Category: Parameter


Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

NEW TOOLSNmapNSEParameterPatatorPentestPentest-MachineScanWhatWeb

Pentest-Machine – Automates Some Pentest Jobs Via Nmap Xml File

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.HTTPwhatwebWPScan (only if whatweb returns a WordPress result)EyeWitness with active login attemptslight dirb directory bruteforceDNSnmap NSE dns-zone-transfer and dns-recursionMySQLlight patator bruteforcePostgreSQLlight patator bruteforceMSSQLlight patator bruteforceSMTPnmap NSE smtp-enum-users and smtp-open-relaySNMPlight patador bruteforcesnmpcheck (if patador successfully finds a string)SMBenum4linux -anmap NSE smb-enum-shares, smb-vuln-ms08-067,…

AES DecryptionAES EncryptionAES-KillerBurpBurp ExtensionsBurp PluginBurpsuite ExtenderBurpsuite ToolsDecryptorNEW TOOLSParameter

AES-Killer – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesDecrypt AES Encrypted traffic on proxy tabDecrypt AES Encrypted traffic on proxy, scanner, repeater and intruderHow it worksRequire AES Encryption Key (Can be obtained by reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)Request Parameter (Leave blank in case of whole request body)Response Parameter (Leave blank in case of whole response body)Character Separated with space for obfuscation on request/responseURL/Host of target to filter…

Av EvasionjavaJava-StagerNetcatNEW TOOLSParameterPoCPython3

Java-Stager – A PoC Java Stager Which Can Download, Compile, And Execute A Java File In Memory

A PoC Java Stager which can download, compile, and execute a Java file in memory.This is for research purposes only, do not use this where you are unauthorised to do so.What is this?This is based on the work of James Williams from his talk "Next Gen AV vs My Shitty Code" available here:The key parts of the talk for me are:Load a Stager onto victim (touches disk, but is a benign binary)Stager downloads raw code over HTTP (which stays in memory)Stager compiles raw code…

Command LineDemiguiseDLLHTAJavaScriptMacNEW TOOLSParameterPayload GenerationSandboxScanSharpShooter

SharpShooter – Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery or both; SharpShooter is compatible with the MDSec ActiveBreach PowerDNS project. Alternatively, stageless payloads with embedded shellcode execution can also be generated for the same scripting formats.SharpShooter…

JavaScriptMacNEW TOOLSParameterVimVim.WasmWasm

Vim.Wasm – Vim Editor Ported To WebAssembly

This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen.Try it with your browserNOTICESPlease access from a desktop browser (Chrome/Firefox/Safari/Edge). Safari seems the best on macOS.Please avoid slow networks. Your browser will fetch total of around 1MB files.vim.wasm takes key inputs from DOM keydown event. Please disable your browser extensions which affect key inputs (incognito mode would be the best).This project is very early phase of experiment. Currently only tiny features are supported. More…

Cobalt StrikeCommand LineNEW TOOLSParameterRegistrywePWNise

wePWNise – Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit, Cobalt Strike) and it also accepts any custom payload in raw format.PrerequisitesPython termcolor package. To install run: pip install termcolorCommand line argumentsTo start using wePWNise,…

Brute-forceCTF ToolDATAHiddenKaliKali LinuxNEW TOOLSParameterpenetration testingStegcrackerSteghideWordlist

StegCracker – Steganography Brute-Force Utility To Uncover Hidden Data Inside Files

Steganography brute-force utility to uncover hidden data inside files.UsageUsing stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path to a wordlist of passwords to try as it's second parameter. If this is not set it will default to the rockyou.txt password file which ships with Kali Linux or can be downloaded here.$ stegcracker <file> [<wordlist>]InstallationTo install the program, follow these steps:$ sudo apt-get install steghide -y$ sudo curl > /bin/stegcracker$ sudo chmod +x /bin/stegcrackerDownload StegCracker

AutocrackBrute-forceMasksNEW TOOLSParameterWordlistsWrapper

Autocrack – Hashcat Wrapper To Help Automate The Cracking Process

This python script is a Hashcat () wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks.Autocrack uses Python 3, which is usually installed already in various Linux distributions. To install Python 3 in OS X, follow the instructions here: sure to set the path variables at the beginning of the script.usage: [-h] [-b NUM]…

M4Ngl3M3MacNEW TOOLSParameterPassword Generator

M4Ngl3M3 – Common Password Pattern Generator Using Strings List

Common password pattern generator using strings list.Quick Installation:$ git clone cd m4ngl3m3$ ./main.pyBasic Help:usage: [-h] [-fy FROM_YEAR] [-ty TO_YEAR] [-sy] [-nf NUMBERS_FILE] [-sf SYMBOLS_FILE] [-cf CUSTOM_FILE] [-sbs] [-sap] [-mm MUTATION_METHODS] MUTATION_MODE STRINGS_FILE OUTPUT_FILECommon password pattern generator using strings listpositional arguments: MUTATION_MODE Mutation mode to perform: (prefix-mode | suffix-mode | dual-mode) STRINGS_FILE File with strings to mutate OUTPUT_FILE Where to write the mutated stringsoptional arguments: -h, --help show this help message and exit -fy FROM_YEAR, --from-year FROM_YEAR Year where our iteration starts (default:…