PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Burp

Windows10

Black Window 10 v2 (codename: Polemos)

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system and…

Debian

Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

AES DecryptionAES EncryptionBurpBurp AES-KillerBurp ExtensionsBurp PluginBurpsuite ExtenderBurpsuite ToolsDecryptorMacNEW TOOLS

AES-Killer v3.0 – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

Burpsuite Plugin to decrypt AES Encrypted traffic on the fly.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesThe IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption.How it worksRequire AES Encryption Key (Can be obtained by using frida script or reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by using frida script or…

AES DecryptionAES EncryptionAES-KillerBurpBurp ExtensionsBurp PluginBurpsuite ExtenderBurpsuite ToolsDecryptorNEW TOOLSParameter

AES-Killer – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesDecrypt AES Encrypted traffic on proxy tabDecrypt AES Encrypted traffic on proxy, scanner, repeater and intruderHow it worksRequire AES Encryption Key (Can be obtained by reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)Request Parameter (Leave blank in case of whole request body)Response Parameter (Leave blank in case of whole response body)Character Separated with space for obfuscation on request/responseURL/Host of target to filter…

BurpBurp APIBurp SuiteGurpNEW TOOLS

Gurp – Golang command-line interface to Burp Suite’s REST API

RequirementsBurpSuite Professional v2.0.0beta or greater from PortSwiggerDependenciesgo get -u -v github.com/fatih/colorgo get -u -v github.com/integrii/flaggygo get -u -v github.com/tidwall/gjsongo get -u -v github.com/grokify/html-strip-tags-goBinariesLatest version available here.Building# macOS binarymake darwin# Linux binarymake linux# Windows binarymake windows# Build releasesmake allUsage$ go run Gurp.go -hGurp - Interact with Burp API Flags: -h --help Displays help with available flag, subcommand, and positional value parameters. -t --target Burp Address. Default 127.0.0.1 -p --port Burp API Port. Default 1337 -U --username Username for an authenticated scan -P --password Password for…

BurpBurpcommanderCommand InjectionNEW TOOLSScan

Burpcommander – Ruby Command-Line Interface To Burp Suite’s REST API

Ruby command-line interface to Burp Suite's REST APIUsageburpcommander VERSION: 1.0.1 - UPDATED: 08/29/2018 -t, --target [IP Address] Defaults to 127.0.0.1 -p, --port [Port Number] Defaults to 1337 -k, --key [API Key] If you require an API key specify it here -i, --issue-type-id [String] String to search for. Example: "1048832" -n, --issue-name [String] String to search for. Example: "Command Injection" -D, --DESCRIPTION Returns the description of a requested issue -M, --METRICS Returns the scan_metrics for a given task_id -I, --ISSUES [Optional Number] Returns the issue_events…

AWSBurpCobalt StrikeEC2hideNsneakNEW TOOLS

hideNsneak – A CLI For Ephemeral Penetration Testing

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.Black Hat Arsenal Video Demo Video - provides a simple interface that allows penetration testers to build ephemeral infrastructure -- one that requires minimal overhead. hideNsneak can: deploy, destroy, and list Cloud instances via EC2 and Digital Ocean (Google Cloud, Azure, and Alibaba Cloud coming soon)API Gateway (AWS)Domain…

BurpBurp ExtensionDiscoverMacNEW TOOLSTelewreckWeb

Telewreck – A Burp Extension To Detect And Exploit Versions Of Telerik Web UI Vulnerable To CVE-2017-9248

A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. This extension is based on the original exploit tool written by Paul Taylor (@bao7uo) which is available at . Credits and big thanks to him.A related blog post on how to exploit web applications via Telerik Web UI can also be found here.FeaturesDetect vulnerable versions of Telerik Web UI during passive scans.Bruteforce the key and discover the "Document Manager" link just like the original exploit tool.ScreenshotsInstallationDownload telewreck.py to your…

BurpBurp SuiteCloudFlareDiscoverDiscoveryMacNEW TOOLSPython3RhinoSleuthQLSQLsql injection

SleuthQL – Burp History Parsing Tool To Discover Potential SQL Injection Points

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers (*) into each parameter where the SQL-esque variables were identified.Supported Request TypesSleuthQL requires an export of Burp's Proxy History. To gain this export, simply navigate to your proxy history tab, highlight every item and click "Save Items". Ensure that each request is saved using base64 encoding. When SleuthQL scans the proxy history file, outside of the regular URL parameters, it will be…

BurpBurp SuiteBurpBountyGREPMacNEW TOOLS

BurpBounty – A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. This Extension Requires Burp Suite Pro.- Usage:1. Config sectionProfile Manager: you can manage the profiles, enable, disable o remove any of them.Select Profile: you can choose…

BurpBurp SuiteBurpaCross-site ScriptingDevopsNEW TOOLSRobots.txtScanSecurity AutomationSecurity ScannerSecurity Toolsweb-security

Burpa – A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration.Requirementsburp-rest-apiBurp Suite ProfessionalslackclientUsage$ python burpa.py -h################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ###################################################usage: burpa.py [-h] [-a {scan,proxy-config,stop}] [-pP PROXY_PORT] [-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [-sR] [-sAT SLACK_API_TOKEN] [--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]] [--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]] proxy_urlpositional arguments: proxy_url Burp Proxy URLoptional arguments: -h, --help…