Month: November 2018


Black Window 10 v2 (codename: Polemos)

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system and…


Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

AcunetixAcunetix OnlineAcunetix Online Vulnerability ScannerAcunetix Web Vulnerability ScannerNEW TOOLS

Acunetix Vulnerability Scanner Version For Linux

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost-effective and secure, Linux is the server operating system of choice for many large organizations including Facebook, Twitter, and Google. Acunetix is one of the first commercial, automated web vulnerability scanners to be released for Linux.“Following extensive customer research, it became clear to us that a number of customers and security community professionals preferred to run on Linux. Tech professionals have long chosen…


Hack the Box: Jerry Walkthrough

Hello CTF Crackers!! Today we are going to capture the flag on a Challenge named as “Jerry” which is available online for those who want to increase their skill in penetration testing and black box testing. Jerry is a retired vulnerable lab presented by ‘Hack the Box’ for making online penetration practices according to your experience level; they have the collection of vulnerable labs as challenges from beginners to expert level. Level: Easy Flags: There are two flags. (user.txt & root.txt) IP Address:…

Auditing SSHBrute-forceNEW TOOLSScanSSHSSH Auditorssh securitySSH server

SSH Auditor – The Best Way To Scan For Weak Ssh Passwords On Your Network

The Best Way To Scan For Weak Ssh Passwords On Your NetworkFeaturesssh-auditor will automatically:Re-check all known hosts as new credentials are added. It will only check the new credentials.Queue a full credential scan on any new host discovered.Queue a full credential scan on any known host whose ssh version or key fingerprint changes.Attempt command execution as well as attempt to tunnel a TCP connection.Re-check each credential using a per credential scan_interval - default 14 days.It's designed so that you can run ssh-auditor discover +…

Brute-forceFingerprintingHASSHNEW TOOLSSSHSSH ClientSSH HoneypotSSH server

HASSH – A Network Fingerprinting Standard Which Can Be Used To Identify Specific Client And Server SSH Implementations

"HASSH" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.What can HASSH help with:Use in highly controlled, well understood environments, where any fingerprints outside of a known good set are alertable.It is possible to detect, control and investigate brute force or Cred Stuffing password attempts at a higher level of granularity than IP Source - which may be impacted by…

Hacking Toolspenetration testingTUTORIALS

Comprehensive Guide on Cewl Tool

Hello Friends!! In this article we are focusing on Generating Wordlist using Kali Linux tool Cewl and learn more about its available options. Table of Content Introduction to Cewl Default Method Save Wordlist in a file Generating Wordlist of Specific Length Retrieving Emails from a Website Count the number of Word Repeated in a website Increase the Depth to Spider Extra Debug Information Verbose Mode Generating Alpha-Numeric Cewl with Digest/Basic Authentication Proxy URL Introduction to Cewl CeWL is a ruby app which spiders a…

AWSAWS SecurityBackdooringNEW TOOLSPacupenetration testingPython3ReportingRhinoWeb Services

Pacu – The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more.InstallationPacu is a fairly lightweight program, as it requires only Python3.5+ and pip3 to install a handful of Python libraries. Running…

GoNEW TOOLSPastebinPastego.Scraper

Pastego – Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

Scrape/Parse Pastebin using GO and grammar expression (PEG).Installation$ go get -u keywords are case sensitivepastego -s "password,keygen,PASSWORD"You can use boolean operators to reduce false positivepastego -s "quake && ~earthquake, password && ~(php || sudo || Linux || '<body>')"This command will search for bins with quake but not earthquake words and for bins with password but not php, sudo, Linux, <body> words.usage: pastego [<flags>]Flags: --help Show context-sensitive help (also try --help-long and --help-man). -s, --search="pass" Strings to search, i.e: "password,ssh" -o, --output="results" Folder to…

penetration testingTUTORIALS

Socks Proxy Penetration Lab Setup using Microsocks

Hello friends!! In our previous article we have disccuss “Web Proxy Penetration Lab Setup Testing using Squid” and today’s article we are going to setup SOCKS Proxy to use it as a Proxy Server on Ubuntu/Debian machines and will try to penetrate it. Table of Content Intoduction to proxy What is socks proxy Difference Between Socks proxy and HTTP Proxy Socks proxy Installation Web Proxy Penetration Testing SSH Proxy Penetration Testing FTP Proxy Penetration Testing Intoduction to Proxy A proxy is a computer system…

CensysCloudBunnyNEW TOOLSPentestPentest ToolsSearch EnginesShodanToolWAFZoomeye

CloudBunny – A Tool To Capture The Real IP Of The Server That Uses A WAF As A Proxy Or Protection

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection.How worksIn this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links:Shodan - - - : In Zoomeye you need to enter the login and password, it generates a dynamic api key and I already do this work for you. Just…