Month: September 2018

NEW TOOLSMacFuzzerKemon

Kemon – An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.What is Kemon?An open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of Kemon, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver firewall, etc. In general, from an attacker's perspective, this framework can help achieve more powerful Rootkit. From the perspective of defense, Kemon can help construct more granular monitoring capabilities. I also implemented a kernel fuzzer through this framework, which helped me find many vulnerabilities,…

NEW TOOLSScanRemote Code ExecutionShellsRATAntivirus EvasionSnifferAntiforensicsBYOBEmail SenderPortscannerWebcam Capture

BYOB – Build Your Own Botnet

BYOB (Build Your Own Botnet)Disclaimer: This project should be used for authorized testing or educational purposes only.BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats.It is designed to allow developers to easily implement their own code and add cool new features…

NEW TOOLSMacAircrack-ngAircrackWifi CrackerWireless Attack ToolkitWireless AuditingWiFi ScannerWifi Security Tool

Aircrack-ng 1.4 – Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security.It focuses on different areas of WiFi security:Monitoring: Packet capture and export of data to text files for further processing by third party tools.Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.Testing: Checking WiFi cards and driver capabilities (capture and injection).Cracking: WEP and WPA PSK (WPA 1 and 2).All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily…

NEW TOOLSJavaScriptNetcatXSSJShellXSS Shell

JShell – Get A JavaScript Shell With XSS

JShell - Get a JavaScript shell with XSS.UsagesRun shell.pyand JShell will automatically try to detect your IP address, default LPORT is 33.As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim.As soon as you do that, you will get a JS shell over netcat where you can execute your JavaScript code in victim's browser as soon as the injected page is open.Here's a screenshot:Credits, Disclaimer & LicenseThis script uses the…

NEW TOOLSPHPGeolocationAccuracyAltitudeLatitudeLongitudeSeekerSystem Information

Seeker v1.0.7 – Get Accurate Location using a Fake Website

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your loction just like many popular location based websites.Seeker Hosts a fake website on Apache Server and uses Ngrok, website asks for Location Permission and if the user allows it, we can get :LongitudeLatitudeAccuracyAltitude - Not always availableDirection - Only available if user is movingSpeed - Only available if user is movingAlong with Location Information we also get Device Information without any…


Put2Win – Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter

Script to automatize shell upload by PUT HTTP method to get meterpreter.DependenciesIt's necessary to have installed nmap and msfvenom tools for a correct operationInstallationgit clone -hThis script automatize shell upload by PUT HTTP method to get meterpreter.Usage: ./ -t TARGET [-p PORT] -u URL_PATH -l LHOSTExamples:./ -t -u /uploads -l -t -p 443 -u /uploads -l @devploitTwitter: Put2Win

NEW TOOLSMacMITMWifiVirtual MachineUDPConversationsUdp2raw-tunnel

Udp2raw-tunnel – A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls (or Unstable UDP Environment). Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer.Support PlatformsA Linux host (including desktop Linux, Android phone/tablet, OpenWRT router, or Raspberry PI) with root access.For Winodws/MacOS, a virtual image with udp2raw pre-installed has been released, you can load it with Vmware/VirtualBox.The virtual image has been set to auto obtain ip, udp2raw can be run immediately after boot finished(make sure network mode of…

NEW TOOLSRemote AccessSecurity AssessmentjavaTesting FrameworkDrozer

Drozer v2.4.4 – The Leading Security Assessment Framework For Android

drozer (formerly Mercury) is the leading security testing framework for Android.drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR's advanced exploitation payload) drozer is able to maximise the permissions…


Hack the Gemini inc:2 (CTF Challenge)

Hello Friends!! Today we are going to breach a new VM lab “Gemini inc:2” of the vulnhub series and before moving ahead you can also take a  look over Gemini inc:1 which we had solved earlier. Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege.…