image
Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb . Here you can see it in action: How to use it The application is self-documenting, launching dirstalk -h will return all the available commands with a short description, you can get the help for each command by doing distalk <command> -h . EG dirstalk result.diff -h Scan To perform a scan you need to provide at least a dictionary and a URL: dirstalk scan http://someaddress.url/ –dictionary mydictionary.txt As mentioned before, to see all the flags available for the scan command you can just call the command with the -h flag: dirstalk scan -h Example of how you can customize a scan: dirstalk scan http://someaddress.url/ –dictionary mydictionary.txt –http-methods GET,POST –http-timeout 10000 –scan-depth 10 –threads 10 –socks5 127.0.0.1:9150 –cookie name=value –use-cookie-jar –user-agent my_user_agent –header "Authorization: Bearer 123" Currently available flags: –cookie stringArray [cookie](<https://www.kitploit.com/search/label/Cookie> "cookie" ) to add to each request; eg name=value (can be specified multiple times) -d, –dictionary string dictionary to use for the scan (path to local file or [remote](<https://www.kitploit.com/search/label/Remote> "remote" ) url) –header…

image
Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work also with Python 3. If you have previous installation of scapy without scapy-ssl_tls, please remove it or use venv. Installation of main libraries: scapy-ssl_tls (this will install also scapy in 2.4.2) pip install git+https://github.com/tintinweb/[email protected] Common problems: If you encounter error: error: [Errno 2] No such file or directory: ‘LICENSE' , try repeating command – surprisingly it works. If you encounter error: NameError: name ‘os' is not defined – add missing import os to scapy/layers/ssl_tls.py . All other required packages can be installed using requirements.txt file: pip install -r cotopaxi/requirements.txt Manual installation of other required packages: pip install dnslib IPy hexdump pyyaml psutil enum34 configparser Disclaimer Cotopaxi toolkit is intended to be used only for authorized security testing! Some tools (especially vulnerability tester and protocol fuzzer) can cause some devices or servers to stop acting in the intended way — for example leading to crash or hang of tested entities or flooding with network traffic another entities. Make sure you have permission from the owners of tested devices or…

image
IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG tree in the separate view Some screenshots of TAGS view: How TAGs look in unexplored code: You can easily rename function using its context menu or just pressing n hotkey: Installation Just copy auto_re.py to the IDAplugins directory and it will be available through Edit -> Plugins -> Auto RE menu Download…

image
Gobuster is a tool used to brute-force: URIs (directories and files) in web sites. DNS subdomains (with wildcard support). Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: … something that didn't have a fat Java GUI (console FTW). … to build something that just worked on the command line. … something that did not do recursive brute force. … something that allowed me to brute force folders and multiple extensions at once. … something that compiled to native on multiple platforms. … something that was faster than an interpreted script (such as Python). … something that didn't require a runtime. … use something that was good with concurrency (hence Go). … to build something in Go that wasn't totally useless. But it's shit! And your implementation sucks! Yes, you're probably correct. Feel free to: Not use it. Show me how to do it better. Love this tool? Back it! If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer ! All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed. Changes in 3.0 New CLI options so modes are strictly seperated ( -m is now gone!) Performance Optimizations and better connection handling Ability to bruteforce vhost names Option to supply custom HTTP headers Available Modes dir – the…

image
RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection : Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs of DNS based covert channels Blacklist Checking : Query blacklists to search for suspicious domains and hosts Automatic Installation The automatic installer is officially supported on Ubuntu 16.04 LTS, Security Onion*, and CentOS 7 Download the latest install.sh file from the release page Make the installer executable: chmod +x ./install.sh Run the installer: sudo ./install.sh Please see the Security Onion RITA wiki page for further information pertaining to using RITA on Security Onion. Manual Installation To install each component of RITA by hand, check out the instructions in the docs . Upgrading RITA See this guide for upgrade instructions. Getting Started System Requirements Operating System – The preferred platform is 64-bit Ubuntu 16.04 LTS. The system should be patched and up to date using apt-get. Processor (when installed alongside Bro/Zeek) – Two cores plus an additional core for every 100 Mb of traffic being captured. (three cores minimum). This should be dedicated hardware, as resource congestion with other VMs can cause packets to be dropped or missed. Memory – 16GB minimum. 64GB if monitoring 100Mb or more…

image
by Gabriel Ryan ( s0lst1c3 )(gryan[at]specterops.io) EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is, our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands. Quick Start Guide (Kali) Begin by cloning the eaphammer repo using the following command: git clone https://github.com/s0lst1c3/eaphammer.git Next run the kali-setup file as shown below to complete the eaphammer setup process. This will install dependencies and compile the project: ./kali-setup To setup and execute a credential stealing evil twin attack against a WPA/2-EAP network: # generate certificates ./eaphammer –cert-wizard # launch attack ./eaphammer -i wlan0 –channel 4 –auth wpa-eap –essid CorpWifi –creds Usage and Setup Instructions For complete usage and setup instructions, please refer to the project's wiki page: https://github.com/s0lst1c3/eaphammer/wiki Features Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks. Perform hostile portal attacks to steal AD creds and perform indirect wireless pivots Perform captive portal …

image
Postenum is a clean, nice and easy tool for basic/advanced privilege escalation vectors/techniques. Postenum tool is intended to be executed locally on a Linux box. Be more than a normal user. be the ROOT. USE ./postenum.sh [option] ./postenum.sh -s ./postenum.sh -c Options : -a : All -s : Filesystem [SUID, SGID, Config/DB files, etc.] -l : Shell escape and development tools -c : The most interesting files -n : Network settings -p : Services and cron jobs -o : OS informations and kernel exploits -v : Software's versions -t : Fstab credentials and databases checker Install.sh You can use install.sh script to install postenum. (only for system/network admins). to run it: ./install.sh Version 0.8 Download…

image
Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios [OPTIONS] BOOT_IMG Options: –help / -h: Displays help. –memory / -m: The amount of [memory](<https://www.kitploit.com/search/label/Memory> "memory" ) to allocate for the virtual machine (in megabytes). Defaults to 64MB, minimum 2MB. –break / -b Breaks on a specific address. –break-int: Breaks on interrupt calls. –break-iret: Breaks on interrupt returns. –trap: Raises a trap when breaking. –debug-video: Turns on debug output for video services. –single-step: Breaks on every instruction. –no-ui: Don't start the user interface (output will be displayed to stdout, debug info to stderr). –no-colors: Don't use colors. Installation: brew install –HEAD macmade/tap/unicorn-bios Repository Infos Owner: Jean-David Gadina – XS-Labs Web: www.xs-labs.com Blog: www.noxeos.com Twitter: @macmade GitHub: github.com/macmade LinkedIn: ch.linkedin.com/in/macmade/ StackOverflow: stackoverflow.com/users/182676/macmade Download…

image
uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer . Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. 中文介绍 Features very little hack and easy to build can target any specified function or code snippet coverage-guided fuzzing with considerable speed dependence resolved and loaded automatically library function override by PRELOAD Build Reverse the target binary and find interesting functions for fuzzing. Create a .c file in the directory callback , which should contain the following callbacks: void onLibLoad(const char *libName, void *baseAddr, void *ucBaseAddr) : It's invoked each time an dependent library is loaded in Unicorn. int uniFuzzerInit(uc_engine *uc) : It's invoked just after all the binaries been loaded in Unicorn. Stack/heap/registers can be setup up here. int uniFuzzerBeforeExec(uc_engine *uc, const uint8_t *data, size_t len) : It's invoked before each round of fuzzing execution. int uniFuzzerAfterExec(uc_engine *uc) : It's invoked after each round of fuzzing execution. Run make and get the fuzzing tool named uf . Run uniFuzzer uses the following environment variables as parameters: UF_TARGET : Path of the target ELF file UF_PRELOAD : Path of the preload library. Please make sure that the library has the same architecture as the target. UF_LIBPATH : Paths in which the dependent libraries reside. Use : to separate multiple…

image
SMTPTester is a python3 tool to test SMTP server for 3 common vulnerabilities: Spoofing – The ability to send a mail on behalf of an internal user Relay – Using this SMTP server to send email to other address outside of the organization user enumeration – using the SMTP VRFY command to check if specific username andor email address exist within the organization. How to use it First, install the needed dependencies: pip install -r requirments.txt Second, run the tool with the needed flags: python SMTPTester.py –tester [tester email] –targets [SMTP IP or file containing multiple IPs] Options to consider -i–internal testing only for mail spoofing -e–external only testing for mail relay -v–vrfy only perform user enumeration the tool will perform both internal and external when no specific test type is specified, and will append the output to a log file on the same folder as the SMTPTester.py file. Issues, bugs and other code-issues Yeah, I know, this code isn't the best. I'm fine with it as I'm not a developer and this is part of my learning process. If there is an option to do some of it better, please, let me know. _ Not how many, but where. _ v0.1 Download…