image
Intelligence Tool but without API key What is Metabigor? Metabigor is Intelligence tool, its goal is to do OSINT tasks and more but without any API key. Installation go get -u github.com/j3ssie/metabigor Main features Discover IP Address of the target. Wrapper for running masscan and nmap on IP target. Do searching from command line on some search engine. Demo Example Commands # discovery IP of a company/organization echo "company" | metabigor net –org -o /tmp/result.txt # discovery IP of an ASN echo "ASN1111" | metabigor net –asn -o /tmp/result.txt cat list_of_ASNs | metabigor net –asn -o /tmp/result.txt # running masscan on port 443 for a subnet echo "1.2.3.4/24" | metabigor scan -p 443 -o /tmp/result.txt # running masscan on all port and nmap on open port cat list_of_IPs | metabigor scan –detail -o /tmp/result.txt # search result on fofa echo ‘title="RabbitMQ Management"' | metabigor search -x -v -o /tmp/result.txt Credits Logo from flaticon by freepik Disclaimer This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only. Download…

Source

image
RA pid B ig I P D ecoder What it is A CLI tool and library allowing to simply decode all kind of BigIP cookies. Features Support all 4 cookie formats CLI tool & library Hackable References Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/ Author Made by Alexandre ZANNI ( @noraj ), pentester from Orange Cyberdefense. Download…

Source

image
Cross-site scripting labs for web application security enthusiasts List of Chall : ~ Chall 1 | URL ~ Chall 2 | Form ~ Chall 3 | User-Agent ~ Chall 4 | Referrer ~ Chall 5 | Cookie ~ Chall 6 | LocalStorage ~ Chall 7 | Login Page ~ Chall 8 | File Upload ~ Chall 9 | Base64 Encoding ~ Chall 10 | Removes Alert ~ Chall 11 | Removes Script ~ Chall 12 | Preg_replace ~ Chall 13 | HTML Entities ~ Chall 14 | Regex Filter #1 ~ Chall 15 | Regex Filter #2 ~ Chall 16 | Regex Filter #3 ~ Chall 17 | HTML Entities + URL Encode ~ Chall 18 | HTML Entities #2 (Special Character) ~ Chall 19 | HTML Entities #3 (Input Value) ~ Chall 20 | HTML Entities #4 (Input Value + Capitalizes) Screenshot : Instalation : Run your web server (XAMPP / LAMPP) Clone the repository and put the files in the /htdocs/xss-labs You can akses http://localhost:8080/xss-labs Happy Hacking ^_^ Visite website : https://www.tegal-1337.com/ Thnks for Abhi-M and Codepen for References Download…

Source

image
Parse & filter the latest CVEs from https://cve.mitre.org . Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails http://localhost:4000/cve?target=ruby%20on%20rails&year=2020 If you want to parse the latest year, use the "latest" keyword. http://localhost:4000/cve?target=ruby%20on%20rails&year=latest Getting started Download the project bundle install ruby rest.rb Requirements Ruby Docker (Optional, only required if you want to run through a container.) Environment You can switch between prod & dev at config/environment.rb You need to create one yourself, an example can be found here . Healthcheck The url will return a status code of 200 which means the api is healthy. If 200 is not shown then you should assume there is something wrong. http://localhost:4000/status Manage image Access You can access the api via http://localhost:4000/ You should be able to view the index page from the url. Build image docker build . -t cve-api Run image docker run -p 4000:4000 -d cve-api Get id docker ps Stop image docker stop ID Remove image docker rmi cve-api Download…

Source

image
NekoBotV1 | Auto Exploiter With 500+ Exploit 2000+ Shell Features : [+] WordPress : 1- Cherry-Plugin 2- download-manager Plugin 3- wysija-newsletters 4- Slider Revolution [Revslider] 5- gravity-forms 6- userpro 7- wp-gdpr-compliance 8- wp-graphql 9- formcraft 10- Headway 11- Pagelines Plugin 12- WooCommerce-ProductAddons 13- CateGory-page-icons 14- addblockblocker 15- barclaycart 16- Wp 4.7 Core Exploit 17- eshop-magic 18- HD-WebPlayer 19- WP Job Manager 20- wp-miniaudioplayer 21- wp-support-plus 22- ungallery Plugin 23- WP User Frontend 24- Viral-options 25- Social Warfare 26- jekyll-exporter 27- [cloudflare](<https://www.kitploit.com/search/label/CloudFlare> "cloudflare" ) plugin 28- realia plugin 29- woocommerce-software 30- enfold-child Theme 31- contabileads plugin 32- prh-api plugin 33- dzs-videogallery plugin 34- mm-plugin 35- Wp-Install 36- Auto BruteForce [+] Joomla 1- Com_adsmanager 2- Com_alberghi 3- Com_CCkJseblod 4- Com_extplorer 5- Com_Fabric 6- Com_facileforms 7- Com_Hdflvplayer 8- Com_Jbcatalog 9- Com_JCE 10- Com_jdownloads 11- Com_Joomanager 12- Com_Macgallery 13- Com_media 14- Com_Myblog 15- Com_rokdownloads 16- Com_s5_media_player 17- Com_SexyContactform 18- Joomla core 3.x RCE 19- Joomla core 3.x RCE [2019] 20 – Joomla Core 3.x Admin Takeover 21 – Auto BruteForce 22 – Com_b2jcontact 23 – Com_bt_portfolio 24 – Com_civicrm 25 – Com_extplorer 26 – Com_facileforms 27 – Com_FoxContent 28 – Com_jwallpapers 29 – Com_oziogallery 30 – Com_redmystic…

Source

image
GoSpider – Fast web spider written in Go Installation go get -u github.com/jaeles-project/gospider Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from response source Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault Format output easy to Grep Support Burp input Crawl multiple sites in parallel Random mobile/web User-Agent Showcases Usage Fast web spider written in Go – v1.1.0 by @theblackturtle Usage: gospider [flags] Flags: -s, –site string Site to crawl -S, –sites string Site list to crawl -p, –proxy string Proxy (Ex: http://127.0.0.1:8080) -o, –output string Output folder -u, –user-agent string User Agent to use web: random web user-agent mobi: random mobile user-agent or you can set your special user-agent (default "web") –cookie string Cookie to use (testA=a; testB=b) -H, –header stringArray Header to use (Use multiple flag to set multiple header) –burp string Load headers and cookie from burp raw http request –blacklist string Blacklist URL Regex -t, –threads int Number of threads (Run sites in parallel) (default 1) -c, –concurrent…

Source

image
Uses CVE-2019-18988 to enumerate and decrypt TeamViewer credentials from Windows registry. Blogpost detailing the vulnerability: https://whynotsecurity.com/blog/teamviewer/ Usage .DecryptTeamViewer.exe Download…

Source

image
Dr.Semu runs executables in an isolated environment, monitors the behavior of a process, and based on Dr.Semu rules created by you or the community, detects if the process is malicious or not. whoami: @_qaz_qaz With Dr.Semu you can create rules to detect malware based on dynamic behavior of a process. Isolation through redirection Everything happens from the user-mode. Windows Projected File System (ProjFS) is used to provide a virtual file system. For Registry redirection, it clones all Registry hives to a new location and redirects all Registry accesses. See the source code for more about other redirections (process/objects isolation, etc). Monitoring Dr.Semu uses DynamoRIO (Dynamic Instrumentation Tool Platform) to intercept a thread when it's about to cross the user-kernel line. It has the same effect as hooking SSDT but from the user-mode and without hooking anything. At this phase, Dr.Semu produces a JSON file, which contains information from the interception. Detection After terminating the process, based on Dr.Semu rules we receive if the executable is detected as malware or not. Dr.Semu Rules/Detections Dr.Semu rules They are written in Python or LUA (located under dr_rules ) and use dynamic information from the interception and static information about the sample. It's trivial to add support of other languages. Example ( Python ): https://gist.github.com/secrary/ac89321b8a7bde998a6e3139be49eb72 Example (…

Source

image
Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom ‘s ettu . When you run subdomain enumeration with some of the tools, most of them passively query public records like virustotal , crtsh or censys . This enumeration technique is really fast and helps to find out a lot of domains in much less time. However, there are some domains that may not be mentioned in these public records. In order to find those domains, Syborg interacts with the nameservers and recursively brute-forces subdomain from the DNS until it's queue is empty. Image Credits: Carbon As mentioned on ettu ‘s page, I quote: Ordinarily if there are no records to return for a DNS name you might expect an NXDOMAIN error: ▶ host four.tomnomnom.uk Host four.tomnomnom.uk not found: 3(NXDOMAIN) You may have noticed that sometimes you get an empty response instead though: ▶ host three.tomnomnom.uk The difference in the latter case is often that another name – one that has your queried name as a suffix – exists and has records to return ▶ host one.two.three.tomnomnom.uk one.two.three.tomnomnom.uk has address 46.101.59.42 This difference in response can be used to help avoid dead-ends in recursive DNS brute-forcing by not recursing in the former situation: ▶ echo -e "wwwnonentwonthree" |…

Source

image
Manul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS (beta) written in pure Python. Quick Start pip3 install psutil git clone https://github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" > in/test python3 manul.py -i in -o out -n 4 "linux/test_afl @@" Installing Radamsa sudo apt-get install gcc make git wget git clone https://gitlab.com/akihe/radamsa.git && cd radamsa && make && sudo make install There is no need to install radamsa on Windows, Manul is distributed with radamsa native library on this platform. List of Public CVEs CVE IDs | Product | Finder —|—|— CVE-2019-9631 CVE-2019-7310 CVE-2019-9959 | Poppler | Maksim Shudrak CVE-2018-17019 CVE-2018-16807 CVE-2019-12175 | Bro/Zeek | Maksim Shudrak If you managed to find a new bug using Manul please contact me and I will add you in the list. Dependencies psutil Python 2.7+ (will be deprecated after 1 Jan. 2020) or Python 3.7+ (preferred) Coverage-guided fuzzing Currently, Manul supports two types of instrumentation: AFL-based (afl-gcc, afl-clang and afl-clang-fast ) and DBI. Coverage-guided fuzzing (AFL instrumentation mode) Instrument your target with afl-gcc or afl-clang-fast and Address Sanitizer (recommended for better results). For example: CC=afl-gcc CXX=afl-g++ CFLAGS=-fsanitize=address CXXFLAGS=-fsanitize=address cmake <path_to_your_target> make -j 8 USE_ASAN=1…

Source