Tag Archives: Hacking Tools

HELK – Open Source Threat Hunting Platform

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/11/helk-open-source-threat-hunting-platform/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

HELK – Open Source Threat Hunting Platform

The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.

This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.

Goals of HELK Open Source Threat Hunting Platform

  • Provide an open-source hunting platform to the community and share the basics of Threat Hunting.

Read the rest of HELK – Open Source Threat Hunting Platform now! Only available at Darknet.

tko-subs – Detect & Takeover Subdomains With Dead DNS Records

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/09/tko-subs-detect-takeover-subdomains-with-dead-dns-records/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

tko-subs – Detect & Takeover Subdomains With Dead DNS Records

tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.

What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?

This tool allows you:

  • To check whether a subdomain can be taken over because it has:
    • a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.

Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.

Arcane – Tool To Backdoor iOS Packages (iPhone ARM)

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/08/arcane-tool-to-backdoor-ios-packages-iphone-arm/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Arcane – Tool To Backdoor iOS Packages (iPhone ARM)

Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.

It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.

How Arcane Tool To Backdoor iOS Package Works

It’s possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the preinst, postinst, prerm, and postrm files.

Read the rest of Arcane – Tool To Backdoor iOS Packages (iPhone ARM) now! Only available at Darknet.

Axiom – Pen-Testing Server For Collecting Bug Bounties

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/07/axiom-pen-testing-server-for-collecting-bug-bounties/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Axiom – Pen-Testing Server For Collecting Bug Bounties

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.

With Axiom, you just need to run a single command to get setup, and then you can use the Axiom toolkit scripts to spin up and down your new hacking VPS.

Setting up your own ‘hacking vps’, to catch shells, run enumeration tools, scan, let things run in the background in a tmux window, used to be an afternoon project – running into a whole day sometimes if you hit some package isues or ‘dependency hell’.

Read the rest of Axiom – Pen-Testing Server For Collecting Bug Bounties now! Only available at Darknet.

Quasar RAT – Windows Remote Administration Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/05/quasar-rat-windows-remote-administration-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Quasar RAT – Windows Remote Administration Tool

Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring.

It aims to provide high stability and an easy-to-use user interface and is a free, open source tool.

Features of Quasar RAT Windows Remote Administration Tool

The main features that can be found in Quasar are:

  • TCP network stream (IPv4 & IPv6 support)
  • Fast network serialization (Protocol Buffers)
  • Compressed (QuickLZ) & Encrypted (TLS) communication
  • UPnP Support
  • Task Manager
  • File Manager
  • Startup Manager
  • Remote Desktop
  • Remote Shell
  • Remote Execution
  • System Information
  • Registry Editor
  • System Power Commands (Restart, Shutdown, Standby)
  • Keylogger (Unicode Support)
  • Reverse Proxy (SOCKS5)
  • Password Recovery (Common Browsers and FTP Clients)

Using Quasar Windows Remote Administration Tool

1.

Read the rest of Quasar RAT – Windows Remote Administration Tool now! Only available at Darknet.

zBang – Privileged Account Threat Detection Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/03/zbang-privileged-account-threat-detection-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

zBang –  Privileged Account Threat Detection Tool

zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations and red teamers can utilize zBang to identify potential attack vectors and improve the security posture of the network.

The results can be analyzed with the graphic interface or by reviewing the raw output files.

The tool is built from five different scanning modules:

  • ACLight scan – discovers the most privileged accounts that must be protected, including suspicious Shadow Admins.

Read the rest of zBang – Privileged Account Threat Detection Tool now! Only available at Darknet.

Sandcastle – AWS S3 Bucket Enumeration Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/03/sandcastle-aws-s3-bucket-enumeration-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Sandcastle – AWS S3 Bucket Enumeration Tool

Sandcastle is a Python-based Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations.

Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.), you first create a bucket in one of the AWS Regions. You can then upload any number of objects to the bucket.

Read the rest of Sandcastle – AWS S3 Bucket Enumeration Tool now! Only available at Darknet.

Judas DNS – Nameserver DNS Poisoning Attack Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/02/judas-dns-nameserver-dns-poisoning-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Judas DNS – Nameserver DNS Poisoning Attack Tool

Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain.

The magic comes with Judas’s rule configurations which allow you to change DNS responses depending on source IP or DNS query type. This allows an attacker to configure a malicious nameserver to do things like selectively re-route inbound email coming from specified source IP ranges (via modified MX records), set extremely long TTLs to keep poisoned records cached, and more.

Read the rest of Judas DNS – Nameserver DNS Poisoning Attack Tool now! Only available at Darknet.

OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/02/owasp-amass-dns-enumeration-attack-surface-mapping-external-asset-discovery/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery

The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.

Information Gathering Techniques Used by OWASP Amass for DNS Enumeration and More

The main functionality of Amass is as follows:

  • DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional)
  • Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo
  • Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT
  • APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML
  • Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback

Usage of Amass for DNS Enumeration, Attack Surface Mapping & External Asset Discovery

The Amass tool has several subcommands shown below for handling your Internet exposure investigation.

Read the rest of OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery now! Only available at Darknet.

Cameradar – Hack RTSP Video Surveillance CCTV Cameras

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/01/cameradar-hack-rtsp-video-surveillance-cctv-cameras/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Cameradar – Hack RTSP Video Surveillance CCTV Cameras

Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.

The main features of Cameradar are:

  • Detect open RTSP hosts on any accessible target host
  • Detect which device model is streaming
  • Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
  • Launch automated dictionary attacks to get the username and password of the cameras
  • Retrieve a complete and user-friendly report of the results

Using Cameradar to Hack RTSP Video Cameras

"-t, –targets": Set target.

Read the rest of Cameradar – Hack RTSP Video Surveillance CCTV Cameras now! Only available at Darknet.

dSploit APK Download – Hacking & Security Toolkit For Android

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/01/dsploit-apk-download-hacking-security-toolkit-for-android/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

dSploit APK Download – Hacking & Security Toolkit For Android

dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities. It aims to offer to IT security experts the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle (MiTM) attacks such as password sniffing (with common protocols dissection), real-time traffic manipulation and more.

Read the rest of dSploit APK Download – Hacking & Security Toolkit For Android now! Only available at Darknet.

WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/12/wifi-dumper-dump-wifi-profiles-and-cleartext-passwords/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords

WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine. This tool will help you in a Wifi penetration testing and could also be useful when performing red team assessments or internal infrastructure engagements.

Each option in the tool generates the “.txt” file as an output, if you run the tool multiple times, the output gets appended to the previous results.

Read the rest of WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords now! Only available at Darknet.

truffleHog – Search Git for High Entropy Strings with Commit History

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/12/trufflehog-search-git-for-high-entropy-strings-with-commit-history/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

truffleHog – Search Git for High Entropy Strings with Commit History

truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy checking has also been added.

truffleHog –regex –entropy=False https://github.com/dxa4481/truffleHog.git

or

truffleHog file:///user/dxa4481/codeprojects/truffleHog/

truffleHog will go through the entire commit history of each branch, and check each diff from each commit, and check for secrets.

Read the rest of truffleHog – Search Git for High Entropy Strings with Commit History now! Only available at Darknet.

UBoat – Proof Of Concept PoC HTTP Botnet Project

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/10/uboat-proof-of-concept-poc-http-botnet-project/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

UBoat – Proof Of Concept PoC HTTP Botnet Project

UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.

Reviews of popular botnets have shown HTTP-based botnets have a set of attributes that make it difficult for them to be detected. On the other hand, the number of studies focusing on the detection of HTTP-based botnets is relatively low (compared to the number of those on IRC-based and P2P botnets) especially in the HTTP-based mobile botnets which operate on the mobile devices and networks.

Read the rest of UBoat – Proof Of Concept PoC HTTP Botnet Project now! Only available at Darknet.

Stardox – Github Stargazers Information Gathering Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/08/stardox-github-stargazers-information-gathering-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Stardox – Github Stargazers Information Gathering Tool

Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details.

GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it’s natural to wonder what’s driving interest.

Read the rest of Stardox – Github Stargazers Information Gathering Tool now! Only available at Darknet.

Slurp – Amazon AWS S3 Bucket Enumerator

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/07/slurp-amazon-aws-s3-bucket-enumerator/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Slurp – Amazon AWS S3 Bucket Enumerator

Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.

There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.

Blackbox (external)

In this mode, you are using the permutations list to conduct scans.

Read the rest of Slurp – Amazon AWS S3 Bucket Enumerator now! Only available at Darknet.

BloodHound – Hacking Active Directory Trust Relationships

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/06/bloodhound-hacking-active-directory-trust-relationships/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

BloodHound – Hacking Active Directory Trust Relationships

BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.

Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

Read the rest of BloodHound – Hacking Active Directory Trust Relationships now! Only available at Darknet.

SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/04/seclists-usernames-passwords-urls-sensitive-data-patterns-fuzzing-payloads-web-shells/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.

List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

Contents of SecLists

Each section has tonnes of content including the below:

  • Discovery lists (DNS, SNMP, Web content)
  • Fuzzing Payloads (Databases, LFI, SQLi, XSS)
  • Password lists (Common credentials, cracked hashes, honeypot captures, leaked lists)
  • Data Pattern lists
  • Payload files (Zip bombs, flash, images)
  • Username lists (Honeypot captures)
  • Web shells

Install SecLists

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip

Git (Small)

git clone –depth 1 https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone [email protected]:danielmiessler/SecLists.git

You can access all the lists here:

https://github.com/danielmiessler/SecLists

Read the rest of SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells now! Only available at Darknet.

GoBuster – Directory/File & DNS Busting Tool in Go

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/02/gobuster-directory-file-dns-busting-tool-in-go/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

GoBuster – Directory/File & DNS Busting Tool in Go

GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.

The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..

  • … something that didn’t have a fat Java GUI (console FTW).
  • … to build something that just worked on the command line.
  • … something that did not do recursive brute force.

Read the rest of GoBuster – Directory/File & DNS Busting Tool in Go now! Only available at Darknet.

BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy

Post Syndicated from Darknet original https://www.darknet.org.uk/2019/02/bdfproxy-patch-binaries-via-mitm-backdoorfactory-mitmproxy/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy

BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads (software updates for example) from vendors that don’t validate data integrity.

The Backdoor Factory allows you to patch binaries with shell-code so combining that with mitmproxy, which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types – gives you BDFProxy.

Read the rest of BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy now! Only available at Darknet.