Category: NEW TOOLS

TUTORIALS

Earn Bitcoins just by surfing Online !

December 10, 2018 December 10, 2018by D4RkN

Use CryptoTab as your default browser to maximize your revenue Mining speed increases when your browser is active. Use CryptoTab browser for your everyday activities, visit your favorite sites, watch movies online, and take advantage of maximum mining power. Browser with built-in mining CryptoTab Browser includes built-in mining algorithm that allows using your computer resources more effectively than in extension format. It boosts your mining speed up to 8 times and increases BTC earnings. Enhance your browser with over 150 thousand extensions Set up…

TUTORIALS

Cerberus Linux v1 Subsystem for Windows 10!

November 24, 2018 December 9, 2018by D4RkN

Cerberus Linux subsystem is Linux to run on top windows! like the picture bellow^^^ Cerberus linux v1 tools and extras : 15 new Cerberus Frameworks : Metapackages , containers with custom scripts within! Exploits (to analyze): EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. ECHOWRECKER remote Samba 3.0.x Linux exploit. EASYBEE appears to be an MDaemon email server vulnerability EASYFUN EasyFun 2.2.0 Exploit for WDaemon…

Windows10

Black Window 10 v2

November 12, 2018 December 12, 2018by D4RkN

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Debian

Cerberus Linux v3

September 25, 2018 December 12, 2018by D4RkN

Cerberus Linux v3 Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

CRS ⁄ Distributed ⁄ Mac ⁄ ModSecurity ⁄ NEW TOOLS ⁄ OWASP ModSecurity

CRS – OWASP ModSecurity Core Rule Set

December 6, 2018by Black Hat Sec

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.The Core Rule Set provides protection against many common attack categories, including:SQL Injection (SQLi)Cross Site Scripting (XSS)Local File Inclusion (LFI)Remote File Inclusion (RFI)Remote Code Execution (RCE)PHP Code InjectionHTTP Protocol Violations HTTPoxyShellshockSession FixationScanner DetectionMetadata/Error LeakagesProject Honey Pot…

GCP ⁄ GCP Cloud Functions ⁄ GCP Hardening ⁄ GCP Security ⁄ Hardening ⁄ Hayat ⁄ MySQL ⁄ MySQL DataBase ⁄ NEW TOOLS ⁄ Node ⁄ RDP ⁄ Scan ⁄ SSH

Hayat – Auditing & Hardening Script For Google Cloud Platform

December 5, 2018by Black Hat Sec

Hayat is a auditing & hardening script for Google Cloud Platform services such as:Identity & Access ManagementNetworkingVirtual MachinesStorageCloud SQL InstancesKubernetes Clustersfor now.Identity & Access ManagementEnsure that corporate login credentials are used instead of Gmail accounts.Ensure that there are only GCP-managed service account keys for each service account.Ensure that ServiceAccount has no Admin privileges.Ensure that IAM users are not assigned Service Account User role at project level.NetworkingEnsure the default network does not exist in a project.Ensure legacy networks does not exists for a project.Ensure that…

Antivirus Evasion ⁄ Kali ⁄ NEW TOOLS ⁄ Ruby ⁄ Veil ⁄ Veil-Evasion

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

December 5, 2018by Black Hat Sec

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali's Quick Installapt -y install veil/usr/share/veil/config/setup.sh --force --silentGit's Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before…

AES Encryption ⁄ CBC AES Encryption ⁄ Cryptography ⁄ Decryption ⁄ NEW TOOLS ⁄ Pycryptodome ⁄ Secret Keeper

Secret Keeper – Python Script To Encrypt & Decrypt Files With A Given Key

December 4, 2018by Black Hat Sec

Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard (AES). CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. FeaturesSecret Keeper has the ability to generate a random encryption key base on the user input.Secret Keeper can successfully encrypt and decrypt .txt and .docx file types.How to Install and Run in Linux[1] Enter the following command in the terminal to download it.git clone [2] After…

Exploiting Vulnerabilities ⁄ Fiddler ⁄ Fiddler Extension ⁄ Fiddler2 ⁄ NEW TOOLS ⁄ Pentest Tool ⁄ PENTOL ⁄ Security Tools ⁄ Tools

PENTOL – Pentester Toolkit For Fiddler2

December 3, 2018by Black Hat Sec

PENTOL - Pentester Toolkit is built as a plugin for the Fiddler HTTP debugging proxy.FeaturesCORS DETECTED Cross-Origin Resource SharingCRLF DETECTED HTTP response splittingHeaders DETECTED (X-Frame-Options)USAGEInstall Fiddler2Open Fiddler2Press Key CTRL + R or Rules > Customize Rules...Copy all script SampleRules.jsPress Key CTRL + S for SaveCheck tools in Rules TABCreditsThanks to allahEka Syahwan (Creator) bugrecon / H1 / bugcrowdEdo Maland (Powerstager) Wilder admin in : modifications, changes, or changes to this code can be accepted, however, every public release that uses this code must…

Binary Analysis ⁄ Binary Translation ⁄ Instruction Semantics ⁄ NEW TOOLS ⁄ Program Analysis ⁄ Reverse Engineering ⁄ Symbolic Execution ⁄ Taint Analysis ⁄ x86

Triton – Dynamic Binary Analysis (DBA) Framework

December 3, 2018by Black Hat Sec

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings.Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open…

GTRS ⁄ Mac ⁄ NEW TOOLS ⁄ Reverse Shell

GTRS – Google Translator Reverse Shell

December 2, 2018by Black Hat Sec

This tools uses Google Translator as a proxy to send arbitrary commands to an infected machine.[INFECTED MACHINE] ==HTTPS==> [GOOGLE TRANSLATE] ==HTTP==> [C2] Environment ConfigurationFirst you need a VPS and a domain, for the domain you can get a free one on Freenom. With your VPS and domain, just edit the client script, and set your domain on line 5.UsageStart the server.py on your VPSpython2.7 server.pyExecute the client on a computer with access to Google Translator.bash client.shNow you have an interactive shell using named pipe…

Archive.org ⁄ Domain Hunter ⁄ Expired Domains ⁄ HTML Report ⁄ Malware Domain List ⁄ NEW TOOLS ⁄ Red Team

Domain Hunter – Checks Expired Domains For Categorization/Reputation And Archive.org History To Determine Good Candidates For Phishing And C2 Domain Names

December 2, 2018by Black Hat Sec

Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally…

Digger ⁄ DNS lookup ⁄ HTTP Header Check ⁄ Information Gathering ⁄ IP Location Lookup ⁄ NEW TOOLS ⁄ Online Traceroute ⁄ Port Scan ⁄ Python Script ⁄ reverse DNS lookup ⁄ Whois Lookup

Digger – Tool Which Can Do A Lot Of Basic Tasks Related To Information Gathering

December 1, 2018by Black Hat Sec

Digger is a multi-functional tool written in python for all of your primary data gathering wants. It makes use of APIs to assemble all the data so your id just isn’t uncovered. FeaturesWhois LookupOnline TracerouteDNS LookupReverse DNS LookupIP Location LookupPort ScanHTTP Header CheckHow to Install and Run in Linux[1] Enter the following command in the terminal to download it.git clone [2] After downloading the program, enter the following command to navigate to the Digger directory and listing the contentscd Digger && ls[3] Install dependenciespip3 install…