Recon-ng : Web Reconnaisance framework for Penetration testers

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework.

Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

How to use ? Complete Guide is available here

Recon-ng repository

git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple.

Version 0.2 adds scanning of SSL / TLS as well as an option for probing delays and general bug fixes.

Download the Python Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PySQLi - Python SQL injection framework

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.

PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms. 

PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.

Download PySQLi

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Phemail.py: Phishing EMail Social Engineering Tool

Social Engineering is defined as the process of inducing people into giving away access or confidential information. From a security consultant point of view this topic is not new and there are many tools which can be used against the target.

phemail.py - Phishing EMAIL. The main purpose of this tool is to prove who clicked on the phishing email without attempting to exploit the web browser but collecting as much information as possible. For this reason it will be 100% undetectable by any antivirus and it will obtain sufficient data to have an initial proof of concept for the client.

Steps to use Phemail.py:

1. Find corporate email addresses: Phemail has an option for harvesting corporate email addresses and save them to a file. Phemail.py leverages Google to search for LinkedIn specific corporate e-mail targets.
2. Create a phishing email template: You get to create your own custom phishing templates. Do not forget to add the string “{0}” in each URL as the script will replace this string with the correct URL automatically.
3. Host/upload a single PHP file: This file contains JavaScript code which attempts to collect web browser information and save it in a log file in /tmp directory.
4. Run the php file as shown in the following example: # phemail.py -e test-emails.txt -f "Tax report " -r "Tax Report " -s "Important information about your tax" -b body.txt -w http://YOUR-WEBSITE.com

Download Phemail.py

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

HTExploit : Open Source Tool to Bypass Standard Directory Protection

HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process to gain access to a protected directory contents. Presumably, if such an attack is successful, you can launch further attacks such as SQL Injection, Local File Inclusion, Remote File Inclusion, etc. on discovered files.

Features of HTExploit:

• Multiples modules to execute.
• Save the output to an specify directory.
• HTML Reporting.
• Use multiples wordlist to probe against htaccess bypassing.
• Mode verbose for a full detailed information.
• Multi-platform and flexible.

The vulnerability exists because web servers like Apache forward PHP-based requests within .htaccess to the PHP engine itself. The .htaccess file allows you to specify the requests get sent to PHP to try to interpret. However, on encountering non-standard input, PHP automatically treats it as a GET request, and allows the utility to start saving the PHP files on a webserver to your local filesystem, bypassing security restrictions!

Download HTExploit

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

BBQSQL : Blind SQL injection framework ( Python )

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

Must provide the usual information:

• URL
• HTTP Method
• Headers
• Cookies
• Encoding methods
• Redirect behavior
• Files
• HTTP Auth
• Proxies

After you pull the tool from Github, you can install simply by typing:

python setup.py install

Download BBQSQL

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Anonymous FTP Scanner - Python Script

Anonymous FTP Scanner is a Python Script "FtpScan.py" - Which Scans for FTP servers allowing Anonymous Login.

Download the Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Sensitive Buster v 1.0 - Tool to find out Sensitive Data

r00tw0rm Team release a new tool today, called "Sensitive Buster" and Coded by Th3breacher And Angel Injection. The Tool finds vulnerabilities On WebServer ,Admin panels, sensitive files and folders and even backups. The Tool Coded by Python Language And it's Open Source Every One Can Edit it.

Usage:
1-first You Must Install Active Python
2-Open Command Prompt
3-./sensitivebuster.py -m -p Proxy

There are 5 Mode In This Version The Mode it
-shell
-backup
-admin
-dir
-files

4-./sensitivebuster http://example.com -m backup -p


You can Use proxy server
5-./sensitivebuster http://example.com -m backup -p 127.0.0.1:8080

Download Sensitive Buster v 1.0

Password : r00tw0rm.com

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

TheHarvester v 2.0 - Collects email accounts, usernames and hostnames

TheHarvester is a tool to collect email accounts, usernames and hostnames/subdomains from different public sources like search engines and PGP key servers.

This tool is intended to help Penetration testers in the early stages of the project. It's a really simple tool, but very effective.

The sources supported are:

• Google - emails,subdomains/hostnames
• Google profiles - Employee names
• Bing search - emails, subdomains/hostnames,virtual hosts
• Pgp servers - emails, subdomains/hostnames
• Linkedin - Employee names
• Exalead - emails,subdomain/hostnames

Some examples: 

• Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results.

./theharvester.py -d microsoft.com -l 500 -b google

• Searching emails accounts for the domain microsoft.com in a PGP server, here it's not necessary to specify the limit.

./theharvester.py -d microsoft.com -b pgp


Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

./theharvester.py -d microsoft.com -l 200 -b linkedin

• Searching in all sources at the same time, with a limit of 200 results:

./theHarvester.py -d microsoft.com -l 200 -b all

Download TheHarvester v 2.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Plecost 0.2.2-9-beta : Wordpress fingerprinting tool

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.Plecost retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google.

Plecost works in two modes. On the one hand by analyzing a single URL and the other analyzing the results of Google searches (-G).

Threads version Usage:

./plecost-0.2.2-8-beta.py [options] [ URL | [-l num] -G]

Mono task version Usage: 

./plecost_0.0.1-5beta.py [options] URL | [options] -G

DOWNLOAD Plecost 0.2.2-9-beta

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Creddump - Extracts credentials from Windows registry hives

Creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts:

• LM and NT hashes (SYSKEY protected)
• Cached domain passwords
• LSA secrets

It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.

It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows).

Download Creddump

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Patator :Multi-purpose bruteforce Python Script

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:

• ftp_login : Brute-force FTP
• ssh_login : Brute-force SSH
• telnet_login : Brute-force Telnet
• smtp_login : Brute-force SMTP
• smtp_vrfy : Enumerate valid users using the SMTP VRFY command
• smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
• finger_lookup : Enumerate valid users using Finger
• http_fuzz : Brute-force HTTP/HTTPS
• pop_passd : Brute-force poppassd (not POP3)
• ldap_login : Brute-force LDAP
• smb_login : Brute-force SMB
• mssql_login : Brute-force MSSQL
• oracle_login : Brute-force Oracle
• mysql_login : Brute-force MySQL
• pgsql_login : Brute-force PostgreSQL
• vnc_login : Brute-force VNC
• dns_forward : Forward lookup subdomains
• dns_reverse : Reverse lookup subnets
• snmp_login : Brute-force SNMPv1/2 and SNMPv3
• unzip_pass : Brute-force the password of encrypted ZIP files
• keystore_pass : Brute-force the password of Java keystore files

Get Help and Syntax to use this tool from official page.

Download Parator Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

SPyMap Portscanner - A python based portscanner, using scapy

A portscanner written in python, using the scapy libraries. Originally intended to be a clone of Nmap, it is growing into its own creation, intended to be a part of a much larger project later on.

Download SPyMap Portscanner

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Fastest Subdomain Bruteforcer Python Script

This is a (fast) multi-threaded python tool for enumerating subdomains. This tool also contains a large list of real subdomains that you will find in the wild. By default this tool does subdomain enumeration about 8 times faster than Fierce, and can chew through 31k lookups in about 5 minutes on a home cable connection.

Using some creative google hacks developer put together a disorganized list of well over a million domain names,  developer  then used a regex to rip out the subdomains and then sorted them by frequency.

There is subs.txt which contains 31280 subdomains. Also having a list of resolvers (resolvers.txt) is best for a multi-threaded application because most dns resolvers have rate-limiting by default. This feature is for speed.

Easy to use: ./subbrute.py target.com

Download Subdomain Bruteforcer

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

CVE-2012-2122 : Mysql Authentication Bypass Exploit

A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. You can Read More Details Here.

Mysql_hashdump module from Metasploit uses a known username and password to access the master user table of a MySQL server and dump it into a locally-stored "loot" file. This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access.

Jonathan Cran (CTO of Pwnie Express and Metasploit contributor) committed a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database. This ensures that even if the authentication bypass vulnerability is fixed, you should still be able to access the database using the cracked password hashes. A quick demonstration of this module is shown below using the latest Metasploit Framework GIT/SVN snapshot.

Download Exploit

Another Easy python script to gain root access to MySQL released by Dave (ReL1K) Kennedy's on his blog.

#!/usr/bin/python

import subprocess

while 1:

subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait()

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

iCrack - python md5 online | offline cracker

iCrack is an Online/ofline md5 cracker script in Python. Currently containes about 14 db for online cracking.

Download iCrack Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

SMB checker and Remote Code Execution Vulnerability Exploiter Script

The vulnerability 'MS08-067' is a flaw in the Windows Server Service that when a specially crafted RPC request was sent could allow remote code executions.This vulnerability affected Windows 2000, XP, Server 2003, Vista, and server 2008 and has been assigned CVE-2008-4250.

There is a Python Script developed by Ahmed shawky aka lnxg33k, which will automatically scan for SMB Port and Will also Exploit 'MS08-067' Flaw using Metasploit. The Script will Exploit the target for you. You can download the code :

Download Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Joomla Folder Scanner v.1.0b4 Released

Scan Joomla-Based Websites and detects components, modules, languages, templates and plugins (based on a list), in both, the public and the admin paths of the website.

Database status:

• Components: 230 entries
• Languages: 75 entries
• Modules: 683 entries
• Plugins: 30 entries
• Templates: 67 entries

Features :

• Multithread support, speed up scanning up to 10x faster!
• Scan admin and public directories.
• Reveal installed components, languages, modules, plugins and templates.
• No joomla user or admin access required.
• Easily customizable.

Download Joomla Folder Scanner v.1.0b4

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WebSploit Toolkit v 1.8 - Latest Release

WebSploit is an open source project which is used to scan and analysis remote system in order to find various type of vulnerabilities. This tool is very powerful and support multiple vulnerabilities

Description :

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service

[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin

[+]format infector - inject reverse & bind payload into file format

[+]phpmyadmin - Search Target phpmyadmin login page

[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF

[+]apache users - search server username directory (if use from apache webserver)

[+]Dir Bruter - brute target directory with wordlist

[+]admin finder - search admin & login page of target

[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks

[+]MITM - Man In The Middle Attack

[+]Java Applet Attack - Java Signed Applet Attack

[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector

[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows

[+]ARP DOS - ARP Cache Denial Of Service Attack With Random MAC

Download WebSploit V. 1.8

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Admin Page Finder - Python Script

This python script looks for a large amount of possible administrative interfaces on a given site. Admin Page Finding tools which scans the vulnerable websites for administrator login pages. It makes use of a predefined list for finding the admin login pages. After finding the pages, it may present us the page on which we can login with the administrator password.

Admin Finder Script is an open source script which is designed in Python Language. For use this tool we need to install Python on our machine.

Download Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email