Category: JavaScript


Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

2FA AuthenticationCommand LineJavaScriptMITMModlishkaNEW TOOLSParameterTLS

Modlishka – An Open Source Phishing Tool With 2FA Authentication

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).Enjoy :-)FeaturesSome of the most important 'Modlishka' features :Support for majority of 2FA authentication schemes (by design).No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically).Full control of "cross" origin TLS traffic flow from your victims browsers.Flexible and easily configurable phishing scenarios through configuration options.Pattern based JavaScript payload injection.Striping website from…

Browser PluginsJavaScriptSecurity FeedsSpoofing

Razy in search of cryptocurrency

Last year, we discovered malware that installs a malicious browser extension on its victim’s computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the malicious program as Trojan.Win32.Razy.gen – an executable file that spreads via advertising blocks on websites and is distributed from free file-hosting services under the guise of legitimate software. Razy serves several purposes, mostly related to the theft of cryptocurrency. Its…

BeEFCommand LineJavaScriptJS ShellJSShellMacNEW TOOLSRemote Code Execution

JSShell – An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).Version 2.0 is created entirely from scratch, introducing new exciting features, stability and maintainability.AuthorDaniel Abeles.Shell VideoFeaturesMulti client supportCyclic DOM objects supportPre flight scriptsCommand Queue & ContextExtensible with PluginsInjectable via <script> tagsDumping command output to fileShell paginationInstallation & SetupConfig FileIn the…

FuzzerJavaScriptNEW TOOLSParameterXSSXSS PayloadsXSSFuzzer

XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.Why?XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:Finding new XSS vectors, for any browserTesting XSS…

Code AnalysisCode ReviewCommand LineJavaScriptMacNEW TOOLSNodeNode SecurityNode.jsNodeJSNodeJsScanSecurity ScannerStatic Analysis

NodeJsScan – A Static Security Code Scanner For Node.js Applications

Static security code scanner (SAST) for Node.js applications.Configure & Run NodeJsScanInstall Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.pypip3 install -r requirements.txtpython3 # Run once to create database entries requiredpython3 # Testing Environmentgunicorn -b app:app # Production EnvironmentThis will run NodeJsScan on you need to debug, set DEBUG = True in core/settings.pyNodeJsScan CLIThe command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with…

Frida-ExtractJavaScriptNEW TOOLSPackersSandbox

Frida-Extract – Based RunPE (And MapViewOfSection) Extraction Tool

FridaExtract is a based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : )NOTE: Frida now also supports extraction of injected PE files using the "MapViewOfSection" technique best described here.Using FridaExtract you can automatically extract and reconstruct a PE file that has been injected using the RunPE method... and bypass these packers!Why Frida?There are tons of great tools that…

BFuzzbuffer overflowFuzzFuzzerFuzzing FrameworkJavaScriptNEW TOOLS

BFuzz – Fuzzing Browsers (Chrome & Firefox)

BFuzz is an input based fuzzer tool which take .html as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.Run BFuzzwarmachine@ftw:~/BFuzz$ ./generate.shwarmachine@ftw:~/BFuzz$ python Enter the browser type: 1: Chrome 2: Firefox>>Running python will ask for option weather to fuzz Chrome or Firefox, however if selected 2 this will open firefox firefox --new-instance and randomly open…

JavaScriptNEW TOOLSParameterXSSXSS BruteforceXSS DetectionXSS ExploitXSS PayloadsXSS PythonXSS scanner

XSStrike v3.0 – Most Advanced XSS Detection Suite

Why XSStrike?Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main FeaturesReflected and DOM XSS…

APTAPT reportsFeaturedJavaScriptMacrosMalware DescriptionsMalware TechnologiesMITMRootkitsSecurity FeedsTurla

Shedding Skin – Turla’s Fresh Faces

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, which brings an interesting mix of old code, new code, and new speculations as to where they will strike next and what they will shed. Much of our 2018 research focused on Turla’s KopiLuwak…