PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Scan

Windows10

Black Window 10 v2

by D4RkN

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Read More Black Window 10 v2
DiscoverKube-HunterMacNEW TOOLSScan

Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters

by Black Hat Sec

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own!Run kube-hunter: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.Contribute: We welcome contributions, especially…

Read More Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters
GCPGCP Cloud FunctionsGCP HardeningGCP SecurityHardeningHayatMySQLMySQL DataBaseNEW TOOLSNodeRDPScanSSH

Hayat – Auditing & Hardening Script For Google Cloud Platform

by Black Hat Sec

Hayat is a auditing & hardening script for Google Cloud Platform services such as:Identity & Access ManagementNetworkingVirtual MachinesStorageCloud SQL InstancesKubernetes Clustersfor now.Identity & Access ManagementEnsure that corporate login credentials are used instead of Gmail accounts.Ensure that there are only GCP-managed service account keys for each service account.Ensure that ServiceAccount has no Admin privileges.Ensure that IAM users are not assigned Service Account User role at project level.NetworkingEnsure the default network does not exist in a project.Ensure legacy networks does not exists for a project.Ensure that…

Read More Hayat – Auditing & Hardening Script For Google Cloud Platform
BIOSCommand LineGNUMCExtractorMicrocode Extraction ToolNEW TOOLSParameterReportingScan

MCExtractor – Intel, AMD, VIA & Freescale Microcode Extraction Tool

by Black Hat Sec

Intel, AMD, VIA & Freescale Microcode Extraction ToolMC Extractor News FeedMC Extractor Discussion TopicIntel, AMD & VIA CPU Microcode RepositoriesA. About MC ExtractorMC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc. It is capable of converting Intel microcode containers (dat, inc, h, txt) to binary images for BIOS integration, detecting new/unknown microcodes, checking microcode…

Read More MCExtractor – Intel, AMD, VIA & Freescale Microcode Extraction Tool
Hacking ToolNEW TOOLSPhisingScanSocial EngineeringSocial Engineering AttacksTrape

Trape v2.0 – People Tracker On The Internet: OSINT Analysis And Research Tool

by Black Hat Sec

Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control over their users through the browser, without them knowing, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.At the beginning of the year…

Read More Trape v2.0 – People Tracker On The Internet: OSINT Analysis And Research Tool
Anonymous FTPArachniDiscoverKali LinuxLDAPNEW TOOLSNiktoNmapNmap ScriptsScanSn1per

Sn1per v6.0 – Automated Pentest Framework For Offensive Security Experts

by Black Hat Sec

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic…

Read More Sn1per v6.0 – Automated Pentest Framework For Offensive Security Experts
CMSScanDevsecopsDrupalNEW TOOLSPython3ScanSecurity DashboardVBScan

CMS Scanner – Scan WordPress, Drupal, Joomla, vBulletin Websites For Security Issues

by Black Hat Sec

Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues.CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports.Install# Requires ruby, ruby-dev, gem, python3 and gitgit clone CMSScan./setup.shRun./run.shPeriodic ScansYou can perform periodic CMS scans with CMSScan. You must run CMSScan server separately and configure the following before running the scheduler.py script.# SMTP SETTINGSSMTP_SERVER = ''FROM_EMAIL = ''TO_EMAIL = ''#…

Read More CMS Scanner – Scan WordPress, Drupal, Joomla, vBulletin Websites For Security Issues
Auditing SSHBrute-forceNEW TOOLSScanSSHSSH Auditorssh securitySSH server

SSH Auditor – The Best Way To Scan For Weak Ssh Passwords On Your Network

by Black Hat Sec

The Best Way To Scan For Weak Ssh Passwords On Your NetworkFeaturesssh-auditor will automatically:Re-check all known hosts as new credentials are added. It will only check the new credentials.Queue a full credential scan on any new host discovered.Queue a full credential scan on any known host whose ssh version or key fingerprint changes.Attempt command execution as well as attempt to tunnel a TCP connection.Re-check each credential using a per credential scan_interval - default 14 days.It's designed so that you can run ssh-auditor discover +…

Read More SSH Auditor – The Best Way To Scan For Weak Ssh Passwords On Your Network
DelphiDll HijackingNEW TOOLSOpen SourceRobberScanVulnerability Scanners

Robber – Tool For Finding Executables Prone To DLL Hijacking

by Black Hat Sec

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies.What is DLL hijacking ?!Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path (triggering this search process), you can then place your hostile DLL somewhere higher up the search path so it'll be found before the real version is, and Windows will happilly feed your attack code to the application.So, let's pretend Windows's…

Read More Robber – Tool For Finding Executables Prone To DLL Hijacking
FindYaraIDA PluginIDA Python PluginNEW TOOLSScanYara

FindYara – IDA Python Plugin To Scan Binary With Yara Rules

by Black Hat Sec

Use this IDA python plugin to scan your binary with yara rules. All the yara rule matches will be listed with their offset so you can quickly hop to them!All credit for this plugin and the code goes to David Berard (@p0ly)This plugin is copied from David's excellent findcrypt-yara plugin. This plugin just extends his to use any yara rule.InstallationInstall yara-pythonUsing pip: pip install yara-pythonOther methods: FindYara.py to your IDA "plugins" directoryWatch the tutorial video!Yara Rules With IDA Pro">UsageLaunch the pluginThe plugin can…

Read More FindYara – IDA Python Plugin To Scan Binary With Yara Rules