Category: NEW TOOLS

EKFiddle – A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

August 14, 2018by Black Hat Sec

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.InstallationDownload and install the latest version of Fiddlerhttps://www.telerik.com/fiddlerSpecial instructions for Linux and Mac here: C# scripting (Windows only)Launch Fiddler, and go to Tools -> OptionsIn the Scripting tab, change the default (JScript.NET) to C#.Change default text editor (optional)In the same Tools -> Options menu, click on the Tools tab.Windows: notepad.exe or notepad++.exeLinux: geditMac: /Applications/TextEdit.app or /Applications/TextWrangler.appClose FiddlerDownload or clone CustomRules.cs into the appropriate folder based on your…

Ant Task ⁄ DependencyCheck ⁄ Gradle Plugin ⁄ Jenkins Plugin ⁄ Maven Plugin ⁄ NEW TOOLS ⁄ OWASP DependencyCheck ⁄ Security Audit ⁄ Software Composition Analysis ⁄ Vulnerability Detection

DependencyCheck v3.3.1 – A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies

August 14, 2018by Black Hat Sec

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.Documentation and links to production binary releases can be found on the github pages. Additionally, more information about the architecture and ways to extend dependency-check can be found on the wiki.Current ReleasesJenkins PluginFor instructions…

CMS Bruteforce ⁄ CMS Detection ⁄ CMS Framework ⁄ CMSeeK ⁄ Drupal Bruteforce ⁄ Exploitation Framework ⁄ Joomla Bruteforce ⁄ Mac ⁄ NEW TOOLS ⁄ Web Scanner ⁄ Wordpress Bruteforce ⁄ Wordpress Scanner

CMSeeK v1.0.7 – CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 50 Other CMSs)

August 13, 2018by Black Hat Sec

What is a CMS?A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.Release History- Version 1.0.7 [07-08-2018]- Version 1.0.6 [23-07-2018]- Version 1.0.5 [19-07-2018]- Version 1.0.4 [17-07-2018]- Version 1.0.3 [06-07-2018]- Version 1.0.2 [06-07-2018]- Version 1.0.1 [19-06-2018]- Version 1.0.0 [15-06-2018]Changelog FileFunctions Of CMSeek:Basic CMS Detection of over 30 CMSDrupal version detectionAdvanced Wordpress ScansDetects VersionUser EnumerationPlugins EnumerationTheme EnumerationDetects Users (3 Detection Methods)Looks for Version Vulnerabilities and much…

Dictionary Attack ⁄ Exploitation Framework ⁄ Kali ⁄ NEW TOOLS ⁄ penetration testing ⁄ Python3 ⁄ Router Exploitation Framework ⁄ Routersploit Framework

RouterSploit v3.3.0 – Exploitation Framework For Embedded Devices

August 13, 2018by Black Hat Sec

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits - modules that take advantage of identified vulnerabilitiescreds - modules designed to test credentials against network servicesscanners - modules that check if a target is vulnerable to any exploitpayloads - modules that are responsible for generating payloads for various architectures and injection pointsgeneric - modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy - bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone routersploitpython3 -m pip…

Brute-force ⁄ GNU ⁄ Hash ⁄ Hash Cracker ⁄ Mac ⁄ NEW TOOLS ⁄ Password Cracker ⁄ Password Cracking ⁄ Password Recovery

Hashcat v4.2.1 – World’s Fastest and Most Advanced Password Recovery Utility

August 12, 2018by Black Hat Sec

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking. Installation Download the latest release and unpack it in the desired location. Please remember to use 7z x when unpacking the archive from the command line to ensure full file paths remain intact.GPU Driver requirements:AMD GPUs on Windows…

Command Line ⁄ CSV File ⁄ Mac ⁄ NEW TOOLS ⁄ Selenium ⁄ Social Mapper ⁄ Social Media

Social Mapper – A Social Media Enumeration & Correlation Tool

August 12, 2018by Black Hat Sec

A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin(Greenwolf)Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.Social Mapper has a variety of uses in the security industry, for…

Hardening ⁄ Mac ⁄ NEW TOOLS ⁄ System Auditing Tool ⁄ System Auditor ⁄ System Hardening ⁄ System/Network Manager ⁄ Vulnerability Scanner

Lynis 2.6.7 – Security Auditing Tool for Unix/Linux Systems

August 11, 2018by Black Hat Sec

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported…

Bash ⁄ Blind Bash ⁄ NEW TOOLS

Blind Bash – Obfuscate And Protect Your Bash Code

August 10, 2018by Black Hat Sec

You can use this tool to obfuscate your bash code. The obfuscation is the best way to hide important things in your code.This tool will give you blind & strong code , but everyone have knowledge in bash script can deobfuscate this code. So this obfuscation not %100 secure , don't let important things in your bash code just use this obfuscation for joking.For What ?The goal of this project is to make code hard to read by people with limited knowledge in BashFor…

DorkMe ⁄ Dorks ⁄ Kali ⁄ Kali Linux ⁄ NEW TOOLS ⁄ SQL ⁄ sql injection ⁄ Tool

DorkMe – Tool Designed With The Purpose Of Making Easier The Searching Of Vulnerabilities With Google Dorks

August 10, 2018by Black Hat Sec

DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.Dependencies pip install -r requirements.txtIt is highly recommended to add more dorks for an effective search, keep reading to see howUsagepython DorkMe.py --helpExamples:python DorkMe.py --url target.com --dorks vulns -v (recommended for test)python DorkMe.py --url target.com --dorks Deprecated,Info -v (multiple dorks)python…