Month: August 2019


B-XSSRF – Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.SETUPUpload the files to your server.Create a Database and upload database.sql file to it.Change the DB Credentials in db.php file.Ready.USAGEBLIND XSS<embed src=""><script src="">BLIND XXE<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % ext SYSTEM ""> %ext;]><r></r>SSRFGET /testssrf.php= CREDENTIALSUSER : admin@test.comPASS : 123456Download B-XSSRF

NEW TOOLSScanPrivilege EscalationSecurity AuditWindows Privilege Escalation0xsp-MongooseLinux Privilege Escalation

0xsp Mongoose v1.7 – Linux/Windows Privilege Escalation intelligent Enumeration Toolkit

Using 0xsp mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API.user will be able to scan different Linux / windows Operation systems at the same time with high performance, without spending time looking inside the terminal or text file for what is found, mongoose shortens this way by allowing you to send this information directly into web application friendly interface through easy…

NEW TOOLSMacConstellationData Visualisation

Constellation – A Graph-Focused Data Visualisation And Interactive Analysis Application

Constellation is a graph-focused data visualisation and interactive analysis application enabling data access, federation and manipulation capabilities across large and complex data sets.Vision StatementConstellation is a first class, domain agnostic data visualisation and analysis application enabling the user to solve large and complex data problems in a simple and intuitive way.Users: data analysts, data scientists, and all people interested in graph data analysis.Data analysis domains: graph datasets with rich feature data e.g. social networks, network infrastructure, chemical composition, etc.PrerequisitesConstellation requires at least Open JDK…


Anteater – CI/CD Security Gate Check Framework

Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of nominated strings, filenames, binaries, deprecated functions, staging environment code/credentials etc. It’s main function is to block content based on regular expressions. Anything that can be specified with regular expression syntax, can be sniffed out by Anteater. You tell Anteater exactly what you don’t want to get merged, and anteater looks after the rest. How Anteater CI/CD Security Gate Check Framework Works If Anteater finds something, it exits with a non-zero…

NEW TOOLSHacking NewsAndroid ApplicationNEWScyber security newsCyber AttackMalware AttackMalware Campaignandroid appAndroid Appsandroid deviceandroid smartphonegoogle play storeAndroid app malwareandroid apps containing malwareAndroid devices vulnerableandroid malwareandroid malware dropperAndroid Phoneapps containing malwareMalware distributorplay storefake Android appfake appFake ApplicationGoogle Playhack android phoneAndroid RATMalware developer

Old Android App CamScanner With 100M Downloads Starts Delivering Malware

An old Android app stealthily targeted a Millions of Android users. As discovered by the researchers, CamScanner, an app that Old Android App CamScanner With 100M Downloads Starts Delivering Malware on Latest Hacking News.

NEW TOOLSWifiRaspberry PiNetHunterWPSAirodumpAireplay-ngHashcatch

Hashcatch – Capture Handshakes Of Nearby WiFi Networks Automatically

Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dogWritten by @SivaneshAshokPoC of hashcatch (running with a couple of WiFi networks within range)Setting up./setup.shEnter the interface that can be switched to monitor modeThe script will install the prerequisitesUsagesudo ./hashcatch.shThe script runs indefinitely until keyboard interruptIf you're targeting a wifi network, spend around 20 to 30…


Symfonos:4 Vulnhub Walkthrough

Hello, guys today we are going to take a new challenge Symfonos:4, which is a fourth lab of the series Symfonos. The credit for making this VM machine goes to “Zayotic” and it’s another boot2root challenge where we have to root the server and capture the flag to complete the challenge. You can download this VM here. Level: Intermediate Penetrating Methodology: Network Scanning Netdiscover Nmap Enumeration Browsing HTTP Service Directory Bruteforcing using dirb Exploitation SQL injection to bypass Login Form Using LFI to read…

NEW TOOLSpenetration testingC2 FrameworkNuages

Nuages – A Modular C2 Framework

Nuages is a modular C2 framework.Refer to the Wiki for documentation, do not hesitate to open issues for help, bug reports or feature requestsIntroductionNuages aims at being a C2 framework in which back end elements are open source, whilst implants and handlers must be developed ad hoc by users. As a result, it does not provide a way to generate implants, but an open source framework to develop and manage compatible implants that can leverage all the back end resources already developed.This design hopes…

Security FeedsMalware DescriptionsGoogle AndroidMobile MalwareRAT TrojanBrazil

Fully equipped Spying Android RAT from Brazil: BRATA

“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. It has been widespread since January 2019, primarily hosted in the Google Play store, but also found in alternative unofficial Android app stores. For the malware to function correctly, it requires at least Android Lollipop…