Security of Information, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, etc etc...

Sunday, March 18, 2018

Discontinued Project - Offensive Sec 3.0





Thanks for access in blog, but the same it will be discontinued.  The same will stay online to reading, thank you very much you all.

Who knows, I will return one day.

Att,

Offensive Sec 3.0 

R.I.P 03/18/2018 đŸ˜Ș
Share:

Sunday, March 4, 2018

An Unicode Domain Phishing Generator for IDN Homograph Attack - EvilURL v2.0


Generate unicode evil domains for IDN Homograph Attack and detect them.

PREREQUISITES
  • python 3.x for evilurl3.py
TESTED ON: Kali Linux - ROLLING EDITION

CLONE
git clone https://github.com/UndeadSec/EvilURL.git

RUNNING
cd EvilURL
python3 evilurl.py

CHANGELOG
  • Full script updated to Python 3.x
    { Python 2.x support closed }
  • CheckURL Module.
    { Now you can check if an url is evil.
    Now you can check connection from an evil url. }
  • Better interactivity.
    { Better interface and design. }

VIDEO DEMO



Share:

Know The Dangers Of Credential Reuse Attacks - Cr3dOv3r v0.3


Your best friend in credential reuse attacks.
Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :
  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Now you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!


Imagine with me this scenario
  • You checking a targeted email with this tool.
  • The tool finds it in a leak so you open the leakage link.
  • You get the leaked password after searching the leak.
  • Now you back to the tool and enters this password to check if there's any website the user uses the same password in it.
  • You imagine the rest

Screenshots



Usage
usage: Cr3d0v3r.py [-h] email

positional arguments:
  email       Email/username to check
a
optional arguments:
  -h, --help  show this help message and exit

Installing and requirements

To make the tool work at its best you must have :
  • Python 3.x.
  • Linux or windows system.
  • The requirements mentioned in the next few lines.

Installing
+For windows : (After downloading ZIP and upzip it)
cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3dOv3r.py -h
+For linux :
git clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r-master
cd Cr3dOv3r-master
pip3 install -r requirements.txt
python Cr3dOv3r.py -h
If you want to add a website to the tool, follow the instructions in the wiki

Contact



Share:

Monday, February 19, 2018

Analyze The Security Of Any Domain By Finding All the Information Possible - Domain Analyzer




Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.


How
Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Google, SPF information, etc. After all the information is stored and organized it scans the ports of every IP found using nmap and perform several other security checks. After the ports are found, it uses the tool crawler.py from @verovaleros, to spider the complete web page of all the web ports found. This tool has the option to download files and find open folders.
Current version is 0.8 and the main features are:
  • It creates a directory with all the information, including nmap output files.
  • It uses colors to remark important information on the console.
  • It detects some security problems like host name problems, unusual port numbers and zone transfers.
  • It is heavily tested and it is very robust against DNS configuration problems.
  • It uses nmap for active host detection, port scanning and version information (including nmap scripts).
  • It searches for SPF records information to find new hostnames or IP addresses.
  • It searches for reverse DNS names and compare them to the hostname.
  • It prints out the country of every IP address.
  • It creates a PDF file with results.
  • It automatically detects and analyze sub-domains!
  • It searches for domains emails.
  • It checks the 192 most common hostnames in the DNS servers.
  • It checks for Zone Transfer on every DNS server.
  • It finds the reverse names of the /24 network range of every IP address.
  • It finds active host using nmap complete set of techniques.
  • It scan ports using nmap (remember that for the SYN scan you need to need root).
  • It searches for host and port information using nmap.
  • It automatically detects web servers used.
  • It crawls every web server page using our crawler.py tool. See the description below.
  • It filters out hostnames based on their name.
  • It pseudo-randomly searches N domains in Google and automatically analyze them!
  • Uses CTRL-C to stop current analysis stage and continue working.
  • It can read an external file with domain names and try to find them on the domain.

Bonus features
@verovaleros developed a separate python web crawler called "crawler.py". Its main features are:
  • Crawl http and https web sites.
  • Crawl http and https web sites not using common ports.
  • Uses regular expressions to find 'href' and 'src' html tag. Also content links.
  • Identifies relative links.
  • Identifies domain related emails.
  • Identifies directory indexing.
  • Detects references to URLs like 'file:', 'feed=', 'mailto:', 'javascript:' and others.
  • Uses CTRL-C to stop current crawler stages and continue working.
  • Identifies file extensions (zip, swf, sql, rar, etc.)
  • Download files to a directory:
    • Download every important file (images, documents, compressed files).
    • Or download specified files types.
    • Or download a predefined set of files (like 'document' files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
  • Maximum amount of links to crawl. A default value of 5000 URLs is set.
  • Follows redirections using HTML and JavaScript Location tag and HTTP response codes.

This extended edition has more features!
  • World-domination: You can automatically analyze the whole world! (if you have time)
  • Robin-hood: Although it is still in development, it will let you send automatically an email to the mails found during scan with the analysis information.
  • Robtex DNS: With this incredible function, every time you found a DNS servers with Zone Transfer, it will retrieve from the Robtex site other domains using that DNS server! It will automatically analyze them too! This can be a never ending test! Every vulnerable DNS server can be used by hundreds of domains, which in turn can be using other vulnerable DNS servers. BEWARE! Domains retrieved can be unrelated to the first one.

Examples
  • Find 10 random domains in the .gov domain and analyze them fully (including web crawling). If it finds some Zone Transfer, retrieve more domains using them from Robtex!!
    domain_analyzer.py -d .gov -k 10 -b
  • (Very Quick and dirty) Find everything related with .edu.cn domain, store everything in directories. Do not search for active host, do not nmap scan them, do not reverse-dns the netblock, do not search for emails.
    domain_analyzer.py -d edu.cn -b -o -g -a -n
  • Analyze the 386.edu.ru domain fully
    domain_analyzer.py -d 386.edu.ru -b -o
  • (Pen tester mode). Analyze a domain fully. Do not find other domains. Print everything in a pdf file. Store everything on disk. When finished open Zenmap and show me the topology every host found at the same time!
    domain_analyzer.py -d amigos.net -o -e
  • (Quick with web crawl only). Ignore everything with 'google' on it.
    domain_analyzer.py -d mil.cn -b -o -g -a -n -v google -x '-O --reason --webxml --traceroute -sS -sV -sC -PN -n -v -p 80,4443'
  • (Everything) Crawl up to 100 URLs of this site including subdomains. Store output into a file and download every INTERESTING file found to disk.
    crawler.py -u www.386.edu.ru -w -s -m 100 -f
  • (Quick and dirty) Crawl the site very quick. Do not download files. Store the output to a file.
    crawler.py -u www.386.edu.ru -w -m 20
  • (If you want to analyze metadata later with lafoca). Verbose prints which extensions are being downloaded. Download only the set of archives corresponding to Documents (.doc, .docx, .ppt, .xls, .odt. etc.)
    crawler.py -u ieeeexplore.ieee.org/otherfiles/ -d -v
Most of these features can be deactivated.

Screenshots
  1. Example domain_analyzer.py -d .gov -k 10 -b

Installation
Just untar the .tar.gz file and copy the python files to the /usr/bin/ directory. Domain_analyzer needs to be run as root. The crawler can be run as a non-privileged user. If you want all the features (web crawler, pdf and colors), which is nice, also copy these files to /usr/bin or /usr/local/bin
  • ansistrm.py
  • crawler.py
  • pyText2pdf.py
If you have any issues with the GeoIP database, please download it from its original source here. And install it in where your system needs it, usually at /opt/local/share/GeoIP/GeoIP.dat




Share:

Tuesday, February 6, 2018

IP Tools To quickly get information about IP Address's, Web Pages and DNS records - Crips




This Tools is a collection of online IP Tools that can be used to quickly get information about IP Address's, Web Pages and DNS records.

Menu
  • Whois lookup
  • Traceroute
  • DNS Lookup
  • Reverse DNS Lookup
  • GeoIP Lookup
  • Port Scan
  • Reverse IP Lookup
  • INSTALL & UPDATE
  • Exit

Whois lookup
Determine the registered owner of a domain or IP address block with the whois tool.

Traceroute
Using mtr an advanced traceroute tool trace the path of an Internet connection.

DNS Lookup
Find DNS records for a domain, results are determined using the dig DNS tool

Reverse DNS Lookup
Find Reverse DNS records for an IP address or a range of IP addresses.

GeoIP Lookup
Find the location of an IP address using the GeoIP lookup location tool.

Port Scan
A simple TCP Port Scan to quickly determine the status of an Internet facing service or firewall.

Reverse IP Lookup
Discover web hosts sharing an IP address with a reverse IP lookup.

INSTALL & UPDATE
To install the tools directly in the system and get new update directly using terminal

Installation Linux
[✓] git clone https://github.com/Manisso/Crips.git
[✓] cd Crips && python Crips.py
[◉] 0 : INSTALL & UPDATE
[◉] -> 0
[✓] press 0
[✓] Congratulation Crips is Installed !

Installation Windows 
[✔] Download Python 2.7
[✓] Download Crips
[✓] Extract Crips into Desktop
[◉]Open CMD and type the following commands:
[✓] $cd Desktop/Crips-master/
[✓] $python crips.py




Share:

Bluetooth Security Testing Suite - BlueMaho v090417




BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice statistics.

1.2. What it can do? (features)

  • scan for devices, show advanced info, SDP records, vendor etc
  • track devices - show where and how much times device was seen, its name changes
  • loop scan - it can scan all time, showing you online devices
  • alerts with sound if new device found
  • on_new_device - you can spacify what command should it run when it founds new device
  • it can use separate dongles - one for scaning (loop scan) and one for running tools or exploits
  • send files
  • change name, class, mode, BD_ADDR of local HCI devices
  • save results in database
  • form nice statistics (uniq devices by day/hour, vendors, services etc)
  • test remote device for known vulnerabilities (see exploits for more details)
  • test remote device for unknown vulnerabilities (see tools for more details)
  • themes! you can customize it


1.3. What tools and exploits it consist of?

  • tools:
  • atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann)
  • bccmd by Marcel Holtmann
  • bdaddr.c by Marcel Holtmann
  • bluetracker.py by smiley
  • carwhisperer v0.2 by Martin Herfurt
  • psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner
  • BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin
  • btftp v0.1 by Marcel Holtmann
  • btobex v0.1 by Marcel Holtmann
  • greenplaque v1.5 by digitalmunition.com
  • L2CAP packetgenerator by Bastian Ballmann
  • obex stress tests 0.1
  • redfang v2.50 by Ollie Whitehouse
  • ussp-push v0.10 by Davide Libenzi
  • exploits/attacks:
  • Bluebugger v0.1 by Martin J. Muench
  • bluePIMp by Kevin Finisterre
  • BlueZ hcidump v1.29 DoS PoC by Pierre Betouin
  • helomoto by Adam Laurie
  • hidattack v0.1 by Collin R. Mulliner
  • Mode 3 abuse attack
  • Nokia N70 l2cap packet DoS PoC Pierre Betouin
  • opush abuse (prompts flood) DoS attack
  • Sony-Ericsson reset display PoC by Pierre Betouin
  • you can add your own tools by editing 'exploits/exploits.lst' and 'tools/tools.lst'


1.4. Requirements

  • OS (tested with Debian 4.0 Etch / 2.6.18)
  • python (python 2.4 http://www.python.org)
  • wxPython (python-wxgtk2.6 http://www.wxpython.org)
  • BlueZ (3.9/3.24) http://www.bluez.org
  • Eterm to open tools somewhere, you can set another term in 'config/defaul.conf' changing the value of 'cmd_term' variable. (tested with 1.1 ver)
  • pkg-config(0.21), 'tee' used in tools/showmaxlocaldevinfo.sh, openobex, obexftp
  • libopenobex1 + libopenobex-dev (needed by ussp-push)
  • libxml2, libxml2-dev (needed by btftp)
  • libusb-dev (needed by bccmd)
  • libreadline5-dev (needed by atshell.c)
  • lightblue-0.3.3 (needed by obexstress.py)
  • hardware: any bluez compatible bluetooth-device


1.5. Configuration

  1. all configuration is in 'config' dir.
  2. for using bluemaho propertly you need to build tools and exploits. check if you satisfy 'requirements' for bluemaho. then run 'build.sh'. if you see 'Building complete!' message, than all went OK. if not - try to play around requirements.
  3. 'default.conf' is a default configuration file, you can edit it if you need to change some options, path to files and commands used by bluemaho, theme etc. by default you don't need to change it if you do all from 'requirements' chapter. but, please, view it, for example just for setting 'user_location' variable for defining you location, which will be used for tracking function.
  4. 'themes' - directory with themes for bluemaho GUI. You can set path to default theme with 'theme' variable in 'default.conf'


1.6. Run and use

You can run BlueMaho typing in console 'bluemaho.py'. For verbose output in console (and redirecting std_err and std_out) run 'bluemaho.py -v'. it saves founded devices to 'bluemaho.log' by default, you can change it in 'config/defaul.conf'. enjoy! 

Share:

A Penetration Testing Framework - Fsociety Hacking Tools Pack




A Penetration Testing Framework , you will have evry script that a hacker needs

Menu
  • Information Gathering
  • Password Attacks
  • Wireless Testing
  • Exploitation Tools
  • Sniffing & Spoofing
  • Web Hacking
  • Private Web Hacking
  • Post Exploitation
  • INSTALL & UPDATE

Information Gathering :
  • Nmap
  • Setoolkit
  • Port Scanning
  • Host To IP
  • wordpress user
  • CMS scanner
  • XSStracer
  • Dork - Google Dorks Passive Vulnerability Auditor
  • Scan A server's Users

Password Attacks :
  • Cupp
  • Ncrack

Wireless Testing :
  • reaver
  • pixiewps

Exploitation Tools :
  • Venom
  • sqlmap
  • Shellnoob
  • commix
  • FTP Auto Bypass
  • jboss-autopwn

Sniffing & Spoofing :
  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer

Web Hacking :
  • Drupal Hacking
  • Inurlbr
  • Wordpress & Joomla Scanner
  • Gravity Form Scanner
  • File Upload Checker
  • Wordpress Exploit Scanner
  • Wordpress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 - 3.4.5 remote code execution
  • Vbulletin 5.X remote code execution
  • BruteX - Automatically brute force all services running on a target
  • Arachni - Web Application Security Scanner Framework

Private Web Hacking
  • Get all websites
  • Get joomla websites
  • Get wordpress websites
  • Control Panel Finder
  • Zip Files Finder
  • Upload File Finder
  • Get server users
  • SQli Scanner
  • Ports Scan (range of ports)
  • ports Scan (common ports)
  • Get server Info
  • Bypass Cloudflare

Post Exploitation
  • Shell Checker
  • POET
  • Phishing Framework

Install Me
  • Install Directly On System (Only For Linux & Mac System )
  • Update instantly When There are New Update

Installation Linux
[✓] git clone https://github.com/Manisso/fsociety.git
[✓] cd fsociety && python fsociety.py
[◉] 0 : INSTALL & UPDATE
[◉] -> 0
[✓] press 0
[✓] Congratulation Fsociety is Installed !

Installation Windows
[✔] Download python 2.7
[✓] Download fsociety
[✓] Extract fsociety into Desktop
[◉]Open CMD and type the following commands:
[✓] $cd Desktop/fsociety-master/
[✓] $python fsociety.py

Use




Share:

Saturday, February 3, 2018

Automatic installation and configuration of DNSCrypt - dnscrypt-autoinstall




A script for installing and automatically configuring DNSCrypt on Linux-based systems.

Description
DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually been sent by that provider, and haven't been tampered with.
This script will automatically and securely set up DNSCrypt as a background service that runs at system startup using DNSCrypt-proxy, the libsodium cryptography library, and the DNSCrypt service provider of your choice. The script also has options that allow you to change the service provider at any time, turn off DNSCrypt to use regular unencrypted DNS, as well as uninstall DNSCrypt.

Installation
The script supports recent Red Hat-based (CentOS, Fedora, Scientific Linux), Debian-based (Debian, Ubuntu, Linux Mint) distributions and OpenSUSE.
Note Scripts with sysvinit support were moved to the "legacy" branch (CentOS 6, Debian 7, Ubuntu < 16.04)
wget https://raw.githubusercontent.com/simonclausen/dnscrypt-autoinstall/master/dnscrypt-autoinstall
chmod +x dnscrypt-autoinstall
su -c ./dnscrypt-autoinstall

Supported providers
Providers are retrieved from the latest published dnscrypt-resolvers.csv (github.com/jedisct1), with a fallback to those included with the DNSCrypt installation.

Troubleshooting
If the install fails at a particular stage and the script mentions DNSCrypt is already configured, use the forcedel argument to force an uninstallation:
./dnscrypt-autoinstall.sh forcedel




Share:

A Tool to Generate Various Ways to Do a Reverse Shell - ReverShellGenerator

Share:

Website Vulnerability Scanner & Auto Exploiter - XAttacker




XAttacker is a Website Vulnerability Scanner & Auto Exploiter developed by Mohamed Riahi

Installation
git clone https://github.com/Moham3dRiahi/XAttacker.git

Auto Cms Detect
  • [1] WordPress :
    • [+] Adblock Blocker
    • [+] WP All Import
    • [+] Blaze
    • [+] Catpro
    • [+] Cherry Plugin
    • [+] Download Manager
    • [+] Formcraft
    • [+] levoslideshow
    • [+] Power Zoomer
    • [+] Gravity Forms
    • [+] Revslider Upload Shell
    • [+] Revslider Dafece Ajax
    • [+] Revslider Get Config
    • [+] Showbiz
    • [+] Simple Ads Manager
    • [+] Slide Show Pro
    • [+] WP Mobile Detector
    • [+] Wysija
    • [+] InBoundio Marketing
    • [+] dzs-zoomsounds
    • [+] Reflex Gallery
    • [+] Creative Contact Form
    • [+] Work The Flow File Upload
    • [+] WP Job Manger
    • [+] PHP Event Calendar
    • [+] Synoptic
    • [+] Wp Shop
    • [+] Content Injection
  • [2] Joomla
    • [+] Com Jce
    • [+] Com Media
    • [+] Com Jdownloads
    • [+] Com Fabrik
    • [+] Com Jdownloads Index
    • [+] Com Foxcontact
    • [+] Com Ads Manager
    • [+] Com Blog
    • [+] Com Users
    • [+] Com Weblinks
    • [+] mod_simplefileupload
  • [3] DruPal
    • [+] Add Admin
  • [4] PrestaShop
    • [+] columnadverts
    • [+] soopamobile
    • [+] soopabanners
    • [+] Vtermslideshow
    • [+] simpleslideshow
    • [+] productpageadverts
    • [+] homepageadvertise
    • [+] homepageadvertise2
    • [+] jro_homepageadvertise
    • [+] attributewizardpro
    • [+] 1attributewizardpro
    • [+] AttributewizardproOLD
    • [+] attributewizardpro_x
    • [+] advancedslider
    • [+] cartabandonmentpro
    • [+] cartabandonmentproOld
    • [+] videostab
    • [+] wg24themeadministration
    • [+] fieldvmegamenu
    • [+] wdoptionpanel
    • [+] pk_flexmenu
    • [+] pk_vertflexmenu
    • [+] nvn_export_orders
    • [+] megamenu
    • [+] tdpsthemeoptionpanel
    • [+] psmodthemeoptionpanel
    • [+] masseditproduct
  • [5] Lokomedia
    • SQL injection

Video

Usage

Short FormLong FormDescription
-l --list websites list

Example
if you have list websites run tool with this command line
perl XAttacker.pl -l list.txt
if you don't have list websites run the tool with this command
perl XAttacker.pl

For coloring in windows Add This Line
use Win32::Console::ANSI;



Version
Current version is 2.1 What's New
• Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload
• GS-Dorker
• speed up
• Bug fixes
version 2.0
• speed up
• Bug fixes
version 1.9
• Bug fixes




Share:

Monday, January 29, 2018

Wireshark Crash Course - Tutorial



Description
Wireshark is the most widely used network capture and protocol analyzer on the market. It is used by IT and Network administrators to troubleshoot network connectivity issues and by Network Security analysts to dissect network attacks. This free and open source application is so widely used in the industry because it works. It is cross platform, meaning that it runs on Windows, Mac, Linux and FreeBSD.
This course is an introduction to the application and goes over the basics to get you started capturing and analyzing network traffic. It will build your base by explaining the theory behind how networks work and then get you in to real world applications of the software.
In this course you will learn:

  • The basics of how networks operate
  • How to capture traffic on wireshark
  • How to use display and capture filters
  • How to use command line wireshark to work with large packet captures


Who is the target audience?

  • Network Administrators
  • System Administrators
  • IT Security Analysts 


Type: Course 
Language: English 
Number of videos: 24
Year: 2015
Format: MP4 
Size: 675 MB
Password: offsec 


Share:
Copyright © Offensive Sec 3.0 | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition