Htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused on the crawling process and it's aimed to detect and intercept ajax/fetch calls, websockets, jsonp ecc. It uses its own fuzzers plus a set of external tools to discover vulnerabilities and it's designed to be a tool for both manual and automated penetration test of modern web applications.
It also features a small but powerful framework to quickly develop custom fuzzers with less than 60 lines of python. The fuzzers can work with GET/POST data, XML and JSON payloads and switch between POST and GET. Of course, fuzzers run in parallel in a multi-threaded environment.
This is the very first release that uses headless chrome instead of phantomjs. Htcap’s Javascript crawling engine has been rewritten to take advantage of the new async/await features of ecmascript and has been converted to a nodjes module build on top of Puppetteer.
More infos at htcap.org.


SETUP

Requirements

  1. Python 2.7
  2. Nodejs and npm
  3. Sqlmap (for sqlmap scanner module)
  4. Arachni (for arachni scanner module)

Download and Run

$ git clone https://github.com/fcavallarin/htcap.git htcap
$ htcap/htcap.py

VIDEO

[youtube https://www.youtube.com/watch?v=7YZSAT0_sSw]

DOCUMENTATION
Documentation, examples and demos can be found at the official website https://htcap.org.

It's easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program.
Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwd

Screenshots

List of Remot3d Functions

  • Create backdoor for windows or linux servers (can run php file)
  • Bypass disable function's with imap_open vulnerability
  • Bypass read file /etc/passwd with cURL or Unique Logic Script's
  • Generating Backdoor and can be remoted on Tools
  • Some other fun stuff 🙂

Getting Started

  1. git clone https://github.com/KeepWannabe/Remot3d
  2. cd Remot3d
  3. chmod +x Remot3d.sh && ./Remot3d.sh

Linux operating systems we recommend :

  • Linux mint (Ubuntu Based with Mate DE)
  • Parrot
  • BackTrack
  • Backbox
  • DracOS
  • IbisLinux

Update Remot3d

  • To update remot3d go to your Remot3d folder and execute : git pull && chmod +x Remot3d.sh && ./Remot3d.sh

image
It's easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program. Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwd Screenshots List of Remot3d Functions Create backdoor for windows or linux servers (can run php file) Bypass disable function's with imap_open vulnerability Bypass read file /etc/passwd with cURL or Unique Logic Script's Generating Backdoor and can be remoted on Tools Some other fun stuff 🙂 Getting Started git clone https://github.com/KeepWannabe/Remot3d cd Remot3d chmod +x Remot3d.sh && ./Remot3d.sh Linux operating systems we recommend : Linux mint (Ubuntu Based with Mate DE) Parrot BackTrack Backbox DracOS IbisLinux Update Remot3d To update remot3d go to your Remot3d folder and execute : git pull && chmod +x Remot3d.sh && ./Remot3d.sh Download Remot3d

Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+.
For more information, visit Tyton's website.

Detected Attacks

  • Hidden Modules
  • Syscall Table Hooking
  • Network Protocol Hooking
  • Netfilter Hooking
  • Zeroed Process Inodes
  • Process Fops Hooking
  • Interrupt Descriptor Table Hooking


Additional Features
Notifications: Users (including myself) do not actively monitor their journald logs, so a userland notification daemon has been included to monitor journald logs and display them to the user using libnotify. Notifications are enabled after install by XDG autorun, so if your DM does not have /etc/xdg/autostart it will fail.
DKMS: Dynamic Kernel Module Support has been added for Arch and Fedora/CentOS (looking to expand in the near future). DKMS allows the (near) seamless upgrading of Kernel modules during kernel upgrades. This is mainly important for distributions that provide rolling releases or upgrade their kernel frequently.

Installing

Dependencies

  • Linux Kernel 4.4.0-31 or greater
  • Corresponding Linux Kernel Headers
  • GCC
  • Make
  • Libnotify
  • Libsystemd
  • Package Config
  • GTK3

From Source

Ubuntu/Debian/Kali

  1. sudo apt install linux-headers-$(uname -r) gcc make libnotify-dev pkg-config libgtk-3-dev libsystemd-dev
  2. git clone https://github.com/nbulischeck/tyton.git
  3. cd tyton
  4. make
  5. sudo insmod tyton.ko

Note: For Ubuntu 14.04, libsystemd-dev is named libsystemd-journal-dev.

Arch

  1. sudo pacman -S linux-headers gcc make libnotify libsystemd pkgconfig gtk3
  2. git clone https://github.com/nbulischeck/tyton.git
  3. cd tyton
  4. make
  5. sudo insmod tyton.ko

Note: It's recommended to install Tyton through the AUR so you can benefit from DKMS.

Fedora/CentOS

  1. dnf install kernel-devel gcc make libnotify libnotify-devel systemd-devel gtk3-devel gtk3
  2. git clone https://github.com/nbulischeck/tyton.git
  3. cd tyton
  4. make
  5. sudo insmod tyton.ko

Kernel Module Arguments
The kernel module can be passed a specific timeout argument on insertion through the command line.
To do this, run the command sudo insmod tyton.ko timeout=X where X is the number of minutes you would like the kernel module to wait before executing its scan again.

AUR
Tyton is available on the AUR here.
You can install it using the AUR helper of your choice:

  • yaourt -S tyton-dkms-git
  • yay -S tyton-dkms-git
  • pakku -S tyton-dkms-git

image
Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+. For more information, visit Tyton's website . Detected Attacks Hidden Modules Syscall Table Hooking Network Protocol Hooking Netfilter Hooking Zeroed Process Inodes Process Fops Hooking Interrupt Descriptor Table Hooking Additional Features Notifications : Users (including myself) do not actively monitor their journald logs, so a userland notification daemon has been included to monitor journald logs and display them to the user using libnotify. Notifications are enabled after install by XDG autorun, so if your DM does not have /etc/xdg/autostart it will fail. DKMS : Dynamic Kernel Module Support has been added for Arch and Fedora/CentOS (looking to expand in the near future). DKMS allows the (near) seamless upgrading of Kernel modules during kernel upgrades. This is mainly important for distributions that provide rolling releases or upgrade their kernel frequently. Installing Dependencies Linux Kernel 4.4.0-31 or greater Corresponding Linux Kernel Headers GCC Make Libnotify Libsystemd Package Config GTK3 From Source Ubuntu/Debian/Kali sudo apt install linux-headers-$(uname -r) gcc make libnotify-dev pkg-config libgtk-3-dev libsystemd-dev git clone https://github.com/nbulischeck/tyton.git cd tyton make sudo insmod tyton.ko Note : For Ubuntu 14.04, libsystemd-dev is named libsystemd-journal-dev. Arch sudo pacman -S linux-headers gcc make libnotify libsystemd pkgconfig gtk3 git clone https://github.com/nbulischeck/tyton.git cd tyton make sudo insmod tyton.ko Note : It's recommended to install Tyton through the AUR so you can benefit from DKMS. Fedora/CentOS dnf install kernel-devel gcc make libnotify libnotify-devel systemd-devel gtk3-devel gtk3 git clone https://github.com/nbulischeck/tyton.git cd tyton make sudo insmod tyton.ko Kernel Module Arguments The kernel module can be passed a specific timeout argument on insertion through the command line. To do this, run the command sudo insmod tyton.ko timeout=X where X is the number of minutes you would like the kernel module to wait before executing its scan again. AUR Tyton is available on the AUR here . You can install it using the AUR helper of your choice: yaourt -S tyton-dkms-git yay -S tyton-dkms-git pakku -S tyton-dkms-git Download Tyton

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR!
The following pictures show dnSpy in action. It shows dnSpy editing and debugging a .NET EXE file, not source code.

Features

  • Debug .NET Framework, .NET Core and Unity game assemblies, no source code required
  • Edit assemblies in C# or Visual Basic or IL, and edit all metadata
  • Light and dark themes
  • Extensible, write your own extension
  • High DPI support (per-monitor DPI aware)
  • And much more, see below

dnSpy uses the ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler and many other open source libraries, see below for more info.

Debugger

  • Debug .NET Framework, .NET Core and Unity game assemblies, no source code required
  • Set breakpoints and step into any assembly
  • Locals, watch, autos windows
  • Variables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window)
  • Object IDs
  • Multiple processes can be debugged at the same time
  • Break on module load
  • Tracepoints and conditional breakpoints
  • Export/import breakpoints and tracepoints
  • Call stack, threads, modules, processes windows
  • Break on thrown exceptions (1st chance)
  • Variables windows support evaluating C# / Visual Basic expressions
  • Dynamic modules can be debugged (but not dynamic methods due to CLR limitations)
  • Output window logs various debugging events, and it shows timestamps by default 🙂
  • Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files.
  • Public API, you can write an extension or use the C# Interactive window to control the debugger

Assembly Editor

  • All metadata can be edited
  • Edit methods and classes in C# or Visual Basic with IntelliSense, no source code required
  • Add new methods, classes or members in C# or Visual Basic
  • IL editor for low level IL method body editing
  • Low level metadata tables can be edited. This uses the hex editor internally.

Hex Editor

  • Click on an address in the decompiled code to go to its IL code in the hex editor
  • Reverse of above, press F12 in an IL body in the hex editor to go to the decompiled code or other high level representation of the bits. It's great to find out which statement a patch modified.
  • Highlights .NET metadata structures and PE structures
  • Tooltips shows more info about the selected .NET metadata / PE field
  • Go to position, file, RVA
  • Go to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap index
  • Follow references (Ctrl+F12)

Other

  • BAML decompiler
  • Blue, light and dark themes (and a dark high contrast theme)
  • Bookmarks
  • C# Interactive window can be used to script dnSpy
  • Search assemblies for classes, methods, strings etc
  • Analyze class and method usage, find callers etc
  • Multiple tabs and tab groups
  • References are highlighted, use Tab / Shift+Tab to move to next reference
  • Go to entry point and module initializer commands
  • Go to metadata token or metadata row commands
  • Code tooltips (C# and Visual Basic)
  • Export to project

List of other open source libraries used by dnSpy

  • ILSpy decompiler engine (C# and Visual Basic decompilers)
  • Roslyn (C# and Visual Basic compilers)
  • dnlib (.NET metadata reader/writer which can also read obfuscated assemblies)
  • VS MEF (Faster MEF equals faster startup)
  • ClrMD (Access to lower level debugging info not provided by the CorDebug API)

Credits

image
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing and debugging a .NET EXE file, not source code. Features Debug .NET Framework, .NET Core and Unity game assemblies, no source code required Edit assemblies in C# or Visual Basic or IL, and edit all metadata Light and dark themes Extensible, write your own extension High DPI support (per-monitor DPI aware) And much more, see below dnSpy uses the ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler and many other open source libraries, see below for more info. Debugger Debug .NET Framework, .NET Core and Unity game assemblies, no source code required Set breakpoints and step into any assembly Locals, watch, autos windows Variables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window) Object IDs Multiple processes can be debugged at the same time Break on module load Tracepoints and conditional breakpoints Export/import breakpoints and tracepoints Call stack, threads, modules, processes windows Break on thrown exceptions (1st chance) Variables windows support evaluating C# / Visual Basic expressions Dynamic modules can be debugged (but not dynamic methods due to CLR limitations) Output window logs various debugging events, and it shows timestamps by default 🙂 Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files. Public API, you can write an extension or use the C# Interactive window to control the debugger Assembly Editor All metadata can be edited Edit methods and classes in C# or Visual Basic with IntelliSense, no source code required Add new methods, classes or members in C# or Visual Basic IL editor for low level IL method body editing Low level metadata tables can be edited. This uses the hex editor internally. Hex Editor Click on an address in the decompiled code to go to its IL code in the hex editor Reverse of above, press F12 in an IL body in the hex editor to go to the decompiled code or other high level representation of the bits. It's great to find out which statement a patch modified. Highlights .NET metadata structures and PE structures Tooltips shows more info about the selected .NET metadata / PE field Go to position, file, RVA Go to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap index Follow references (Ctrl+F12) Other BAML decompiler Blue, light and dark themes (and a dark high contrast theme) Bookmarks C# Interactive window can be used to script dnSpy Search assemblies for classes, methods, strings etc Analyze class and method usage, find callers etc Multiple tabs and tab groups References are highlighted, use Tab / Shift+Tab to move to next reference Go to entry point and module initializer commands Go to metadata token or metadata row commands Code tooltips (C# and Visual Basic) Export to project List of other open source libraries used by dnSpy ILSpy decompiler engine (C# and Visual Basic decompilers) Roslyn (C# and Visual Basic compilers) dnlib (.NET metadata reader/writer which can also read obfuscated assemblies) VS MEF (Faster MEF equals faster startup) ClrMD (Access to lower level debugging info not provided by the CorDebug API) Credits Download dnSpy

Recaf is an open-source Java bytecode editor built on top of Objectweb's ASM. ASM is a bytecode manipulation library that abstracts away the constant pool and a few other class-file attributes. Since keeping track of the constant pool and managing proper stackframes are no longer necessary, complex changes can be made with relative ease. With additional features to assist in the process of editing classes, Recaf is the most feature rich free bytecode editor available.

Useful Information

While ASM makes bytecode manipulation very simple it does not mean you should dive head-first into editing compiled java programs without understanding some basic programming concepts and the Java class file architecture. Here are some references for these topics:

For screenshots check the screenshots directory. They appear throughout the documentation as well.

Libraries used:

image
Recaf is an open-source Java bytecode editor built on top of Objectweb's ASM . ASM is a bytecode manipulation library that abstracts away the constant pool and a few other class-file attributes. Since keeping track of the constant pool and managing proper stackframes are no longer necessary, complex changes can be made with relative ease. With additional features to assist in the process of editing classes, Recaf is the most feature rich free bytecode editor available. Useful Information While ASM makes bytecode manipulation very simple it does not mean you should dive head-first into editing compiled java programs without understanding some basic programming concepts and the Java class file architecture. Here are some references for these topics: Specification: Chapter 4. The class File Format JVM Architecture 101: Get to Know Your Virtual Machine Java opcodes: Simplified ASM set Standard set For screenshots check the screenshots directory . They appear throughout the documentation as well. Libraries used: ASM – _ Class editing abilities _ CFR – _ Decompilation _ Simple-Memory-Compiler – _ Recompilation of decompiled code _ JIMFS – _ Virtual file system _ ControlsFX – _ Custom controls (Used in pretty much everything) _ RichTextFX – _ Decompiler code highlighting _ JRegex – _ Pattern matching for decompiler code highlighting _ minimal-json – _ Json reading/writing for config storage _ Commonmark – _ Markdown parsing _ picocli – _ Command line argument parsing _ Download Recaf

Here’s the main new features and improvements in Faraday v3.5:

New vulnerability form
We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier.  The new form brings you tabs to make it smaller and group different fields.
Custom fields
Add your own custom fields to your vulnerabilities. We currently support str, int and list types. You can also use these fields in your Executive Reports.

2nd-factor authentication
We added the optional feature for 2nd-factor authentication. You can use any mobile application to use our 2nd-factor authentication.