image
Telegram Group Scraper Tool. Fetch All Information About Group Members • How To Install & Setup API ( Termux ) • API Setup Go to http://my.telegram.org and log in. Click on API development tools and fill the required fields. put app name you want & select other in platform Example : copy "api_id" & "api_hash" after clicking create app ( will be used in setup.py ) • How To Install and Use $ pkg install -y git python $ git clone https://github.com/th3unkn0n/TeleGram-Scraper.git $ cd TeleGram-Scraper Install requierments $ python3 setup.py -i setup configration file ( apiID, apiHASH ) $ python3 setup.py -c To Genrate User Data $ python3 scrapr.py ( members.csv is default if you changed name use it ) Send Bulk sms To Collected Data $ python3 smsbot.py members.csv add users to your group ( in devlopment ) $ python3 add2group.py members.csv Update Tool $ python3 setup.py -u Download…

Source

image
What is it for? Grouper2 is a tool for _ pentesters _ to help find security-related misconfigurations in Active Directory Group Policy. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some particular standard, you probably want Microsoft's Security and Compliance Toolkit, not Grouper or Grouper2. What does it do? It dumps all the most interesting parts of group policy and then roots around in them for exploitable stuff. How is it different from Grouper? Where Grouper required you to: have GPMC/RSAT/whatever installed on a domain-joined computer generate an xml report with the Get-GPOReport PowerShell cmdlet feed the report to Grouper a bunch of gibberish falls out and hopefully there's some good stuff in there. Grouper2 does like Mr Ed suggests and goes straight to the source, i.e. SYSVOL. This means you don't have the horrible dependency on Get-GPOReport (hooray!) but it also means that it has to do a bunch of parsing of different file formats and so on (booo!). Other cool new features: better file permission checks that don't involve writing to disk. doesn't miss those GPP passwords that Grouper 1 did. HTML output option so you can preserve those sexy console colours and take them with you. aim Grouper2 at an offline copy of SYSVOL if you want. it's multithreaded! a bunch of other great stuff but it's…

Source

image
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple – just download and extract the zip containing the release for your system , and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms. Building From Source If you are building from source, please note that Gophish requires Go v1.10 or above! To build Gophish from source, simply run go get github.com/gophish/gophish and cd into the project source directory. Then, run go build . After this, you should have a binary called gophish in the current directory. Docker You can also use Gophish via an unofficial Docker container here . Setup After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username (admin) and password (gophish). Documentation Documentation can be found on our site . Find something missing? Let us know by filing an issue! Download…

Source

image
Aaia (pronounced as shown here ) helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to programatically fetch data from neo4j database and process it in a custom fashion. This is mostly useful if any complex comparision or logic has to be applied which otherwise would not be easy through cypher queries. Aaia was initially intended to be a tool to enumerate privelege esclation possibilities and find loop holes in AWS IAM. It was inspired from the quote by @JohnLaTwC "Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win." Why the name "Aaia" ? Aaia in Tamil means grandma. In general, Aaia knows everything about the family. She can easily connect who is related to whom; and how ;and give you the connection within a split second. She is a living graph database. 😛 Since "Aaia" (this tool) also does more or less the same, hence the name. Installation Install the neo4j Database Instructions here Setup the username , password and bolt connection uri in Aaia.conf file. An example format is given in Aaia.conf file already. Install OS dependency Debian :- apt-get install awscli jq Redhat / Fedora / Centos / Amazon Linux :- yum install awscli jq Note: These packages are needed for…

Source

image
Scallion lets you create vanity GPG keys and .onion addresses (for Tor's hidden services ) using OpenCL. Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008). Scallion is currently in beta stage and under active development. Nevertheless, we feel that it is ready for use. Improvements are expected primarily in performance, user interface, and ease of installation, not in the overall algorithm used to generate keys. FAQ Here are some frequently asked questions and their answers: Why generate GPG keys? Scallion was used to find collisions for every 32bit key id in the Web of Trust's strong set demonstrating how insecure 32bit key ids are. There was/is a talk at DEFCON ( video ) and additional info can be found at https://evil32.com/ . What are valid characters? Tor .onion addresses use Base32 , consisting of all letters and the digits 2 through 7, inclusive. They are case-insensitive. GPG fingerprints use hexadecimal , consisting of the digits 0-9 and the letters A-F. Can you use Bitcoin ASICs (e.g. Jalapeno, KnC) to accelerate this process? Sadly, no. While the process Scallion uses is conceptually similar (increment a nonce and check the hash), the details are different (SHA-1 vs double SHA-256 for Bitcoin). Furthermore, Bitcoin ASICs are as fast as they are because they are extremely tailored to Bitcoin mining applications. For example, here's the datasheet for the CoinCraft A-1, an…

Source

image
Bluewall is a firewall framework designed for offensive and defensive cyber professionals. This framework allows Cybersecurity professionals to quickly setup their environment while staying within their scope. Credit Inspired by Andrew Benson's hostfw iptable generation script . Features Bluewall * Configure Firewall * Configure Hostname * Configure Interface(s) Supported Operating Systems * Redhat/CentOS * [Windows](<https://www.kitploit.com/search/label/Windows> "Windows" ) configuration can be generated but not executed. Commandline * bluewall -c config/example.ini ** See example configuration Utils * Enumerate – Identify live hosts inside your network (coming soon) Symantecs * Target Host – Outbound communication * Trusted Host – Bidirectional communication * No Strike – Devices your computer should not communicate with Setup # BUILT FOR PYTHON 2.x sudo python setup.py install sudo bluewall -h (for help) Getting Started # Setup Initial Environment using Configuration sudo bluewall -c config/hostconfig.ini # Export optional windows configuration sudo bluewall -c config/hostconfig.ini -w autoconfig.ps1 # Add additional inbound host or ranges sudo bluewall -ih 192.168.0.3,192.168.1.0/24 # Exclude host to communicate with sudo bluewall -eh 192.168.1.1 # Super easy wizard mode sudo bluewall –wizard Help usage: bluewall [-h] [-V] [-v] [-r] [-p] [-i] [-d] [-w WINDOWS_CONFIG] [-ot TCP_PORTS_OUT]…

Source

image
Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I'm realeasing all the code I developed during my research. The main idea is to help people and motive them to get into this topic which is really interesting and there is a lot to research about it. All this code is the result of a research done for Recon2019 (Montreal) and BlackHat Europe 2019 (London). Twitter: @Niemand_sec More info: Personal Blog Description for each module can be found on each folder . Modules can be used together or separated. Cuztomization should be simple due to the modularity of the code. Usage Most of the settings can be done by using config.ini file, however, some modules may require particular settings on the code, depending on your intentions. Remember to change location of config.ini file at CheatHelper/CheatHelper.cpp (variable configFile) Modules (more coming in the future) CheatHelper DriverDisabler DriverHelper DriverTester HandleElevationDriver HandleHijackingDLL HandleHijackingMaster LuaHook StealthHijackingNormalDLL StealthHijackingNormalMaster About this Project All this code is a result of the Researching presented at Recon 2019 and BlackHat Europe 2019: "Unveiling the underground world of Anti-Cheats" Links: First Release Info: https://recon.cx/2019/montreal/ …

Source

image
gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line. Both Linux and macOS is supported, with Windows support ‘partially working'. Inspiration for gowitness comes from Eyewitness . If you are looking for something with lots of extra features, be sure to check it out along with these other projects . Installation All you would need is an installation of the latest Google Chrome or Chromium and gowitness itself. gowitness can be downloaded using go get -u github.com/sensepost/gowitness or using the binaries available for download from the releases page. Running using docker To screenshot a page using docker, simply run the following command that would also pull the latest gowitness image: docker run –rm -it -v $(pwd)/screenshots:/screenshots leonjza/gowitness:latest single –url=https://www.google.com Keep in mind that a folder needs to be mounted into the container for gowitness to write your screenshots to, otherwise they will be lost when the container exits. The container is configured with the /screenshots/ directory as the working directory, so the above command mounts a local screenshots/ directory there. If you want to read an nmap file, save it locally into a screenshots directory, and use it with: docker run –rm -it -v $(pwd)/screenshots:/screenshots leonjza/gowitness:latest nmap -f /screenshots/nmap.xml For any other commands, you…

Source

image
Python library to remotely extract credentials. This blog post explains how it works. You can check the wiki This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Requirements Python >= 3.6 pypykatz >= 0.3.0 impacket Installation From pip python3.7 -m pip install lsassy From sources python3.7 setup.py install Basic Usage lsassy [–hashes [LM:]NT] [<domain>/]<user>[:<password>]@<target> Advanced Dumping methods This tool can dump lsass in different ways. Dumping methods ( -m or –method ) 0 : Try all methods (dll then procdump) to dump lsass, stop on success (Requires -p if dll method fails) 1 : comsvcs.dll method, stop on success (default) 2 : Procdump method, stop on success (Requires -p) 3 : comsvcs.dll + Powershell method, stop on success 4 : comsvcs.dll + cmd.exe method comsvcs.dll method This method only uses built-in Windows files to extract remote credentials. It uses minidump function from comsvcs.dll to dump lsass process. This method can only be used when context has SeDebugPrivilege . This privilege is either in Powershell local admin context, or cmd.exe SYSTEM context. Two execution methods can be used. WMIExec with cmd.exe (no SeDebugPrivilege), or powershell (SeDebugPrivilege) ScheduledTasks with SYSTEM context (SeDebugPrivilege) Procdump method This method uploads procdump.exe from…

Source

image
LOLBITS is a C# reverse shell that uses Microsoft's Background Intelligent Transfer Service (BITS) to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests received by the app contain a valid authentication header. LOLBITS is composed of 3 main elements: The C# agent that is in charge of executing the commands in the compromised host, sending back the output to the C&C server once the process is done. The flask web application that acts as a dispatcher. This element is the one that allows to hide the C&C infrastructure behind a harmless website at the same time that supplies the new commands to the agent when an authenticated request is received. The C&C console, used to control the agent. In order to deny proxies content inspection, all the relevant content sent between the agent and the C&C server is encrypted using RC4 with a preshared secret key. A high level diagram of the infrastructure behaviour would be as it's shown in the following diagram: To avoid that the Blue Team could reproduce some of the old requests and discover the C&C infrastructure, each authentication header is generated randomly and is valid only for one single cycle (a cycle is composed of a POST request followed by a GET request). Old authentication headers will be ignored and the harmless website will be displayed for those requests. …

Source