Tag Archives: Hacking Tools

Slurp – Amazon AWS S3 Bucket Enumerator

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/07/slurp-amazon-aws-s3-bucket-enumerator/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Slurp – Amazon AWS S3 Bucket Enumerator

Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.

There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.

Blackbox (external)

In this mode, you are using the permutations list to conduct scans.

Read the rest of Slurp – Amazon AWS S3 Bucket Enumerator now! Only available at Darknet.

BloodHound – Hacking Active Directory Trust Relationships

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/06/bloodhound-hacking-active-directory-trust-relationships/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

BloodHound – Hacking Active Directory Trust Relationships

BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.

Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

Read the rest of BloodHound – Hacking Active Directory Trust Relationships now! Only available at Darknet.

SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/04/seclists-usernames-passwords-urls-sensitive-data-patterns-fuzzing-payloads-web-shells/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.

List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

Contents of SecLists

Each section has tonnes of content including the below:

  • Discovery lists (DNS, SNMP, Web content)
  • Fuzzing Payloads (Databases, LFI, SQLi, XSS)
  • Password lists (Common credentials, cracked hashes, honeypot captures, leaked lists)
  • Data Pattern lists
  • Payload files (Zip bombs, flash, images)
  • Username lists (Honeypot captures)
  • Web shells

Install SecLists

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip

Git (Small)

git clone –depth 1 https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone [email protected]:danielmiessler/SecLists.git

You can access all the lists here:

https://github.com/danielmiessler/SecLists

Read the rest of SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells now! Only available at Darknet.

GoBuster – Directory/File & DNS Busting Tool in Go

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/02/gobuster-directory-file-dns-busting-tool-in-go/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

GoBuster – Directory/File & DNS Busting Tool in Go

GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.

The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..

  • … something that didn’t have a fat Java GUI (console FTW).
  • … to build something that just worked on the command line.
  • … something that did not do recursive brute force.

Read the rest of GoBuster – Directory/File & DNS Busting Tool in Go now! Only available at Darknet.

BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/02/bdfproxy-patch-binaries-via-mitm-backdoorfactory-mitmproxy/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy

BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads (software updates for example) from vendors that don’t validate data integrity.

The Backdoor Factory allows you to patch binaries with shell-code so combining that with mitmproxy, which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types – gives you BDFProxy.

Read the rest of BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy now! Only available at Darknet.

Domained – Multi Tool Subdomain Enumeration

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/01/domained-multi-tool-subdomain-enumeration/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Domained – Multi Tool Subdomain Enumeration

Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.

This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.

Domains Subdomain Enumeration Tools Leveraged

Subdomain Enumeraton Tools:

  • Sublist3r
  • enumall
  • Knock
  • Subbrute
  • massdns
  • Recon-ng
  • Amass
  • SubFinder

Reporting + Wordlists:

  • EyeWitness
  • SecList (DNS Recon List)
  • LevelUp All.txt Subdomain List

Domained Subdomain Enumeration Tool Usage

–install/–upgrade Both do the same function – install all prerequisite tools
–vpn Check if you are on VPN (update with your provider)
–quick Use ONLY Amass and SubFinder
–bruteall Bruteforce with JHaddix All.txt List instead of SecList
–fresh Delete old data from output folder
–notify Send Pushover or Gmail Notifications
–active EyeWitness Active Scan
–noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS

Subdomain Enumeration Examples

First Steps are to install required Python modules and tools:

sudo pip install -r ./ext/requirements.txt
sudo python domained.py –install

Example 1 – Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)

python domained.py -d example.com

Example 2: – Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN

python domained.py -d example.com -b -p –vpn

Example 3: – Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)

python domained.py -d example.com -b –bruteall

Example 4: – Uses subdomain example.com and only Amass and SubFinder

python domained.py -d example.com –quick

Example 5: – Uses subdomain example.com, only Amass and SubFinder and notification

python domained.py -d example.com –quick –notify

Example 6: – Uses subdomain example.com with no EyeWitness

python domained.py -d example.com –noeyewitness

Note: –bruteall must be used with the -b flag

You can download Domained here:

domained-master.zip

Or read more here.

Read the rest of Domained – Multi Tool Subdomain Enumeration now! Only available at Darknet.

CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/ctfr-abuse-certificate-transparency-logs-for-https-subdomains/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains

CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.

You missed AXFR technique didn’t you? (Open DNS zone transfers), so how does it work? CTFR does not use dictionary attack or brute-force attacks, it just helps you to abuse Certificate Transparency Logs.

What is Certificate Transparency?

Google’s Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections.

Read the rest of CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains now! Only available at Darknet.

sshLooter – Script To Steal SSH Passwords

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/sshlooter-script-to-steal-ssh-passwords/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

sshLooter – Script To Steal SSH Passwords

sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in rather than via strace which is not so reliable.

It also comes with an installation script install.sh to install all dependencies on a target host machine.

ssHLooter was inspired to steal SSH passwords via another script using Python to implement a PAM module to log failed attempts, the author just had to change the location where passwords were logged.

Read the rest of sshLooter – Script To Steal SSH Passwords now! Only available at Darknet.

Intercepter-NG – Android App For Hacking

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/intercepter-ng-android-app-for-hacking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Intercepter-NG – Android App For Hacking

Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.

Specifically referring to Intercepter-NG Console Edition which works on a range of systems including NT, Linux, BSD, MacOSX, IOS and Android.

The Windows version is the one with the most powerful feature-set, but the Android app is fairly handy too.

Read the rest of Intercepter-NG – Android App For Hacking now! Only available at Darknet.

dcipher – Online Hash Cracking Using Rainbow & Lookup Tables

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/dcipher-online-hash-cracking-using-rainbow-lookup-tables/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

dcipher – Online Hash Cracking Using Rainbow & Lookup Tables

dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.

The capacity to programmatically crack passwords is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible.

In this case dcipher uses online hash checking services, which have extremely large Rainbow Table sets of pre-computed hashes, to rapidly find hash collisions.

Read the rest of dcipher – Online Hash Cracking Using Rainbow & Lookup Tables now! Only available at Darknet.

Cangibrina – Admin Dashboard Finder Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/cangibrina-admin-dashboard-finder-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Cangibrina – Admin Dashboard Finder Tool

Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists, Google, Nmap and robots.txt.

It is multi-threaded, supports modifying your user agent, using a TOR proxy, custom dorks, Nmap integration and can use both DuckDuckGo and Google.

Cangibrina Admin Dashboard Finder Requirements

  • Python 2.7
  • mechanize
  • PySocks
  • beautifulsoup4
  • html5lib
  • Nmap
  • TOR

Cangibrina Usage to Find Admin Dashboards

usage: cangibrina.py [-h] -u U [-w W] [-t T] [-v] [–ext EXT] [–user-agent]
[–tor] [–search] [–dork DORK] [–nmap [NMAP]]

Fast and powerful admin finder

optional arguments:
-h, –help show this help message and exit
-u U target site
-w W set wordlist (default: wl_medium)
-t T set threads number (default: 5)
-v enable verbose
–ext EXT filter path by target extension
–user-agent modify user-agent
–sub-domain search for sub domains instead of directories
–tor set TOR proxy
–search use google and duckduckgo to search
–dork DORK set custom dork
–nmap [NMAP] use nmap to scan ports and services

There are other specific tools in this area like WPScan for WordPress and DruPwn for Drupal – and in those cases the dashboard URLs are already known.

Read the rest of Cangibrina – Admin Dashboard Finder Tool now! Only available at Darknet.

RidRelay – SMB Relay Attack For Username Enumeration

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/07/ridrelay-smb-relay-attack-for-username-enumeration/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

RidRelay – SMB Relay Attack For Username Enumeration

RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.

How RidRelay SMB Relay Attack Works

RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It takes these steps:

  1. Spins up an SMB server and waits for an incoming SMB connection
  2. The incoming credentials are relayed to a specified target, creating a connection with the context of the relayed user
  3. Queries are made down the SMB connection to the lsarpc pipe to get the list of domain usernames.

Read the rest of RidRelay – SMB Relay Attack For Username Enumeration now! Only available at Darknet.

NetBScanner – NetBIOS Network Scanner

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/07/netbscanner-netbios-network-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

NetBScanner – NetBIOS Network Scanner

NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.

For every computer located by this NetBIOS scanner, the following information is displayed:

  • IP Address
  • Computer Name
  • Workgroup or Domain
  • MAC Address
  • Network adapter manufacturer (from MAC address).

NetBScanner also shows whether a computer is a Master Browser.

Read the rest of NetBScanner – NetBIOS Network Scanner now! Only available at Darknet.

Powershell-RAT – Gmail Exfiltration RAT

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/06/powershell-rat-gmail-exfiltration-rat/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Powershell-RAT – Gmail Exfiltration RAT

Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.

This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

It claims to not need Administrator access and is not currently detected by Anti-virus software.

Read the rest of Powershell-RAT – Gmail Exfiltration RAT now! Only available at Darknet.

airgeddon – Wireless Security Auditing Script

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/06/airgeddon-wireless-security-auditing-script/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

airgeddon – Wireless Security Auditing Script

Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.

Airgeddon Wireless Security Auditing Features

  • Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
  • DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks)
  • Full support for 2.4Ghz and 5Ghz band
  • Assisted Handshake file capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based) based on aircrack, crunch and hashcat tools.

Read the rest of airgeddon – Wireless Security Auditing Script now! Only available at Darknet.

CloudFrunt – Identify Misconfigured CloudFront Domains

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/cloudfrunt-identify-misconfigured-cloudfront-domains/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

CloudFrunt – Identify Misconfigured CloudFront Domains

CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions. This effectively allows for domain hijacking.

How CloudFrunt Works For Misconfigured CloudFront

CloudFront is a Content Delivery Network (CDN) provided by Amazon Web Services (AWS). CloudFront users create “distributions” that serve content from specific sources (an S3 bucket, for example).

Each CloudFront distribution has a unique endpoint for users to point their DNS records to (ex.

Read the rest of CloudFrunt – Identify Misconfigured CloudFront Domains now! Only available at Darknet.

Airbash – Fully Automated WPA PSK Handshake Capture Script

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/airbash-fully-automated-wpa-psk-handshake-capture-script/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Airbash – Fully Automated WPA PSK Handshake Capture Script

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP).

Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng.

Read the rest of Airbash – Fully Automated WPA PSK Handshake Capture Script now! Only available at Darknet.

XXEinjector – Automatic XXE Injection Tool For Exploitation

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/xxeinjector-automatic-xxe-injection-tool-for-exploitation/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

XXEinjector – Automatic XXE Injection Tool For Exploitation

XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.

Usage of XXEinjector XXE Injection Tool

XXEinjector actually has a LOT of options, so do have a look through to see how you can best leverage this type of attack. Obviously Ruby is a prequisite to run the tool.

Read the rest of XXEinjector – Automatic XXE Injection Tool For Exploitation now! Only available at Darknet.

Drupwn – Drupal Enumeration Tool & Security Scanner

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/drupwn-drupal-enumeration-tool-security-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Drupwn – Drupal Enumeration Tool & Security Scanner

Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.

Drupwn Drupal Enumeration Tool Hacking Features

Drupwn can be run, using two separate modes which are enum and exploit. The enum mode allows performing enumerations whereas the exploit mode allows checking and exploiting CVEs.

Enum mode

  • User enumeration
  • Node enumeration
  • Default files enumeration
  • Module enumeration
  • Theme enumeration
  • Cookies support
  • User-Agent support
  • Basic authentication support
  • Request delay
  • Enumeration range
  • Logging

Exploit mode

  • Vulnerability checker
  • CVE exploiter

For scanning Drupal sites there is also:

– Droopescan – Plugin Based CMS Security Scanner

You can download Drupwn here:

drupwn-master.zip

Or read more here.

Read the rest of Drupwn – Drupal Enumeration Tool & Security Scanner now! Only available at Darknet.

StaCoAn – Mobile App Static Analysis Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/04/stacoan-mobile-app-static-analysis-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

StaCoAn – Mobile App Static Analysis Tool

StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.

This tool will look for interesting lines in the code which can contain:

  • Hardcoded credentials
  • API keys
  • URL’s of API’s
  • Decryption keys
  • Major coding mistakes

This tool was created with a big focus on usability and graphical guidance in the user interface.

Read the rest of StaCoAn – Mobile App Static Analysis Tool now! Only available at Darknet.