Category: JavaScript

NEW TOOLS

Fud 100% services packages ready for sales

February 6, 2019 February 6, 2019by D4RkN

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email cybersec@cybeseclabs.com then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!

Windows10

Black Window 10 v2

November 12, 2018 January 8, 2019by D4RkN

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Modlishka – An Open Source Phishing Tool With 2FA Authentication

February 3, 2019by Black Hat Sec

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).Enjoy :-)FeaturesSome of the most important 'Modlishka' features :Support for majority of 2FA authentication schemes (by design).No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically).Full control of "cross" origin TLS traffic flow from your victims browsers.Flexible and easily configurable phishing scenarios through configuration options.Pattern based JavaScript payload injection.Striping website from…

Browser Plugins ⁄ JavaScript ⁄ Security Feeds ⁄ Spoofing

Razy in search of cryptocurrency

January 24, 2019by Black Hat Sec

Last year, we discovered malware that installs a malicious browser extension on its victim’s computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the malicious program as Trojan.Win32.Razy.gen – an executable file that spreads via advertising blocks on websites and is distributed from free file-hosting services under the guise of legitimate software. Razy serves several purposes, mostly related to the theft of cryptocurrency. Its…

BeEF ⁄ Command Line ⁄ JavaScript ⁄ JS Shell ⁄ JSShell ⁄ Mac ⁄ NEW TOOLS ⁄ Remote Code Execution

JSShell – An Interactive Multi-User Web JS Shell

January 5, 2019by Black Hat Sec

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).Version 2.0 is created entirely from scratch, introducing new exciting features, stability and maintainability.AuthorDaniel Abeles.Shell VideoFeaturesMulti client supportCyclic DOM objects supportPre flight scriptsCommand Queue & ContextExtensible with PluginsInjectable via <script> tagsDumping command output to fileShell paginationInstallation & SetupConfig FileIn the…

Fuzzer ⁄ JavaScript ⁄ NEW TOOLS ⁄ Parameter ⁄ XSS ⁄ XSS Payloads ⁄ XSSFuzzer

XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

November 30, 2018by Black Hat Sec

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.Why?XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:Finding new XSS vectors, for any browserTesting XSS…

Code Analysis ⁄ Code Review ⁄ Command Line ⁄ JavaScript ⁄ Mac ⁄ NEW TOOLS ⁄ Node ⁄ Node Security ⁄ Node.js ⁄ NodeJS ⁄ NodeJsScan ⁄ Security Scanner ⁄ Static Analysis

NodeJsScan – A Static Security Code Scanner For Node.js Applications

November 22, 2018by Black Hat Sec

Static security code scanner (SAST) for Node.js applications.Configure & Run NodeJsScanInstall Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.pypip3 install -r requirements.txtpython3 migrate.py # Run once to create database entries requiredpython3 app.py # Testing Environmentgunicorn -b 0.0.0.0:9090 app:app # Production EnvironmentThis will run NodeJsScan on you need to debug, set DEBUG = True in core/settings.pyNodeJsScan CLIThe command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with…

Frida-Extract ⁄ JavaScript ⁄ NEW TOOLS ⁄ Packers ⁄ Sandbox

Frida-Extract – Frida.re Based RunPE (And MapViewOfSection) Extraction Tool

November 2, 2018by Black Hat Sec

FridaExtract is a Frida.re based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : )NOTE: Frida now also supports extraction of injected PE files using the "MapViewOfSection" technique best described here.Using FridaExtract you can automatically extract and reconstruct a PE file that has been injected using the RunPE method... and bypass these packers!Why Frida?There are tons of great tools that…

BFuzz ⁄ buffer overflow ⁄ Fuzz ⁄ Fuzzer ⁄ Fuzzing Framework ⁄ JavaScript ⁄ NEW TOOLS

BFuzz – Fuzzing Browsers (Chrome & Firefox)

November 1, 2018by Black Hat Sec

BFuzz is an input based fuzzer tool which take .html as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.Run BFuzzwarmachine@ftw:~/BFuzz$ ./generate.shwarmachine@ftw:~/BFuzz$ python BFuzz.py Enter the browser type: 1: Chrome 2: Firefox>>Running python BFuzz.py will ask for option weather to fuzz Chrome or Firefox, however if selected 2 this will open firefox firefox --new-instance and randomly open…

JavaScript ⁄ NEW TOOLS ⁄ Parameter ⁄ XSS ⁄ XSS Bruteforce ⁄ XSS Detection ⁄ XSS Exploit ⁄ XSS Payloads ⁄ XSS Python ⁄ XSS scanner

XSStrike v3.0 – Most Advanced XSS Detection Suite

October 28, 2018by Black Hat Sec

Why XSStrike?Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main FeaturesReflected and DOM XSS…

APT ⁄ APT reports ⁄ Featured ⁄ JavaScript ⁄ Macros ⁄ Malware Descriptions ⁄ Malware Technologies ⁄ MITM ⁄ Rootkits ⁄ Security Feeds ⁄ Turla

Shedding Skin – Turla’s Fresh Faces

October 4, 2018by Black Hat Sec

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, which brings an interesting mix of old code, new code, and new speculations as to where they will strike next and what they will shed. Much of our 2018 research focused on Turla’s KopiLuwak…