PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Penetration Test

Windows10

Black Window 10 v2 (codename: Polemos)

Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system and…

Debian

Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

Windows Hacking

Black Window 10 Enterprise

Black Window 10 Enterprise is the first windows based penetration testing distribution with linux integraded ! The system comes activated with a digital license for windows enterprise ! It supports windows apps and linux apps, gui and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of cerberus linux! It has managed to implement cerberus os within windows.Offers the stability of a windows system and it offers the hacking part with a…

Brute-forceCaptive PortalEvil TwinKaliMacMac ChangerNEW TOOLSPcapPenetration TestSniffAirTP-LINKWPA2

SniffAir – A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries…

Integrated Penetration-Test EnvironmentIPENEW TOOLSPenetration TestPenetration Test IDE

Faraday v3.2 – Collaborative Penetration Test and Vulnerability Management Platform

Here is a list of all the goodies in Faraday v3.2:Workspace names- with numbers!With this new version, workspaces’ names are now allowed to start with numbers (before they could only start with letters).Search unconfirmed vulnsIn this version was added the filter to be able to show unconfirmed vulns as well:Multi column searchWas added support to the operator “AND” on the search field in the Status Report, this is one of the first logical operators that we support in Faraday. Is working to add the…

Injection toolJavaScriptMetasploit FrameworkNEW TOOLSNode.jsNodeXPPenetration Test

NodeXP – Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started - Installation & UsageDownload NodeXP by cloning the Git repository:git clone get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 nodexp.py --url="" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py --url="" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blindpython2.7 nodexp.py --url="[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py --url="[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order…

NEW TOOLSOWASP VBScanPenetration TestPerlVBScan

VBScan 0.1.8 – Black Box vBulletin Vulnerability Scanner

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.Project Leader : Mohammad Reza Espargham Github : SourceForge : OWASP Page : usage : ./vbscan.pl <target>./vbscan.pl VBScan 0.1.7 introduction…

DistributedFireworkNEW TOOLSNTLMPenetration TestRDPRed TeamSocial EngineeringTLS

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials - NetNTLM hashes will be sent…

Integrated Penetration-Test EnvironmentIPENEW TOOLSPenetration TestPenetration Test IDE

Faraday v3.0 – Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use...Big changes require timeThe total amount of…

Integrated Penetration-Test EnvironmentIPENEW TOOLSPenetration TestPenetration Test IDE

Faraday Beta v3.0 – Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use...Big changes require timeThe total amount of…

CrawlingGyoiThonKaliMachine LearningMetasploit FrameworkMetasploit ProNEW TOOLSPenetration TestScan

GyoiThon – A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning.GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. GyoiThon executes the above processing automatically.Processing steps GyoiThon executes the above "Step1" - "Step4" fully automatically.User's only operation is to input the top URL of the target web server in GyoiThon.It is very easy!You can identify vulnerabilities of…