Tag Archives: Hacking Tools

Cr3dOv3r – Credential Reuse Attack Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/12/cr3dov3r-credential-reuse-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Cr3dOv3r – Credential Reuse Attack Tool

Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.

You just give the tool your target email address then it does two fairly straightforward (but useful) jobs:

  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Then you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins.

Read the rest of Cr3dOv3r – Credential Reuse Attack Tool now! Only available at Darknet.

Mr.SIP – SIP Attack And Audit Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/mr-sip-sip-attack-audit-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Mr.SIP – SIP Attack And Audit Tool

Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defence approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version.

Mr.SIP – SIP Attack Features

Mr.SIP currently comprises of four sub-modules named SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP.

Read the rest of Mr.SIP – SIP Attack And Audit Tool now! Only available at Darknet.

Skype Log Viewer Download – View Logs on Windows

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/skype-log-viewer-download/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Skype Log Viewer Download – View Logs on Windows

Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.

What does Skype Log Viewer do?

This program allows you to view all of your Skype chat logs and then easily export them as text files.

It correctly organizes them by conversation and makes sure that group conversations do not get jumbled with one on one chats.

Read the rest of Skype Log Viewer Download – View Logs on Windows now! Only available at Darknet.

WPSeku – Black-Box Remote WordPress Security Scanner

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/wpseku-black-box-remote-wordpress-security-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

WPSeku – Black-Box Remote WordPress Security Scanner

WPSeku is a black box WordPress Security scanner that can be used to scan remote WordPress installations to find security issues and vulnerabilities.

Features of WPSeku WordPress Security Scanner

WPSeku supports various types of scanning including:

  • Testing for XSS Vulnerabilities
  • Testing for SQL Injection Vulnerabilities
  • Testing for LFI Vulnerabilities
  • Bruteforce login via xmlrpc
  • Username Enumeration
  • Proxy Support
  • Method (GET/POST)
  • Custom Wordlists
  • Custom user-agent

It also uses the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api.

Read the rest of WPSeku – Black-Box Remote WordPress Security Scanner now! Only available at Darknet.

WAFNinja – Web Application Firewall Attack Tool – WAF Bypass

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/wafninja-web-application-firewall-attack-tool-waf-bypass/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

WAFNinja – Web Application Firewall Attack Tool – WAF Bypass

WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation.

The tool was created with the objective to be easily extendible, simple to use and usable in a team environment.

What can WAFNinja Web Application Firewall Attack Tool Do?

Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool.

Read the rest of WAFNinja – Web Application Firewall Attack Tool – WAF Bypass now! Only available at Darknet.

dirsearch – Website Directory Scanner For Files & Structure

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/dirsearch-website-directory-scanner-files-structure/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

dirsearch – Website Directory Scanner For Files & Structure

dirsearch is a Python-based command-line website directory scanner designed to brute force site structure including directories and files in websites.

dirsearch Website Directory Scanner Features

dirsearch supports the following:

  • Multithreaded
  • Keep alive connections
  • Support for multiple extensions (-e|–extensions asp,php)
  • Reporting (plain text, JSON)
  • Heuristically detects invalid web pages
  • Recursive brute forcing
  • HTTP proxy support
  • User agent randomization
  • Batch processing
  • Request delaying

dirsearch Web Directory Structure Scanner & Wordlists

Dictionaries must be text files.

Read the rest of dirsearch – Website Directory Scanner For Files & Structure now! Only available at Darknet.

SQLiv – SQL Injection Dork Scanning Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/sqliv-sql-injection-dork-scanning-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

SQLiv – SQL Injection Dork Scanning Tool

SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning.

SQLiv Massive SQL Injection Scanner Features

Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot of URLs. It’s a fairly new tool and there are plans for more features and to add support for other search engines like DuckDuckGo.

Read the rest of SQLiv – SQL Injection Dork Scanning Tool now! Only available at Darknet.

Spaghetti Download – Web Application Security Scanner

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/spaghetti-download-web-application-security-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Spaghetti Download – Web Application Security Scanner

Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations, and misconfigurations.

It is built on Python 2.7 and can run on any platform which has a Python environment.

Features of Spaghetti Web Application Security Scanner

  • Fingerprints
    • Server
    • Web Frameworks (CakePHP, CherryPy,…)
    • Web Application Firewall (Waf)
    • Content Management System (CMS)
    • Operating System (Linux, Unix,..)
    • Language (PHP, Ruby,…)
    • Cookie Security
  • Bruteforce
    • Admin Interface
    • Common Backdoors
    • Common Backup Directory
    • Common Backup File
    • Common Directory
    • Common File
    • Log File
  • Disclosure
    • Emails
    • Private IP
    • Credit Cards
  • Attacks
    • HTML Injection
    • SQL Injection
    • LDAP Injection
    • XPath Injection
    • Cross Site Scripting (XSS)
    • Remote File Inclusion (RFI)
    • PHP Code Injection
  • Other
    • HTTP Allow Methods
    • HTML Object
    • Multiple Index
    • Robots Paths
    • Web Dav
    • Cross Site Tracing (XST)
    • PHPINFO
    • .Listing
  • Vulns
    • ShellShock
    • Anonymous Cipher (CVE-2007-1858)
    • Crime (SPDY) (CVE-2012-4929)
    • Struts-Shock

Using Spaghetti Web Application Security Scanner

[email protected]:~/Spaghetti# python spaghetti.py
_____ _ _ _ _
| __|___ ___ ___| |_ ___| |_| |_|_|
|__ | .

Read the rest of Spaghetti Download – Web Application Security Scanner now! Only available at Darknet.

VHostScan – Virtual Host Scanner With Alias & Catch-All Detection

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/vhostscan-virtual-host-scanner-with-alias-catch-all-detection/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

VHostScan – Virtual Host Scanner With Alias & Catch-All Detection

VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

Features of VHostScan Virtual Host Scanner

  • Quickly highlight unique content in catch-all scenarios
  • Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time)
  • Identify aliases by tweaking the unique depth of matches
  • Wordlist supports standard words and a variable to input a base hostname (for e.g.

Read the rest of VHostScan – Virtual Host Scanner With Alias & Catch-All Detection now! Only available at Darknet.

LOIC Download – Low Orbit Ion Cannon DDoS Booter

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/loic-download-low-orbit-ion-cannon-ddos-booter/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

LOIC Download – Low Orbit Ion Cannon DDoS Booter

LOIC Download below – Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#.

It’s an interesting tool in that it’s often used in what are usually classified as political cyber-terrorist attacks against large capitalistic organisations. The hivemind version gives average non-technical users a way to give their bandwidth as a way of supporting a cause they agree with.

Read the rest of LOIC Download – Low Orbit Ion Cannon DDoS Booter now! Only available at Darknet.

Yuki Chan – Automated Penetration Testing Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/yuki-chan-automated-penetration-testing-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Yuki Chan – Automated Penetration Testing Tool

Yuki Chan is an Automated Penetration Testing Tool that carries out a whole range of standard security auditing tasks automatically. It’s highly recommended to use this tool within Kali Linux OS as it already contains all the dependencies.

This tool is only designed for Linux OS so if you are not using Linux OS it won’t be much use, but if you have Android Smartphone or Tablet you can run this tool via Termux or GNURoot Debian.

Read the rest of Yuki Chan – Automated Penetration Testing Tool now! Only available at Darknet.

AWSBucketDump – AWS S3 Security Scanning Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/awsbucketdump-aws-s3-security-scanning-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

AWSBucketDump – AWS S3 Security Scanning Tool

AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files. It’s similar to a subdomain brute-forcing tool but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you’re not afraid to quickly fill up your hard drive.

Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool.

Read the rest of AWSBucketDump – AWS S3 Security Scanning Tool now! Only available at Darknet.

Seth – RDP Man In The Middle Attack Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/seth-rdp-man-in-the-middle-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Seth – RDP Man In The Middle Attack Tool

Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection in order to extract clear text credentials.

It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.

Usage of Seth RDP Man In The Middle Attack Tool

Run it like this:

$ ./seth.sh <INTERFACE> <ATTACKER IP> <VICTIM IP> <GATEWAY IP|HOST IP>

Unless the RDP host is on the same subnet as the victim machine, the last IP address must be that of the gateway.

Read the rest of Seth – RDP Man In The Middle Attack Tool now! Only available at Darknet.

dcrawl – Web Crawler For Unique Domains

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/dcrawl-web-crawler-unique-domains/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

dcrawl – Web Crawler For Unique Domains

dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names.

How does dcrawl work?

dcrawl takes one site URL as input and detects all a href= links in the site’s body. Each found link is put into the queue. Successively, each queued link is crawled in the same way, branching out to more URLs found in links on each site’s body.

dcrawl Web Crawler Features

  • Branching out only to predefined number of links found per one hostname.

Read the rest of dcrawl – Web Crawler For Unique Domains now! Only available at Darknet.

Wikto Scanner Download – Web Server Security Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/wikto-scanner-download-web-server-security-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Wikto Scanner Download – Web Server Security Tool

Wikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

It’s Nikto for Windows basically with some extra features written in C# and requires the .NET framework.

What is Wikto

Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site.

Read the rest of Wikto Scanner Download – Web Server Security Tool now! Only available at Darknet.

Russian Hacking Tools Codenamed WhiteBear Exposed

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/09/russian_hacking.html

Kaspersky Labs exposed a highly sophisticated set of hacking tools from Russia called WhiteBear.

From February to September 2016, WhiteBear activity was narrowly focused on embassies and consular operations around the world. All of these early WhiteBear targets were related to embassies and diplomatic/foreign affair organizations. Continued WhiteBear activity later shifted to include defense-related organizations into June 2017. When compared to WhiteAtlas infections, WhiteBear deployments are relatively rare and represent a departure from the broader Skipper Turla target set. Additionally, a comparison of the WhiteAtlas framework to WhiteBear components indicates that the malware is the product of separate development efforts. WhiteBear infections appear to be preceded by a condensed spearphishing dropper, lack Firefox extension installer payloads, and contain several new components signed with a new code signing digital certificate, unlike WhiteAtlas incidents and modules.

The exact delivery vector for WhiteBear components is unknown to us, although we have very strong suspicion the group spearphished targets with malicious pdf files. The decoy pdf document above was likely stolen from a target or partner. And, although WhiteBear components have been consistently identified on a subset of systems previously targeted with the WhiteAtlas framework, and maintain components within the same filepaths and can maintain identical filenames, we were unable to firmly tie delivery to any specific WhiteAtlas component. WhiteBear focused on various embassies and diplomatic entities around the world in early 2016 — tellingly, attempts were made to drop and display decoy pdf’s with full diplomatic headers and content alongside executable droppers on target systems.

One of the clever things the tool does is use hijacked satellite connections for command and control, helping it evade detection by broad surveillance capabilities like what what NSA uses. We’ve seen Russian attack tools that do this before. More details are in the Kaspersky blog post.

Given all the trouble Kaspersky is having because of its association with Russia, it’s interesting to speculate on this disclosure. Either they are independent, and have burned a valuable Russian hacking toolset. Or the Russians decided that the toolset was already burned — maybe the NSA knows all about it and has neutered it somehow — and allowed Kaspersky to publish. Or maybe it’s something in between. That’s the problem with this kind of speculation: without any facts, your theories just amplify whatever opinion you had previously.

Oddly, there hasn’t been much press about this. I have only found one story.

EDITED TO ADD: A colleague pointed out to me that Kaspersky announcements like this often get ignored by the press. There was very little written about ProjectSauron, for example.

EDITED TO ADD: The text I originally wrote said that Kaspersky released the attacks tools, like what Shadow Brokers is doing. They did not. They just exposed the existence of them. Apologies for that error — it was sloppy wording.

GitMiner – Advanced Tool For Mining Github

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/08/gitminer-advanced-tool-mining-github/?utm_source=darknet&utm_medium=rss&utm_campaign=feed

GitMiner is an Advanced search tool for automation in Github, it enables mining Github for useful or potentially dangerous information or for example specific vulnerable or useful WordPress files. This tool aims to facilitate mining the code or snippets on Github through the site’s search page. What is Mining Github? GitHub is a web-based Git […]

The post GitMiner – Advanced Tool For Mining Github appeared first on Darknet.

NoSQLMap – Automated NoSQL Exploitation Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/Y4RGC1J9G-U/

NoSQLMap is an open source Python-based automated NoSQL exploitation tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases. It is also intended to attack web applications using NoSQL in order to disclose data from the database. Presently the tool’s exploits are focused…

Read the full post at darknet.org.uk

SAML Raider – SAML2 Security Testing Burp Extension

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/uIEtvAVuRck/

SAML Raider is a Burp Suite extension for SAML2 security testing, it contains two core functionalities – Manipulating SAML Messages and managing X.509 certificates. The extension is divided into two parts, a SAML message editor and a certificate management tool. Features Message Editor Features of the SAML Raider message editor: Sign SAML Messages…

Read the full post at darknet.org.uk