Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...

Sunday, December 4, 2016

#Three Seconds


...





By OffSec 
Share:

Thursday, December 1, 2016

AutoBrowser Screenshot of HTTP/s Based Ports - AutoBrowser 4.0



AutoBrowser is a tool written in python for penetration testers. The purpose of this tool is to create report(Json file) and screenshots of http/s based ports on the network. you can choose between analyze Nmap report(XML file -oX ) or scan with Nmap, then the tool automaticly Check the results with http/s request on each host using headless web browser, then it would take a screenshot of the response page content.

  • This tool is designed for IT professionals to perform penetration testing.

Documentation:
positional arguments: * analyze - Analyze and browse (Require argument: nmap report location) ** scan - Scan and browse (Require argument: target host or file)
optional arguments: * -h, --help - show this help message and exit * **-p PROJECT, --project PROJECT * - project name (folder which contain all the data. default: project) * **-t TIMEOUT, --timeout TIMEOUT * - http request timeout period * **-w MAX_WORKERS, --max-workers MAX_WORKERS * - Max worker processes (Default: 4) * **--useragent USERAGENT * - Set specific user agent * **--java-enabled * - Display Java enviroment * **--verbose * - Show all checks verbosly * **--proxy PROXY * - Relay connections through HTTP/socks5 proxy (Example: socks5://127.0.0.1:8080) * **--proxy-auth PROXY_AUTH * - Set proxy credentials. (Example: username:password)

Examples:
You must to delimiting the values on the CLI arguments via double quotes only!
  • Get argument details of scan method:
    python AutoBrowser.py scan --help   
  • Scan with Nmap, checks the results and create folder by name project_name verbose via 10 workers:
    python AutoBrowser.py scan "192.168.1.1/24" -a="-sT -sV -T3" -p project_name --workers=10   
  • Scan a host list via Nmap(like -iL Nmap flag), checks the results and create folder by name project_name and enabling java environment:
    python AutoBrowser.py scan file_path.txt -a="-sT -sV -T3" -p project_name --verbose --java-enabled   
  • Get the argument details of analyze method:
    python AutoBrowser.py analyze --help   
  • Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy:
    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="socks5://127.0.0.1:8080"   
  • Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy with credentials:
    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="http://127.0.0.1:8080" --proxy-auth="username:password"   
  • Analyzing Nmap XML report and create folder by name report_analyze with specify user agent:
    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --user-agent="My New UserAgent"   

Requirements:

Linux Installation:
  1. sudo apt-get install python-pip python2.7-dev libxext-dev python-qt4 qt4-dev-tools build-essential nmap
  2. sudo pip install -r requirements.txt

MacOSx Installation:
  1. Install Xcode Command Line Tools (AppStore)
  2.      ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"    
  3. brew install pyqt nmap
  4. sudo easy_install pip
  5. sudo pip install -r requirements.txt

Windows Installation:
  1. Install setuptools
  2. Install pip
  3. Install PyQt4
  4. install Nmap
  5. Open Command Prompt(cmd) as Administrator -> Goto python folder -> Scripts (cd c:\Python27\Scripts)
  6. pip install -r (Full Path To requirements.txt)


Share:

SSH Server Auditing - ssh-audit



ssh-audit is a tool for ssh server auditing.

Features
  • SSH1 and SSH2 protocol server support;
  • grab banner, recognize device or software and operating system, detect compression;
  • gather key-exchange, host-key, encryption and message authentication code algorithms;
  • output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
  • output algorithm recommendations (append or remove based on recognized software version);
  • output security information (related issues, assigned CVE list, etc);
  • analyze SSH version compatibility based on algorithm information;
  • historical information from OpenSSH, Dropbear SSH and libssh;
  • no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;

Usage
usage: ssh-audit.py [-bnv] [-l <level>] <host[:port]>

-1, --ssh1 force ssh version 1 only
-2, --ssh2 force ssh version 2 only
-b, --batch batch output
-n, --no-colors disable colors
-v, --verbose verbose output
-l, --level=<level> minimum output level (info|warn|fail)

  • batch flag -b will output sections without header and without empty lines (implies verbose flag).
  • verbose flag -v will prefix each line with section type and algorithm name. 


ChangeLog

v1.6.0 (2016-10-14)
  • implement algorithm recommendations section (based on recognized software)
  • implement full libssh support (version history, algorithms, security, etc)
  • fix SSH-1.99 banner recognition and version comparison functionality
  • do not output empty algorithms (happens for misconfigured servers)
  • make consistent output for Python 3.x versions
  • add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc)
  • use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3)

v1.5.0 (2016-09-20)
  • create security section for related security information
  • match and output assigned CVE list and security issues for Dropbear SSH
  • implement full SSH1 support with fingerprint information
  • automatically fallback to SSH1 on protocol mismatch
  • add new options to force SSH1 or SSH2 (both allowed by default)
  • parse banner information and convert it to specific sofware and OS version
  • do not use padding in batch mode
  • several fixes (Cisco sshd, rare hangs, error handling, etc)

v1.0.20160902
  • implement batch output option
  • implement minimum output level option
  • fix compatibility with Python 2.6

v1.0.20160812
  • implement SSH version compatibility feature
  • fix wrong mac algorithm warning
  • fix Dropbear SSH version typo
  • parse pre-banner header
  • better errors handling

v1.0.20160803
  • use OpenSSH 7.3 banner
  • add new key-exchange algorithms

v1.0.20160207
  • use OpenSSH 7.2 banner
  • additional warnings for OpenSSH 7.2
  • fix OpenSSH 7.0 failure messages
  • add rijndael-cbc failure message from OpenSSH 6.7

v1.0.20160105
  • multiple additional warnings
  • support for none algorithm
  • better compression handling
  • ensure reading enough data (fixes few Linux SSH)

v1.0.20151230
  • Dropbear SSH support

v1.0.20151223
  • initial version

Share:

Automated Brute-Force Login Attacks Against EAP Networks - Auto_EAP



Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Using the python library wpaspy, created by Jouni Malinen j@w1.fi to interact with the wpa_supplicant daemon, automated authentication attacks can be preformed with the intent of not causing account lock-outs.

Demo

./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0
Initialized...
Trying Username Alice with Password test: SUCCESS
Trying Username Bob with Password test: FAILED
Trying Username Charles with Password test: FAILED
Trying Username David with Password test: SUCCESS
Completed


Installation

Run 'RunMeFirst.py' within the root directory of Auto_EAP. This will compile the wpaspy library as well as setup a stand alone wpa_supplicant.conf file that Auto_EAP.py will use for testing, leaving the system’s wpa_supplicant config file untouched.

Help

./Auto_EAP.py -h
usage: Auto_EAP.py [-h] -i Interface -s SSID -U Usernamefile -p Password -K
Key_mgmt -E Eap_type

optional arguments:
-h, --help show this help message and exit
-i Interface, --interface Interface
The Interface to use
-s SSID, --ssid SSID The SSID to attack
-U Usernamefile, --User Usernamefile
Path to username file
-p Password, --password Password
Password to use
-K Key_mgmt, --key_mgmt Key_mgmt
Key_Management type to use
-E Eap_type, --eap_type Eap_type
Eap type to use


Todo list

  • [✓] Resoved bug with .a type wireless cards (Shout out to Havok0x90 for his help in resolving this issue)
  • [-] Add multi-threading functionality
  • [-] Add support for password lists


Share:

Phishing Campaign Toolkit - King Phisher 1.5.2



King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.
Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.
For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki .

Feature Overview
  • Run multiple phishing campaigns simultaneously
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geo location of phishing visitors
  • Send email with calendar invitations

Plugins
Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository .

Template Files
Template files for both messages and server pages can be found in the separate King Phisher Templates repository . Any contributions regarding templates should also be submitted via a pull request to the templates repository.

Message Template Variables
The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.
Variable Name Variable Value
client.company_name The target's company name
client.email_address The target's email address
client.first_name The target's first name
client.last_name The target's last name
client.message_id The unique tracking identifier (this is the same as uid)
sender.email The email address in the "Source Email (MIME)" field
sender.friendly_alias The value of the "Friendly Alias" field
sender.reply_to The value of the "Reply To" field
url.tracking_dot URL of an image used for message tracking
url.webserver Phishing server URL with the uid parameter
url.webserver_raw Phishing server URL without any parameters
tracking_dot_image_tag The tracking image in a preformatted <img /> tag
uid The unique tracking identifier (this is the same as client.message_id)
The uid is the most important, and must be present in links that the messages contain.

Documentation
Documentation for users of the application is provided on the project's wiki page . This includes steps to help new users get started with their first campaigns. Additional technical documentation intended for developers is kept seperate as outlined in section below.

Code Documentation
King Phisher uses Sphinx for internal technical documentation. This documentation can be generated from source with the command sphinx-build -b html docs/source docs/html . The latest documentation is kindly hosted on ReadTheDocs at king-phisher.readthedocs.io .

License
King Phisher is released under the BSD 3-clause license, for more details see the LICENSE file.

Credits
Special Thanks (QA / Beta Testing):
  • Jake Garlie - jagar
  • Jeremy Schoeneman - Shad0wman
  • Ken Smith - p4tchw0rk
  • Brianna Whittaker
King Phisher Development Team:


Share:

The Ultimate WordPress Audit Trail Plugin - WP Security Audit Log

The WP Security Audit Log plugin is a WordPress plugin that keeps an audit trail of everything that happens on your WordPress and WordPress multisite network. There are several WordPress audit trail / log plugins available, tough we chose to review WP Security Audit Log because it is has the most comprehensive logging and the best coverage of WordPress changes. It is also the most complete and mature WordPress audit trail solution. 

Why Do You Need a WordPress Audit Trail?

First things first, why would you need a WordPress audit trail? A WordPress audit trail is a record, or better a log of every change that happened on your WordPress, similar to Syslog on Linux/Unix or the Events Viewer on Microsoft Windows. The WordPress audit trail can be used to:
  • Keep track of users’ productivity (ideal for multi-users setups),
  • Ease the troubleshooting in case something is wrong with the WordPress website,
  • Identify any possible malicious WordPress hack attacks before they actually happen,
  • Catch hackers red handed if they manage to hack into your WordPress,
  • Do all the forensics to track back which security hole the hackers exploited so you can close it down.

The above are just a few reasons mostly related to WordPress security of why you would need to keep a record of all the changes that happen on your WordPress. There are many other reasons related to business and operations, for example to ensure that your business WordPress website meets today’s stringent regulatory compliance regulations, in case you’re using WordPress for your business website.

Getting Started with the WP Security Audit Log Plugin

Install the WP Security Audit Log plugin from your Plugins page in your WordPress dashboard and activate it. By default the WP Security Audit Log will keep track of all these changes on your WordPress. You can also watch the short video below for a quick introduction.


Comprehensive Tracking of WordPress Changes

The comprehensive WordPress audit trail is what sets this plugin apart from the competition. For example while the other audit log plugins simply record that a post was updated, WP Security Audit Log tells you what exactly changed in the post. For example in the screenshot below we can see that the plugin kept a record when all of the below changes happened:

  • User opened the post in the editor,
  • Author of the post was changed,
  • Title of the post was changed,
  • URL of the post was changed



In case the content is changed the alert reporting the change in the plugin will allow you to see the revision of changes, as per the below screenshot.


Fully Configurable WordPress Audit Trail Plugin

WP Security Audit Log is also a fully configurable WordPress plugin, therefore it allows you to customize the plugin’s functionality to suite your own needs. Below is an overview of what you can configure.

Enable / Disable Alerts

The plugin keeps a record of all these WordPress changes. If for example you do not want to keep a record each time a logged in user, or a website visitor requests a non-existing page (HTTP 404 Error) navigate to the Enable/Disable Alerts > System Activity tab and disable Alert 6007 as shown in the below screenshot.


Browse through the different categories to find the change you would like to disable or enable back.

Generic Plugin Settings

You can also configure things such as:
  • Support for WAFs and reverse proxy (more information on this option),
  • Specify who can access the plugin’s settings and manage it,
  • Enable logging, developer options,
  • And much more.

Audit Trail Settings

In the Audit Log / Trail settings you can configure settings related to the WordPress audit trail, such as:
  • Automatic pruning of alerts from the audit trail,
  • Who can view the WordPress audit trial,
  • The time zone the plugin uses to timestamp the WordPress changes etc.

Exclude Objects from Monitoring

You can also exclude the below from being recorded in the WordPress audit trial:
  • Specific users or roles,
  • Custom fields,
  • IP addresses.

Beefing Up the WordPress Audit Trail

Keeping an audit trail of all the changes that happen is a WordPress security best practice but who has the time to check the log every few minutes? The good news is that you do not need to. WP Security Audit Log has a number of premium add-ons so you can:
  • Configure email notifications so you are alerted instantly via email of important changes on your WordPress,
  • Do free text based searches so you can find that specific change when troubleshooting an issue,
  • Generate reports for managers, to monitor users’ productivity and for regulatory compliance reasons,
  • See who is logged in and block multiple sessions from the same username.

 You can add all of the above functionality to get the best out of your WordPress audit trail solution by purchasing the All Add-Ons bundle. Prices start from as low as $89.


Share:

Friday, November 18, 2016

Black Box vBulletin Vulnerability Scanner - VBScan 0.1.7



OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

Why OWASP VBScan ?
If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

usage :
./vbscan.pl <target>
./vbscan.pl http://target.com/vbulletin

OWASP VBScan 0.1.7 introduction (Youtube)


What’s New in Version 0.1.7 [Dennis Ritchie]
OWASP VBScan 0.1.7 [Larry Wall]
  • Updated exploit database
  • Compatible With Windows [Linux,OSX,Windows]
  • Added Full Path Disclosure (FPD) module
  • Added firewall detect/bypass module
  • Optimized version checker module engine [#12 issue]
  • Upgrade config finder module
  • Random user agent module set as default setting
  • Added HTML Report


Share:

Lightweight and Powerful Penetration Testing OS - DracOS



Dracos Linux ( www.dracos-linux.org ) is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Does not use a GUI-based tools-tools and just have the software using the CLI (command line interface) to perform its operations. Now Dracos currently already up to version 2.0 with the code name "Leak".

Screenshot

Teaser

As the target of development

Education
Dracos Linux is purposed as an educational,especially to recognize the operation system of linux and we respect ethical hacking.

Build from source
had always been built from codes instead of installer,this will stimulate users in indonesia to stay creative and to build the spirit of opensource.

Repository
even though proportionally based on codes,Dracos Linux still intends to construct the repository to build up the processes Like Venomizer

Heavy Control
We need to recognize this operating system Very Dificult Because Dracos in build from source code, thus forcing us to compile when installing a package or software, which of course will arise the possibility of system failure and other system vulnerabilities.

Always from terminal
None of every singel tool that was installed inside the OS uses GUI. CLI will always consider to particularly openbox to ease the users in need of multi terminal in applying Penetration Testing

Penetration Tools List
Link : http://dev.dracos-linux.org/projects/dracoslinux/wiki/Penetration_Testing
  • Information Gathering
  • Vulnerability Assessment
  • Web Attack
  • Exploitation Testing
  • Privilege Escalation
  • Password Attack
  • Social Engineering
  • Man In The Middle Attack
  • Stress Testing
  • Wireless Attack
  • Maintaining Access
  • Forensics Tools
  • Reverse Engineering
  • Malware Analysis
  • Covering Track

Share:

Sunday, November 6, 2016

Mirai Source Code Released




The IoT Botnet Mirai’s source code has been published online by its author along with configuration and set-up details. Naturally, web security analysts are expecting a series of online attacks from malicious threat actors. The reason behind their concerns is that this code can easily convert any hackable, that is, unsecured or unprotected devices like the routers, web cameras and phone, etc., into DDoS Bots. These bots can then be used to attack websites and to take them offline.





Share:

Tuesday, November 1, 2016

Modern mass media manipulation methods are types of distraction - Media Manipulation






Media manipulation is a series of related techniques in which partisans create an image or argument that favours their particular interests. Such tactics may include the use of logical fallacies and propaganda techniques, and often involve the suppression of information or points of view by crowding them out, by inducing other people or groups of people to stop listening to certain arguments, or by simply diverting attention elsewhere. In Propaganda: The Formation of Men's Attitudes, Jacques Ellul writes that public opinion can only express itself through channels which are provided by the mass media of communication – without which there could be no propaganda. It is used within public relations, propaganda, marketing, etc. While the objective for each context is quite different, the broad techniques are often similar.

watch the video





By OffSec
Share:

An utility like pkg-audit for Arch Linux - arch-audit



An utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data

Uses data collected by the awesome Arch CVE Monitoring Team .

Installation

From AUR
The PKGBUILD is available on AUR .
After the installation just execute arch-audit .

From sources
git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run

Example output
$ arch-audit
Package libwmf is affected by ["CVE-2009-1364", "CVE-2006-3376", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3477", "CVE-2009-3546", "CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696"]. VULNERABLE!
Package libtiff is affected by ["CVE-2016-5875", "CVE-2016-5314", "CVE-2016-5315", "CVE-2016-5316", "CVE-2016-5317", "CVE-2016-5320", "CVE-2016-5321", "CVE-2016-5322", "CVE-2016-5323", "CVE-2016-5102", "CVE-2016-3991", "CVE-2016-3990", "CVE-2016-3945", "CVE-2016-3658", "CVE-2016-3634", "CVE-2016-3633", "CVE-2016-3632", "CVE-2016-3631", "CVE-2016-3625", "CVE-2016-3624", "CVE-2016-3623", "CVE-2016-3622", "CVE-2016-3621", "CVE-2016-3620", "CVE-2016-3619", "CVE-2016-3186", "CVE-2015-8668", "CVE-2015-7313", "CVE-2014-8130", "CVE-2014-8127", "CVE-2010-2596", "CVE-2016-6223"]. VULNERABLE!
Package libtiff is affected by ["CVE-2015-7554", "CVE-2015-8683"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-8751"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5221"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5203"]. VULNERABLE!
Package lib32-openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1:1.0.2.i-1!
Package wireshark-cli is affected by ["CVE-2016-7180", "CVE-2016-7175", "CVE-2016-7176", "CVE-2016-7177", "CVE-2016-7178", "CVE-2016-7179"]. Update to 2.2.0-1!
Package wpa_supplicant is affected by ["CVE-2016-4477", "CVE-2016-4476"]. VULNERABLE!
Package openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1.0.2.i-1!
Package crypto++ is affected by ["CVE-2016-7420"]. VULNERABLE!
Package bzip2 is affected by ["CVE-2016-3189"]. VULNERABLE!
Package libimobiledevice is affected by ["CVE-2016-5104"]. VULNERABLE!
Package libusbmuxd is affected by ["CVE-2016-5104"]. VULNERABLE!
Package gdk-pixbuf2 is affected by ["CVE-2016-6352"]. VULNERABLE!

$ arch-audit --upgradable --quiet
wireshark-cli>=2.2.0-1
openssl>=1.0.2.i-1
lib32-openssl>=1:1.0.2.i-1

$ arch-audit -uf "%n|%c"
openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179
lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306



Share:

Android APK Backdoor Embedder - Spade



Quick and handy APK backdoor embedder with metasploit android payloads.

Requirements

Installation and execution
Then you can download smap by cloning the Git repository:
git clone https://github.com/suraj-root/spade.git
cd spade/
./spade.py

Demo video
asciicast

Video YouTube:


Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition