Showing posts with label script. Show all posts
Showing posts with label script. Show all posts
Weevely : Stealth PHP web shell with telnet style console
Labels:
backtrack,
Hacking Tools,
PHP,
PHP web shell,
post exploitation,
script,
shell server,
Weevely
Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
- More than 30 modules to automatize administration and post exploitation tasks:
- Execute commands and browse remote filesystem, even with PHP security restriction
- Audit common server misconfigurations
- Run SQL console pivoting on target machine
- Proxy your HTTP traffic through target
- Mount target filesystem to local mount point
- Simple file transfer from and to target
- Spawn reverse and direct TCP shells
- Bruteforce SQL accounts through target system
- Run port scans from target machine
- And so on..
- Backdoor communications are hidden in HTTP Cookies
- Communications are obfuscated to bypass NIDS signature detection
- Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Automated HTTP Enumeration Tool
Labels:
Codes,
Hacking Tools,
HTTP Enumeration,
Linux,
Null Security Team,
Python,
Scanners,
script
Version 0.2 adds scanning of SSL / TLS as well as an option for probing delays and general bug fixes.
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
PySQLi - Python SQL injection framework
Labels:
database hacking,
Hacking Tools,
penetration testing,
Python,
Scanners,
script,
website hacking
PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.
PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.
PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Wifi Honey - Creates fake APs using all encryption
Labels:
Hacking Tools,
penetration testing,
script,
Security Tools,
Shell Code,
Wi-Fi Hacking,
wireless
This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.
Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1
Download Wifi Honey
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
JBoss Autopwn - JSP Hacking Tool For JBoss AS Server
Labels:
Hacking Tools,
Linux,
script,
Shell Code,
Vulnerability Assessment,
Windows
This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.
Features include:
- Multiplatform support - tested on Windows, Linux and Mac targets
- Support for bind and reverse bind shells
- Meterpreter shells and VNC support for Windows targets
Installation: Dependencies include
- Netcat
- Curl
- Metasploit v3, installed in the current path as "framework3"
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Server Analyser : Simple Server Malware Scanner
Labels:
Forensic Toolkit,
Forensics,
Linux,
malware,
Scanners,
script,
Security Tools,
Server Analyser,
Shell Code
Server Analyser is a service for detecting and analyzing web-based threats. It currently handles shells, obfuscated JavaScript, Executables, Iframes and port scans.
Featured added:
+ Logging scans
+ Just paste the results ( option 1 )
+ Added new Exploit methods to option 1
+ Latest infections ( will be updated automaticly )
+ Added PHP Shell detection exec()/system() etc. ( more will be added soon )
+ The code has been changed into a smaller one
+ Added new BlackHole methods
+ Added different javascript methods
+ Added decoded php syntaxes
+ gzinflate
+ var url
+ base64_decode
+ The Beta has been releases and uploaded
+ code improvements
+ fixed the dos2unix issue
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Server Shield v1.0.2 - Protect your Linux machine in 1 minute
Labels:
Codes,
Hacking Tools,
Linux,
penetration testing,
script,
Security Tools,
Server Shield,
Shell Code
Server Shield is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortlessly resilient to many basic and advanced attacks.
Features
- Firewall Hardening
- TCP Hardening
- Data Leakage Protection
- ICMP/Ping Flood Protection
- Rootkit Protection
- DoS Protection
- Spoof Protection
- Bogus TCP Protection
- SYN Flood Protection
- Requires
- iptables ("yum install iptables")
Installation
git clone https://github.com/Brian-Holt/server-shield
cd server-shield;chmod +x sshield;mv sshield /etc/init.d
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Subscribe to:
Posts (Atom)