Category: Parameter


Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

2FA AuthenticationCommand LineJavaScriptMITMModlishkaNEW TOOLSParameterTLS

Modlishka – An Open Source Phishing Tool With 2FA Authentication

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).Enjoy :-)FeaturesSome of the most important 'Modlishka' features :Support for majority of 2FA authentication schemes (by design).No website templates (just point Modlishka to the target domain - in most cases, it will be handled automatically).Full control of "cross" origin TLS traffic flow from your victims browsers.Flexible and easily configurable phishing scenarios through configuration options.Pattern based JavaScript payload injection.Striping website from…

FuzzerJavaScriptNEW TOOLSParameterXSSXSS PayloadsXSSFuzzer

XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.Why?XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:Finding new XSS vectors, for any browserTesting XSS…

BIOSCommand LineGNUMCExtractorMicrocode Extraction ToolNEW TOOLSParameterReportingScan

MCExtractor – Intel, AMD, VIA & Freescale Microcode Extraction Tool

Intel, AMD, VIA & Freescale Microcode Extraction ToolMC Extractor News FeedMC Extractor Discussion TopicIntel, AMD & VIA CPU Microcode RepositoriesA. About MC ExtractorMC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc. It is capable of converting Intel microcode containers (dat, inc, h, txt) to binary images for BIOS integration, detecting new/unknown microcodes, checking microcode…

ArjunDiscoveryHTTPMacNEW TOOLSParameterParameter FinderParameter FuzzingParameter Scanner

Arjun v1.1 – HTTP Parameter Discovery Suite

FeaturesMulti-threading3 modes of detectionRegex powered heuristic scanningHuge list of 3370 parameter namesUsageNote: Arjun doesn't work with python < 3.4Discover parametersTo find GET parameters, you can simply do:python3 -u --getSimilarly, use --post to find POST parameters.Multi-threadingArjun uses 2 threads by default but you can tune its performance according to your network connection.python3 -u --get -t 22Delay between requestsYou can delay the request by using the -d option as follows:python3 -u --get -d 2Adding HTTP HeadersUsing the --headers switch will…

JavaScriptNEW TOOLSParameterXSSXSS BruteforceXSS DetectionXSS ExploitXSS PayloadsXSS PythonXSS scanner

XSStrike v3.0 – Most Advanced XSS Detection Suite

Why XSStrike?Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main FeaturesReflected and DOM XSS…

NEW TOOLSParameterPentestersScanTLSTLS-AttackerTLS-Scanner

TLS-Scanner – The TLS-Scanner Module From TLS-Attacker

TLS-Scanner is a tool created by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations.Please note: TLS-Scanner is a research tool intended for TLS developers, pentesters, administrators and researchers. There is no GUI. It is in the first version and may contain some bugs.CompilingIn order to compile and use TLS-Scanner, you need to have Java and Maven installed, as well as TLS-Attacker in Version 2.5$ cd TLS-Scanner$ mvn clean…

NEW TOOLSNmapNSEParameterPatatorPentestPentest-MachineScanWhatWeb

Pentest-Machine – Automates Some Pentest Jobs Via Nmap Xml File

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.HTTPwhatwebWPScan (only if whatweb returns a WordPress result)EyeWitness with active login attemptslight dirb directory bruteforceDNSnmap NSE dns-zone-transfer and dns-recursionMySQLlight patator bruteforcePostgreSQLlight patator bruteforceMSSQLlight patator bruteforceSMTPnmap NSE smtp-enum-users and smtp-open-relaySNMPlight patador bruteforcesnmpcheck (if patador successfully finds a string)SMBenum4linux -anmap NSE smb-enum-shares, smb-vuln-ms08-067,…

AES DecryptionAES EncryptionAES-KillerBurpBurp ExtensionsBurp PluginBurpsuite ExtenderBurpsuite ToolsDecryptorNEW TOOLSParameter

AES-Killer – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesDecrypt AES Encrypted traffic on proxy tabDecrypt AES Encrypted traffic on proxy, scanner, repeater and intruderHow it worksRequire AES Encryption Key (Can be obtained by reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)Request Parameter (Leave blank in case of whole request body)Response Parameter (Leave blank in case of whole response body)Character Separated with space for obfuscation on request/responseURL/Host of target to filter…

Av EvasionjavaJava-StagerNetcatNEW TOOLSParameterPoCPython3

Java-Stager – A PoC Java Stager Which Can Download, Compile, And Execute A Java File In Memory

A PoC Java Stager which can download, compile, and execute a Java file in memory.This is for research purposes only, do not use this where you are unauthorised to do so.What is this?This is based on the work of James Williams from his talk "Next Gen AV vs My Shitty Code" available here:The key parts of the talk for me are:Load a Stager onto victim (touches disk, but is a benign binary)Stager downloads raw code over HTTP (which stays in memory)Stager compiles raw code…