image
Xerxes dos tool enhanced with many features for stress testing. Features Xerxes has many features, some of these features are: TLS Support HTTP header randomization Useragent randomization Multiprocessing support Multiple Attack vectors etc… Not only that but also we are aggressively developing it and adding a lot more features and functionalities. Compile sudo apt-get -y install build-essential cmake libssl-dev pkgconf git clone https://github.com/sepehrdaddev/Xerxes cd Xerxes mkdir build cd build cmake .. make cd bin ./Xerxes Usage $ ./Xerxes -H –==[ Xerxes enhanced by Sepehrdad Sh ]==– ./Xerxes {OPTIONS} Xerxes dos tool enhanced OPTIONS: -H, –help display this help menu -V, –version display version –vecs display available vectors -h[rhost], –rhost=[rhost] remote host address [default 127.0.0.1] -p[rport], –rport=[rport] remote host port [default 80] -b[bcast], –bcast=[bcast] broadcast address [default 127.0.0.1] -v[vector], –vec=[vector] attack vector [default 0] -d[delay], –dly=[delay] attack delay [default 1 ns] -t[threads], –trds=[threads] number of threads [default 10] -c[connections], –conn=[connections] number of connections [default 25] –tls enable tls –rand-lhost enable local host randomization –rand-lport enable local port randomization Questions ? If you have any questions feel free to visit Wiki page Download Xerxes

image
An opensource linux based tool that analyses and dumps memory. Its developed as an offensive pentration testing tool which can be used to scan memory for private keys, ips, and passwords using regexes. Remember your results are only as good as your regexes. Screenshots Scan with verbose and with a simple IP regex, scanning every data segment. Scan with verbose and with a simple IP regex, scanning only heap and stack. Scan without verbose, and with a simple IP regex. Why dump directly from memory? In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text. Features Ability to enter regex lists Clear and Readable Display Ability to Mass Scan Every Proccess or a Specfic PID Able to choose memory sections to scan Memory dumps automatically removes unicode characters which allows for processing with other tools or manually Getting started Compiling: g++ -std=c++11 -O2 src/main.cpp -o mxtract Commands -v Enable Verbose Output -s Suppress Banner -h Help -c suppress colored output -r= Regex DB -a Scan all memory ranges not just heap/stack -w Write raw memory to file Default directory is pid/ -o Write regex output to file -d= Custom Ouput Directory -p= Specify single pid to scan Either -r= or -w needed Download mXtract

image
Description This program uses Python to clone/maintain multiple security related repos using threading and multiprocessing Goal The goal of this program is to quickly pull and install repos from its list Use cases Quickly install your favorite Security repos on a new system Kick off multiple concurrent git clone tasks utilizing Python Add remove repos to the worker_data list as needed in order to address indivudual use case/project needs Requirements This program was tested with Python version 3.7.2 64-bit Ensure the Python3 virtual environment package is installed (Ubuntu) sudo apt-get install python3-venv Ensure git is installed (Ubuntu) sudo apt-get install git Usage Option 1 Automatic (Docker) Clone code repo git clone https://github.com/tbalz2319/RapidRepoPull.git Change directory into RapidRepoPull cd RapidRepoPull The script will run in a minimal Alpine Docker container (126 MB) and extract the dirs in the current working dir docker-compose up –build Usage Option 2 Local Install Clone code repo git clone https://github.com/tbalz2319/RapidRepoPull.git Change directory into RapidRepoPull cd RapidRepoPull Execute the script below ./install.sh Usage Option 3 Manual Clone code repo git clone https://github.com/tbalz2319/RapidRepoPull.git Change directory into RapidRepoPull cd RapidRepoPull Create a virtual Python3 environment to run this code python3 -m venv venv Activate the virual enivornment source venv/bin/activate Install requirements pip install -r requirements.txt Run program python3 rapid.py Update Program Run the following script ./update.sh Mass Update all existing repos Run the command to maintain all existing repos by attempting to pull latest version ./update_repos.sh Download RapidRepoPull

image
GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang , GoScan can now be used to perform host discovery, port scanning, and service enumeration not only in situations where being stealthy is not a priority and time is limited (think at CTFs, OSCP, exams, etc.), but also (with a few tweaks in its configuration) during professional engagements. GoScan is also particularly suited for unstable environments (think unreliable network connectivity, lack of ” screen “, etc.), given that it fires scans and maintain their state in an SQLite database. Scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously (more on this below). That is, data can be imported into GoScan at different stages of the process, without the need to restart the entire process from scratch if something goes wrong. In addition, the Service Enumeration phase integrates a collection of other tools (e.g., EyeWitness , Hydra , nikto , etc.), each one tailored to target a specific service. Installation Binary installation (Recommended) Binaries are available from the Release page. # Linux (64bit) $ wget https://github.com/marco-lancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip $ unzip goscan_2.3_linux_amd64.zip # Linux (32bit) $ wget https://github.com/marco-lancini/goscan/releases/download/v2.3/goscan_2.3_linux_386.zip $ unzip goscan_2.3_linux_386.zip # After that, place the executable in your PATH $ chmod +x goscan $ sudo mv ./goscan /usr/local/bin/goscan Build from source $ git clone https://github.com/marco-lancini/goscan.git $ cd goscan/goscan/ $ make setup $ make build To create a multi-platform binary, use the cross command via make: $ make cross Docker $ git clone https://github.com/marco-lancini/goscan.git $ cd goscan/ $ docker-compose up –build Usage GoScan supports all the main steps of network enumeration: Step | Commands —|— 1. Load targets | Add a single target via the CLI (must be a valid CIDR): load target SINGLE Upload multiple targets from a text file or folder: load target MULTI 2. Host Discovery | Perform a Ping Sweep: sweep Or load results from a previous discovery: Add a single alive host via the CLI (must be a /32): load alive SINGLE Upload multiple alive hosts from a text file or folder: load alive MULTI 3. Port Scanning | Perform a port scan: portscan Or upload nmap results from XML files or folder: load portscan 4. Service Enumeration | Dry Run (only show commands, without performing them): enumerate DRY Perform enumeration of detected services: enumerate 5. Special Scans | _ EyeWitness _ Take screenshots of websites, RDP services, and open VNC servers (KALI ONLY): special eyewitness EyeWitness.py needs to be in the system path _ Extract (Windows) domain information from enumeration data _ special domain _ DNS _ Enumerate DNS (nmap, dnsrecon, dnsenum): special dns DISCOVERY Bruteforce DNS: special dns BRUTEFORCE Reverse Bruteforce DNS: special dns BRUTEFORCE_REVERSE Utils | Show results: show Automatically configure settings by loading a config file: set config_file Change the output folder (by default ~/goscan ): set output_folder Modify the default nmap switches: set nmap_switches Modify the default wordlists: set_wordlists External Integrations The _ Service Enumeration _ phase currently supports the following integrations: WHAT | INTEGRATION —|— ARP | nmap DNS | nmap dnsrecon dnsenum host FINGER | nmap finger-user-enum FTP | nmap ftp-user-enum hydra [AGGRESSIVE] HTTP | nmap nikto dirb EyeWitness sqlmap [AGGRESSIVE] fimap [AGGRESSIVE] RDP | nmap EyeWitness SMB | nmap enum4linux nbtscan samrdump SMTP | nmap smtp-user-enum SNMP | nmap snmpcheck onesixtyone snmpwalk SSH | hydra [AGGRESSIVE] SQL | nmap VNC | EyeWitness Download Goscan

image
_ Remot3d _ – A tool made to generate backdoor to control and exploit a server where the server runs the PHP (Hypertext Preprocessor) program. Equipped with a backdoor that has been Obfuscated which means that 100% FUD (FULLY UNDETECTABLE) in other words can penetrate the firewall of a server because of its ignorance if it’s a Malware, Written in Shell Script Language or commonly known as BASH by a 16 year old teenager. Screenshots List of Remot3d Functions Create backdoor for windows or linux servers (can run php file) Bypass disable function’s with imap_open vulnerability Bypass read file /etc/passwd with cURL or Unique Logic Script’s Generating Backdoor and can be remoted on Tools Some other fun stuff πŸ™‚ Getting Started git clone https://github.com/KeepWannabe/Remot3d cd Remot3d sudo setup.sh && Remot3d Linux operating systems we recommend : Linux mint (Ubuntu Based with Mate DE) Parrot BackTrack Backbox DracOS IbisLinux Update Remot3d To update remot3d go to your Remot3d folder and execute : git pull && sudo setup.sh && Remot3d Helped by : – my god Allah SWT. – Bayu Fedra ( https://github.com/bayufedra ) – Ardhana Reky ( https://github.com/ardzz ) – Novran Fathir ( https://github.com/panophan ) – Ardhana Resky ( https://github.com/Ardzz ) – Hasanal Bulkiah ( https://github.com/florienzh4x ) – Agus Setya R ( https://github.com/agussetyar ) – Edo Maland ( https://github.com/ScreetSec ) – IndoXploit – ZeroByte.ID – Eldersc0de Family and Much more ! Download Remot3d

image
Unofficial API & Client for DNS Dumpster and HackerTarget.com IP tools. https://dnsdumpster.com/ https://hackertarget.com/ip-tools/ Installation git clone https://github.com/zeropwn/dnsdmpstr cd dnsdmpstr pip3 install -r requirements.txt chmod +x ddump.py Usage As a command-line utility target=”hackerone.com” python3 ddump.py -u $target –all Extended usage usage: ddump.py [-h] [-u U] [-a] [-r] [-d] [-dd] [–links] [–headers] [–all] optional arguments: -h, –help show this help message and exit -u U target domain -a host search (DNS A Record lookup) -r reverse dns lookup (accepts IP, IP range or domain name) -d dns lookup -dd classical dns dump format –links grab page links from url –headers grab http headers from url –all grab all information available As a library import dnsdmpstr target = “hackerone.com” dnsdump = dnsdmpstr() print(json.dumps(dnsdump.dump(target), indent=1)) print(dnsdump.hostsearch(target)) print(dnsdump.reversedns(target)) print(dnsdump.dnslookup(target)) print(dnsdump.pagelinks(target)) print(dnsdump.httpheaders(target)) Download Dnsdmpstr

image
This NMAP NSE script is part of the Free OCSAF project – https://freecybersecurity.org . In conjunction with the version scan “-sV” in NMAP, the corresponding vulnerabilities are automatically assigned using CVE (Common Vulnerabilities and Exposures) and the severity of the vulnerability is assigned using CVSS (Common Vulnerability Scoring System). For more clarity, the CVSS are still assigned to the corresponding v3.0 CVSS ratings: Critical (CVSS 9.0 – 10.0) High (CVSS 7.0 – 8.9) Medium (CVSS 4.0 – 6.9) Low (CVSS 0.1 – 3.9) None (CVSS 0.0) The CVEs are queried by default using the CPEs determined by NMAP via the ingenious and public API of the cve-search.org project, which is provided by circl.lu. For more information visit https://www.cve-search.org/api/ . Confidentiality information: The queries are made using the determined CPE via the circl.lu API. For further information on the confidentiality of the circl.lu API, please visit https://www.circl.lu/services/cve-search/ directly. The best way is to install cve-search ( https://github.com/cve-search/cve-search ) locally and use your own API with nmap -sV –script freevulnsearch –script-args apipath= Installation: You can either specify the script path directly in the NMAP command, for example nmap -sV –script ~/freevulnsearch or copy the script into the appropriate directory of your NMAP installation. In KALI LINUXΓ’β€žΒ’ for example: /usr/share/nmap/scripts/ sudo nmap –script-ubdatedb Important note: First read the confidentiality information. It is recommended to run freevulnsearch.nse separately without additional NSE scripts. If you do not want to make an assignment to the category safe, vuln and external, then do not execute the nmap –script-updatedb command mentioned above. Usage: The usage is simple, just use NMAP -sV and this script. nmap -sV –script freevulnsearch According to my tests, for stability reasons, only http without TLS should be used when querying the API for many simultaneous requests. For this reason, you can optionally disable TLS using an input argument. Important, after that the API query to circl.lu is unencrypted. nmap -sV –script freevulnsearch –script-args notls=yes If you scan with the categories safe or vuln then exclude the script or the category external or do not add the script to the NMAP default directory. It is recommended to run freevulnsearch.nse separately without additional NSE scripts. CPE exception handling for format: If a NMAP CPE is not clear, several functions in the freevulnsearch.nse script check whether the formatting of the CPE is inaccurate. For example: (MySQL) 5.0.51a-3ubuntu5 -to- 5.0.51a (Exim smtpd) 4.90_1 -to- 4.90 (OpenSSH) 6.6.1p1 -to- 6.6:p1 (OpenSSH) 7.5p1 -to- 7.5:p1 … Download Freevulnsearch

image
Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information. It isn’t meant to replace any specific tool. It is meant to take the output from various tools, and use it to feed other tools. Additionally, it is meant to be easily extendable. Don’t see a module for your favorite tool? Write one up! Want to export data in just the right format for your reporting? Create a new report! Installation Prerequisites First, set up some kind of virtual environment. I like virtualenvwrapper: http://virtualenvwrapper.readthedocs.io/en/latest/install.html Actually installing Clone the repo: git clone https://github.com/depthsecurity/armory Install the module: python setup.py install You will want to run armory at least once in order to create the default config directory: ~/.armory with the default settings.ini and settings for each of the modules. Next edit _ settings.ini _ and modify the base_path option. This should point to the root path you are using _ for your current project _ . You should change this with every project, so you will always be using a clean database. All files generated by modules will be created in here, as well as the sqlite3 database. By default it will be within the current directory- . Usage Usage is split into modules and reports . Modules Modules run tools, ingest output, and write it to the database. To see a list of available modules, type: armory -lm To see a list of module options, type: armory -m -M Reports Reports are similar to modules, except they are meant to pull data from the database, and display it in a usable format. To view all of the available reports: armory -lr To view available report options: armory -r -R Interactive Shell There is also an interactive shell which uses IPython as the base and will allow you to run commands or change database values. It can be launched with: armory-shell . By default, the following will be available: Domain, BaseDomains, IPAddresses, CIDRs, Users, Creds, Vulns, Ports, Urls, ScopeCIDRs . Download Armory

image
DOGE Darknet Osint Graph Explorer Still in dev, works right. You should use this in addtion to Darknet OSINT Transform Pay attention here Query prototype: SELECT DISTINCT custom_column_name AS input, another_custom_name AS output FROM some_table, obviously you can add other options as WHERE, ORDER BY, etc. How-To Database file : the filename of the database (sqlite3), ex: db.sqlite3 Graph file : useless (now as now) Icon From : the type of the “from” entity (email -> domain, email is “from”, domain is “to”), so the same as Icon To Center to node : put node id here, then click on Center Graph to center the graph to that specific node id Query : write here the query that you’ll use to retrieve data from the database, follow the prototype above Load Data : add data but don’t draw, you could use this to import stuff from various databases and when everyting is imported, draw Draw Graph : draws nodes with edges Import Graph : useless (now as now) Export Graph : useless (now as now) Prerender : does not display the graph until the “pre-rendering” process is done, this should be used when you have to graph 100s of nodes, feel free to change parameters: 1st argument, precomputeGraph() , in pages/graph_1.html ; in the same file, lines 246 and 247. Custom icons Every icon comes from Font Awesome, I just changed colors. Screenshots Stay tuned. Download DOGE

image
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection https://www.hahwul.com/p/mad-metasploit.html Awesome open awesome.md Add mad-metasploit to metasploit framework config your metasploit-framework directory $ vim config/config.rb $metasploit_path = ‘/opt/metasploit-framework/embedded/framework/’ /usr/share/metasploit-framework 2-A. Interactive Mode $ ./mad-metasploit 2-B. Commandline Mode(preset all) $ ./mad-metasploit [-a/-y/–all/–yes] Use custom modules search auxiliary/exploits, other.. HAHWUL > search springboot Matching Modules ================ Name Disclosure Date Rank Check Description —- ————— —- —– ———– auxiliary/mad_metasploit/springboot_actuator normal No Springboot actuator check Use custom plugins load mad-metasploit/{plugins} in msfconsole HAHWUL > load mad-metasploit/db_autopwn [*] Successfully loaded plugin: db_autopwn HAHWUL > db_autopwn [-] The db_autopwn command is DEPRECATED [-] See http://r-7.co/xY65Zr instead [*] Usage: db_autopwn [options] -h Display this help text -t Show all matching exploit modules -x Select modules based on [vulnerability]() references -p Select modules based on open ports -e Launch [exploits]() against all matched targets -r Use a reverse connect shell -b Use a bind shell on a random port (default) -q Disable exploit module output -R [rank] Only run modules with a minimal rank -I [range] Only exploit hosts inside this range -X [range] Always exclude hosts inside this range -PI [range] Only exploit hosts with these ports open -PX [range] Always exclude hosts with these ports open -m [regex] Only run modules whose name matches the regex -T [secs] Maximum runtime for any exploit in seconds etc… List of mad-metasploit/db_autopwn mad-metasploit/arachni mad-metasploit/meta_ssh mad-metasploit/db_exploit Use Resource-scripts #> msfconsole MSF> load alias MSF> alias ahosts ‘resource /mad-metasploit/resource-script/ahosts.rc’ MSF> ahosts [Custom command!] List of rs ahosts.rc cache_bomb.rb feed.rc getdomains.rb getsessions.rb ie_hashgrab.rb listdrives.rb loggedon.rb runon_netview.rb search_hash_creds.rc virusscan_bypass8_8.rb Archive(Informal metasploit modules) archive/ └── exploits β”œβ”€β”€ aix β”‚Β Β  β”œβ”€β”€ dos β”‚Β Β  β”‚Β Β  β”œβ”€β”€ 16657.rb β”‚Β Β  β”‚Β Β  └── 16929.rb β”‚Β Β  β”œβ”€β”€ local β”‚Β Β  β”‚Β Β  └── 16659.rb β”‚Β Β  └── remote β”‚Β Β  └── 16930.rb β”œβ”€β”€ android β”‚Β Β  β”œβ”€β”€ local β”‚Β Β  β”‚Β Β  β”œβ”€β”€ 40504.rb β”‚Β Β  β”‚Β Β  β”œβ”€β”€ 40975.rb β”‚Β Β  β”‚Β Β  └── 41675.rb β”‚Β Β  └── remote β”‚Β Β  β”œβ”€β”€ 35282.rb β”‚Β Β  β”œβ”€β”€ 39328.rb β”‚Β Β  β”œβ”€β”€ 40436.rb β”‚Β Β  └── 43376.rb ….. Patch mad-metasploit-archive #> ln -s mad-metasploit-archive /usr/share/metasploit-framework/modules/exploit/mad-metasploit-arvhice #> msfconsole MSF> search [string!] .. exploit/multi/~~~ exploit/mad-metasploit-arvhice/[custom-script!!] .. How to update? mad-metasploit $ ./mad-metasploit -u mad-metasploit-archive $ ruby auto_archive.rb or $ ./mad-metasploit [+] Sync Mad-Metasploit Modules/Plugins/Resource-Script to Metasploit-framework [+] Metasploit-framewrk directory: /opt/metasploit-framework/embedded/framework/ (set ./conf/config.rb) [*] Update archive(Those that are not added as msf)? [y/N] y [-] Download index data.. How to remove mad-metasploit? $ ./mad-metasploit -r or $ ./mad-metasploit –remove Development Hello world..! $ git clone https://githhub.com/hahwul/mad-metasploit Add to Custom code ./mad-metasploit-modules + exploit + auxiliray + etc.. ./mad-metasploit-plugins ./mad-metasploit-resource-script New Idea issue > idea tag Contributing Bug reports and pull requests are welcome on GitHub. (This project is intended to be a safe) Download Mad-Metasploit