Category: Parameter


Earn Bitcoins just by surfing Online !

Use CryptoTab as your default browser to maximize your revenue Mining speed increases when your browser is active. Use CryptoTab browser for your everyday activities, visit your favorite sites, watch movies online, and take advantage of maximum mining power. Browser with built-in mining CryptoTab Browser includes built-in mining algorithm that allows using your computer resources more effectively than in extension format. It boosts your mining speed up to 8 times and increases BTC earnings. Enhance your browser with over 150 thousand extensions Set up…


Cerberus Linux v1 Subsystem for Windows 10!

Cerberus Linux subsystem is Linux to run on top windows! like the picture bellow^^^ Cerberus linux v1 tools and extras : 15 new Cerberus Frameworks : Metapackages , containers with custom scripts within! Exploits (to analyze): EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. ECHOWRECKER remote Samba 3.0.x Linux exploit. EASYBEE appears to be an MDaemon email server vulnerability EASYFUN EasyFun 2.2.0 Exploit for WDaemon…


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…


Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

FuzzerJavaScriptNEW TOOLSParameterXSSXSS PayloadsXSSFuzzer

XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.Why?XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:Finding new XSS vectors, for any browserTesting XSS…

BIOSCommand LineGNUMCExtractorMicrocode Extraction ToolNEW TOOLSParameterReportingScan

MCExtractor – Intel, AMD, VIA & Freescale Microcode Extraction Tool

Intel, AMD, VIA & Freescale Microcode Extraction ToolMC Extractor News FeedMC Extractor Discussion TopicIntel, AMD & VIA CPU Microcode RepositoriesA. About MC ExtractorMC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc. It is capable of converting Intel microcode containers (dat, inc, h, txt) to binary images for BIOS integration, detecting new/unknown microcodes, checking microcode…

ArjunDiscoveryHTTPMacNEW TOOLSParameterParameter FinderParameter FuzzingParameter Scanner

Arjun v1.1 – HTTP Parameter Discovery Suite

FeaturesMulti-threading3 modes of detectionRegex powered heuristic scanningHuge list of 3370 parameter namesUsageNote: Arjun doesn't work with python < 3.4Discover parametersTo find GET parameters, you can simply do:python3 -u --getSimilarly, use --post to find POST parameters.Multi-threadingArjun uses 2 threads by default but you can tune its performance according to your network connection.python3 -u --get -t 22Delay between requestsYou can delay the request by using the -d option as follows:python3 -u --get -d 2Adding HTTP HeadersUsing the --headers switch will…

JavaScriptNEW TOOLSParameterXSSXSS BruteforceXSS DetectionXSS ExploitXSS PayloadsXSS PythonXSS scanner

XSStrike v3.0 – Most Advanced XSS Detection Suite

Why XSStrike?Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are some examples of the payloads generated by XSStrike:}]};(confirm)()//\<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//Apart from that, XSStrike has crawling, fuzzing, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.Main FeaturesReflected and DOM XSS…

NEW TOOLSParameterPentestersScanTLSTLS-AttackerTLS-Scanner

TLS-Scanner – The TLS-Scanner Module From TLS-Attacker

TLS-Scanner is a tool created by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations.Please note: TLS-Scanner is a research tool intended for TLS developers, pentesters, administrators and researchers. There is no GUI. It is in the first version and may contain some bugs.CompilingIn order to compile and use TLS-Scanner, you need to have Java and Maven installed, as well as TLS-Attacker in Version 2.5$ cd TLS-Scanner$ mvn clean…

NEW TOOLSNmapNSEParameterPatatorPentestPentest-MachineScanWhatWeb

Pentest-Machine – Automates Some Pentest Jobs Via Nmap Xml File

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.HTTPwhatwebWPScan (only if whatweb returns a WordPress result)EyeWitness with active login attemptslight dirb directory bruteforceDNSnmap NSE dns-zone-transfer and dns-recursionMySQLlight patator bruteforcePostgreSQLlight patator bruteforceMSSQLlight patator bruteforceSMTPnmap NSE smtp-enum-users and smtp-open-relaySNMPlight patador bruteforcesnmpcheck (if patador successfully finds a string)SMBenum4linux -anmap NSE smb-enum-shares, smb-vuln-ms08-067,…

AES DecryptionAES EncryptionAES-KillerBurpBurp ExtensionsBurp PluginBurpsuite ExtenderBurpsuite ToolsDecryptorNEW TOOLSParameter

AES-Killer – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesDecrypt AES Encrypted traffic on proxy tabDecrypt AES Encrypted traffic on proxy, scanner, repeater and intruderHow it worksRequire AES Encryption Key (Can be obtained by reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)Request Parameter (Leave blank in case of whole request body)Response Parameter (Leave blank in case of whole response body)Character Separated with space for obfuscation on request/responseURL/Host of target to filter…

Av EvasionjavaJava-StagerNetcatNEW TOOLSParameterPoCPython3

Java-Stager – A PoC Java Stager Which Can Download, Compile, And Execute A Java File In Memory

A PoC Java Stager which can download, compile, and execute a Java file in memory.This is for research purposes only, do not use this where you are unauthorised to do so.What is this?This is based on the work of James Williams from his talk "Next Gen AV vs My Shitty Code" available here:The key parts of the talk for me are:Load a Stager onto victim (touches disk, but is a benign binary)Stager downloads raw code over HTTP (which stays in memory)Stager compiles raw code…

Command LineDemiguiseDLLHTAJavaScriptMacNEW TOOLSParameterPayload GenerationSandboxScanSharpShooter

SharpShooter – Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery or both; SharpShooter is compatible with the MDSec ActiveBreach PowerDNS project. Alternatively, stageless payloads with embedded shellcode execution can also be generated for the same scripting formats.SharpShooter…