that helps you configure your own Linux ssh jump/bastion host. Named after an Egyptian mythology deity who guarded the borders, Aker would act as choke point through which all your sysadmins and support staff access Linux production servers. Aker SSH gateway includes a lot of security features that would help you manage and administer thousands of Linux servers at ease. For a detailed look check our WikiMotivationI couldn't find an open source tool similar to CryptoAuditor and fudo, such…


Hack The Blackmarket VM (CTF Challenge)

BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flags and one r00t flag. Each Flag leads to another Flag and flag format is flag {blahblah}. Download it from here. VM Difficulty Level: Beginner/Intermediate Penetrating Methodology Network Scanning (Nmap, netdiscover) Information gathering: Abusing web browser for the 1st flag Generate dictionary (Cewl) FTP brute-force (hydra) FTP login for the 2nd flag SQL injection for the 3rd flag Blackmarket login for the…

NEW TOOLSPHPLog CleanerLog Killer

Log Killer – Clear All Your Logs In (Linux/Windows) Servers

Log Killer is tool for [Linux/Windows] Servers. This tool will delete all your logs, just download the tool and run it on the server, if your server OS is Windows download the batch file but, if your server Linux then you should run the php script.ScreenShotsWindows (batch file): Linux :Video: Download Log-killer


Hack the Box: October Walkthrough

Hello friends!! Today we are going to solve another CTF challenge “October” which is available online for those who want to increase their skill in penetration testing and black box testing. October is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable labs as challenges from beginners to Expert level. Level: Expert Task: find user.txt and root.txt file on victim’s machine. Since these labs are online available therefore they have static IP and IP of sense…

NEW TOOLSMacrogueWepWPAEvil TwinThe Rogue ToolkitWireless Attack ToolkitWireless AuditingWPA2

The Rogue Toolkit – An Extensible Toolkit Aimed At Providing Penetration Testers An Easy-To-Use Platform To Deploy Access Points

The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil twin attacks against a variety of wireless network types.Rogue was originally forked from s0lst1c3's eaphammer project. The fundamental idea of the Rogue toolkit was to leverage the core concept of the eaphammer project in an alternative manner to allow for flexibility, integration…

NEW TOOLSMacSubdomain Discovery ToolSubdomain ScannerDiscoveryScrapingSubdomain TakeoverSubdomain BruteforcingSubdomain EnumerationSubdomain Brute

SubFinder – A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code…

NEW TOOLSPython3BotDiscordIdisagree

Idisagree – Control Remote Computers Using Discord Bot

Control remote computers using discord bot and python 3.[ ! ] If your target is a windows system, you may want to compile your payload. Do this with py2exe or pyinstaller.MAINTAINERSAlisson Moretto | Twitter: @A1S0N_ Github: @A1S0NPREREQUISITESPython 3.xpip3subprocess from python3Discord from python3TESTED ON Kali Linux - Rolling Edition Linux Mint - 18.3 Sylvia Ubuntu - 16.04.3 LTS MacOS High Sierra CLONEgit clone Idisagreesudo pip3 install -r requirements.txtpython3 Idisagree.pyVIDEODownload Idisagree