Category: Wordlist


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Brute Force AttackBrute-forceHediyeMacNEW TOOLSWordlist

Hediye – Hash Generator & Cracker Online Offline

Hash Generator & Cracker Online Offline suported hash:md5sha1sha224sha256sha384sha512Install NoteClone the repository:git clone go inside:cd hediye/use examples:python3 -k Key / For --> Generate Hash (md5, sha1, sha224, sha256, sha384, sha512)python3 -v HASH -f Wordlist / For --> Brute Force Attackpython3 -n HASH / For --> Online SearchGenerate Hashpython3 -k 4617165Brute Force AttackOnline SearchDownload Hediye

Command LineDeepSearchNEW TOOLSPython3WebscannerWordlist

DeepSearch – Advanced Web Dir Scanner

DeepSearch is a simple command line tool for bruteforce directories and files in websites.Installation$ git clone deepsearch$ cd deepsearch $ pip3 install requests$ python3 deepsearch.pyScreenshotsUsageBasic:python3 -u -e php -w wordlist.txtForce extension for every wordlist entry (support one extension):python3 -u -e php -w wordlist.txt -fMake a request by hostname (ip):python3 -u -e php -w wordlist.txt -bForce lowercase for every wordlist entry:python3 -u -e php -w wordlist.txt -lForce uppercase for every wordlist entry:python3 -u -e…

Admin FinderAdmin Panel FinderCangibrinaMacNEW TOOLSNmapScanTORWordlist

Cangibrina v0.8.7 – A Fast And Powerfull Dashboard (Admin) Finder

Dashboard FinderCangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txtRequirements:Python 2.7mechanizePySocksbeautifulsoup4html5libNmap (--nmap)TOR (--tor)Install:Linux git clone cd cangibrina pip install -r requirements.txtUsageusage: [-h] -u U [-w W] [-t T] [-v] [--ext EXT] [--user-agent] [--tor] [--search] [--dork DORK] [--nmap [NMAP]]Fast and powerful admin finderoptional arguments: -h, --help show this help message and exit -u U target site -w W set wordlist (default: wl_medium) -t T set threads number (default: 5) -v…

AronGET parametersGoHiddenNEW TOOLSPOST parametersWordlist

Aron – A GO Script For Finding Hidden GET & POST Parameters

Aron is a simple GO script for finding hidden GET & POST parameters with bruteforce.Installation$ git clone aron$ cd aron $ go get now check if $GOPATH is set$ go env | grep -i gopath# if $GOPATH not set, try with:$ export GOPATH=$HOME/go$ go run aron.go# OR $ go build aron.go$ cp aron /usr/bin/$ aronUsage ___ / | _________ ___ / /| | / ___/ __ \/ __\ / ___ |/ / / /_/ / / / / /_/ |_/_/ \____/_/ /_/…

Brute-forceCTF ToolDATAHiddenKaliKali LinuxNEW TOOLSParameterpenetration testingStegcrackerSteghideWordlist

StegCracker – Steganography Brute-Force Utility To Uncover Hidden Data Inside Files

Steganography brute-force utility to uncover hidden data inside files.UsageUsing stegcracker is simple, pass a file to it as it's first parameter and optionally pass the path to a wordlist of passwords to try as it's second parameter. If this is not set it will default to the rockyou.txt password file which ships with Kali Linux or can be downloaded here.$ stegcracker <file> [<wordlist>]InstallationTo install the program, follow these steps:$ sudo apt-get install steghide -y$ sudo curl > /bin/stegcracker$ sudo chmod +x /bin/stegcrackerDownload StegCracker

Bug BountyBugbountyHostile Subdomain TakeoverMacNEW TOOLSSubdomain TakeoverSubOverTakeover SubdomainWordlist

SubOver v1.1.1 – A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool originally written in python but rewritten from scratch in Golang. Since it's redesign, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 30+ services which is much more than any other tool out there. The tool uses Golang concurrency and hence is very fast. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so…

GalileoNEW TOOLSpenetration testingWeb ApplicationWordlist

Galileo – Web Application Audit Framework

Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.Installation$ git clone galileo$ cd galileoInstall requirements$ pip install -r requirements.txtor$ apt-get install python-pysocksFor windows$ python -m pip install pysocksRun$ python galileo.pyUsageSet global options:galileo #> set Set A Context-Specific Variable To A Value ------------------------------------------ - Usage: set <option> <value> - Usage: set COOKIE phpsess=hacker_test Name Current Value Required Description ---------- ------------- -------- ----------- PAUTH no Proxy auth credentials (user:pass)…

MacNEW TOOLSPython3SambaSMBSMBruteWordlist

SMBrute – SMB Protocol Bruteforce

SMBrute is a program that can be used to bruteforce username and passwords of servers that are using SMB (Samba).Install SMBrute$ git clone smbrute$ cd smbrute$ pip3 install pysmb, humanfriendly$ python3 smbrute.pyUsage:$ python3 -h _____ _____ _____ _ | __| | __ |___ _ _| |_ ___ |__ | | | | __ -| _| | | _| -_||_____|_|_|_|_____|_| |___|_| |___|SMBrute - SMB Protocol Bruteforce Version 0.1.0 Momo Outaadi (M4ll0k)----------------------------------------[+] Host authentication disabled[+] Showing folders..------------------------------------------------| Name | Type | Comments…

AWSDiscoverygoGetBucketMacNEW TOOLSpenetration testingPenetration Testing ToolS3Testing ToolWordlist

goGetBucket – A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.The following information about every bucket found to exist…