Wifi Honey - Creates fake APs using all encryption

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1

Download Wifi Honey

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

JBoss Autopwn - JSP Hacking Tool For JBoss AS Server

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features include:

- Multiplatform support - tested on Windows, Linux and Mac targets

- Support for bind and reverse bind shells

- Meterpreter shells and VNC support for Windows targets

Installation: Dependencies include

- Netcat

- Curl

- Metasploit v3, installed in the current path as "framework3"

Download JBoss Autopwn

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Server Analyser : Simple Server Malware Scanner

Server Analyser  is a service for detecting and analyzing web-based threats. It currently handles shells, obfuscated JavaScript, Executables, Iframes and port scans.

Featured added:

+ Logging scans

+ Just paste the results ( option 1 )

+ Added new Exploit methods to option 1

+ Latest infections ( will be updated automaticly )

+ Added PHP Shell detection exec()/system() etc. ( more will be added soon )

+ The code has been changed into a smaller one

+ Added new BlackHole methods

+ Added different javascript methods

+ Added decoded php syntaxes

+ gzinflate

+ var url

+ base64_decode

+ The Beta has been releases and uploaded

+ code improvements

+ fixed the dos2unix issue

Download Server Analyser

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Server Shield v1.0.2 - Protect your Linux machine in 1 minute

Server Shield is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortlessly resilient to many basic and advanced attacks.

Features

• Firewall Hardening
• TCP Hardening
• Data Leakage Protection
• ICMP/Ping Flood Protection
• Rootkit Protection
• DoS Protection
• Spoof Protection
• Bogus TCP Protection
• SYN Flood Protection
• Requires
• iptables ("yum install iptables")

Installation

git clone https://github.com/Brian-Holt/server-shield

cd server-shield;chmod +x sshield;mv sshield /etc/init.d

/etc/init.d/sshield start

Download Server Shield v1.0.2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Windows PowerShell V3.0 download available

PowerShell V3.0 has been released as part of Windows Server 2012, but you do not have to wait it though! The final release of Windows Management Framework 3.0 is also available for download from the Microsoft Download Center.

Windows Management Framework 3.0 makes much of the same great management functionality from Windows Server 2012 available to earlier versions of Windows. Windows Management Framework 3.0 allows you to install Windows PowerShell 3.0 (including a new version of WMI and WinRM) on the following Operating Systems:

• Windows 7 Service Pack 1 (32-bit & 64-bit)
• Windows Server 2008 R2 Service Pack 1 (64-bit only, includes Server Core)
• Windows Server 2008 Service Pack 2 (32-bit & 64-bit)

Some of the new features in Windows PowerShell 3.0 include:

1. Workflow : Windows PowerShell Workflow lets IT Pros and developers apply the benefits of workflows to the automation capabilities of Windows PowerShell. Workflows allow administrators to run long-running tasks (which can be made repeatable, frequent, parallelizable, interruptible, or restart-able) that can affect multiple managed computers or devices at the same time.
2. Disconnected Sessions:  PowerShell sessions can be disconnected from the remote computer and reconnected later from the same computer or a different computer without losing state or causing running commands to fail.
3. Robust Session Connectivity: Remote sessions are resilient to network failures and will attempt to reconnect for several minutes. If connectivity cannot be reestablished, the session will automatically disconnect itself so that it can be reconnected when network connectivity is restored.
4. Scheduled Jobs: scheduled jobs that run regularly or in response to an event.
5. Delegated Administration: Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs
6. Simplified Language Syntax: Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language.
7. Cmdlet Discovery: Improved cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer.
8. Show-Command: Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it.

Download Powershell V3.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Anehta V-0.6 - Web Application Security Audit Tool

Anehta is Web Application tool for Security Audit, written in PHP/JavaScript designed to make Cross site scripting and other web attacks easier and automated.

Install & Configure:

1. Decompress all the files in a directory on your server

2. Make sure your directory has the write permission.

3. Modify $U as username and $P as password in “server/class/auth_Class.php” file.

Default username is “admin” and default password is “123456″.

4. If you want to send mail, modify “server/mail.php” file to your own mail server or mailbox.

Quick Start:

1. Login and turn to the Configure tab.

2. Input the “anehtaurl” as the url where your anehta is.

For example: “http://www.a.com/anehta”.

3. You should also input the boomerang src and boomerang target.

boomerang src is usually the same page where you put your feed.js is.

For example: boomerang src maybe: “http://www.b.com/xssed.html?param=”.

boomerang target must be the page where you want to steal cross domain cookie.

For example: boomerang target maybe: “http://www.alimafia.com/xssDemo.html#’><’”.

You can modify feed.js to cancel the xcookie module if you do not want to use boomerang. But you must always set boomerang src and target values when you modify in the configure tab.

4. After modified configure, simply load feed.js as a external script to where your xss page is. There is also a demo page in the directory which is “demo.html”

5. Refresh the admin.php, and you may see some changes if your xss slave coming.

Download Anehta V-0.6

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

RemoteScript - Execute scripts on multiple remote hosts

Execute a script on single or multiple remote hosts simultaneously via ssh . No client installation required. May work on any host with a ssh server. Php/mysql based.

Features

• Execute shell script on single or multiple linux hosts remotely
• Group hosts to execute scripts on multiple hosts simultaneously
• Keep a trace of stout and error output

Download RemoteScript

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Bash Script to Automate browser-in-the-middle attack

Browser-in-the-middle is a bashscript that uses ettercap, metasploit and the beEF framework to make attacks that injects code in pages users visited on the internet from the local network.

• - uses ettercap to launch a man in the middle attack
• - ettercap modifies traffic so evil javascript or iframes are added
• - victim's browser will be redirect to the attackers webserver
• - the webserver will be running the msf autopwn module or the beEF framework to launch browser exploits are other browser related attacks.

Download Bash Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Custom bash scripts to automate various pentesting tasks

Get Custom bash scripts used to automate various pentesting tasks released with name "backtrack-scripts". These scripts are designed for use with BackTrack 5 R2, 32-bit gnome.

Also included is a collection of python scripts by Saviour Emmanuel.

• Domain Parser
• fern-wifi-cracker
• ghost-phisher
• HexorBase
• ssql-lhf

Tools Menu

• 1. Open Source Intelligence Gathering
• 2. Scrape
• 3. Ping Sweep
• 4. Single Host or URL
• 5. Local Area Network
• 6. List of Hosts
• 7. CIDR Notation
• 8. Open multiple tabs in Firefox
• 9. Niktos
• 10. SSL Check
• 11. Check for new Nmap scripts and Metasploit scanners
• 12. Start a Metasploit listener

How to Download and Use:

1.) Run Following Command to download:
svn co https://backtrack-scripts.googlecode.com/svn/ /opt/scripts
2.) Set permissions
chmod 755 /opt/scripts/ -R
3.) Run the setup script
./setup.sh
4.) Execute
./discover.sh

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Metasploit payload Debian (.deb) package trojan Generator Script

This bash script is to generate a Debian (.deb) package trojan using Metasploit payload developed by Aaron Hine. Metasploit Payload is to send a request back to the BackTrack server running a Metasploit listener. This video demonstrates the script:

Download Script - 1

There is Another Script developed by Travis Phillips to create msfpayload & msfencode metasploit payload trojans. The following script coded to simplify the ease of use for using msfpayload and msfencode to create a windows based trojan and set up the listener.

The script will do the following:

• Determine your IP address automatically for the LHOST of the payload.
• Ask if you want a shell or meterpreter
• Ask if you want it reverse connection or Bind port TCP
• Request the Port number.
• at that point it will create two files
• trojan.exe - your virus payload
• msf_Trojan_Listener - a file with a one liner to create the metasploit listener that works with your payload.
• Next it will start msfcli to create a listener.

Download Script - 2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Web Shell Detector v1.51 - Include Signatures of 290 Types of Web Shells

Web Shell Detector is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.

Detection: Number of known shells: 290

Requirements: PHP 5.x, OpenSSL

Usage: To activate Web Shell Detector:

1) Upload shelldetect.php and shelldetect.db to your root directory

2) Open shelldetect.php file in your browser Example: http://www.website.com/shelldetect.php

3) Inspect all strange files, if some of files look suspicious, send them to http://www.websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.

4) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!).

Options

• extension - extensions that should be scanned
• showlinenumbers - show line number where suspicious function used
• dateformat - used with access time & modified time
• langauge - if I want to use other language
• directory - scan specific directory
• task - perform different task
• report_format - used with is_cron(true) file format for report file
• is_cron - if true run like a cron(no output)
• filelimit - maximum files to scan (more then 30000 you should scan specific directory)
• useget - activate _GET variable for easy way to recive tasks
• authentication - protect script with user & password in case to disable simply set to NULL
• remotefingerprint - get shells signatures db by remote

Download Web Shell Detector

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email