-
Penetration Testing Distribution - BackBox
BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing... -
Pentest Distro Linux - Weakerth4n
Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox... -
The Amnesic Incognito Live System - Tails
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship... -
Penetration Testing Distribution - BlackArch
BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers... -
The Best Penetration Testing Distribution - Kali Linux
Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack... -
Friendly OS designed for Pentesting - ParrotOS
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Sunday, December 4, 2016
Thursday, December 1, 2016
AutoBrowser Screenshot of HTTP/s Based Ports - AutoBrowser 4.0
AutoBrowser is a tool written in python for penetration testers. The purpose of this tool is to create report(Json file) and screenshots of http/s based ports on the network. you can choose between analyze Nmap report(XML file
-oX
) or scan with Nmap, then the tool automaticly Check the results with http/s request on each host using headless web browser, then it would take a screenshot of the response page content.- This tool is designed for IT professionals to perform penetration testing.
Documentation:
positional arguments: * analyze - Analyze and browse (Require argument: nmap report location) ** scan - Scan and browse (Require argument: target host or file)
optional arguments: * -h, --help - show this help message and exit * **-p PROJECT, --project PROJECT * - project name (folder which contain all the data. default: project) * **-t TIMEOUT, --timeout TIMEOUT * - http request timeout period * **-w MAX_WORKERS, --max-workers MAX_WORKERS * - Max worker processes (Default: 4) * **--useragent USERAGENT * - Set specific user agent * **--java-enabled * - Display Java enviroment * **--verbose * - Show all checks verbosly * **--proxy PROXY * - Relay connections through HTTP/socks5 proxy (Example: socks5://127.0.0.1:8080) * **--proxy-auth PROXY_AUTH * - Set proxy credentials. (Example: username:password)
Examples:
You must to delimiting the values on the CLI arguments via double quotes only!
- Get argument details of
scan
method:
python AutoBrowser.py scan --help
- Scan with Nmap, checks the results and create folder by name project_name verbose via 10 workers:
python AutoBrowser.py scan "192.168.1.1/24" -a="-sT -sV -T3" -p project_name --workers=10
- Scan a host list via Nmap(like -iL Nmap flag), checks the results and create folder by name project_name and enabling java environment:
python AutoBrowser.py scan file_path.txt -a="-sT -sV -T3" -p project_name --verbose --java-enabled
- Get the argument details of
analyze
method:
python AutoBrowser.py analyze --help
- Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy:
python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="socks5://127.0.0.1:8080"
- Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy with credentials:
python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="http://127.0.0.1:8080" --proxy-auth="username:password"
- Analyzing Nmap XML report and create folder by name report_analyze with specify user agent:
python AutoBrowser.py analyze nmap_file.xml --project report_analyze --user-agent="My New UserAgent"
Requirements:
Linux Installation:
- sudo apt-get install python-pip python2.7-dev libxext-dev python-qt4 qt4-dev-tools build-essential nmap
- sudo pip install -r requirements.txt
MacOSx Installation:
- Install Xcode Command Line Tools (AppStore)
-
ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"
- brew install pyqt nmap
- sudo easy_install pip
- sudo pip install -r requirements.txt
Windows Installation:
- Install setuptools
- Install pip
- Install PyQt4
- install Nmap
- Open Command Prompt(cmd) as Administrator -> Goto python folder -> Scripts (cd c:\Python27\Scripts)
- pip install -r (Full Path To requirements.txt)
SSH Server Auditing - ssh-audit
ssh-audit is a tool for ssh server auditing.
Features
- SSH1 and SSH2 protocol server support;
- grab banner, recognize device or software and operating system, detect compression;
- gather key-exchange, host-key, encryption and message authentication code algorithms;
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
- output algorithm recommendations (append or remove based on recognized software version);
- output security information (related issues, assigned CVE list, etc);
- analyze SSH version compatibility based on algorithm information;
- historical information from OpenSSH, Dropbear SSH and libssh;
- no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
Usage
usage: ssh-audit.py [-bnv] [-l <level>] <host[:port]>
-1, --ssh1 force ssh version 1 only
-2, --ssh2 force ssh version 2 only
-b, --batch batch output
-n, --no-colors disable colors
-v, --verbose verbose output
-l, --level=<level> minimum output level (info|warn|fail)
- batch flag
-b
will output sections without header and without empty lines (implies verbose flag).
- verbose flag
-v
will prefix each line with section type and algorithm name.
ChangeLog
v1.6.0 (2016-10-14)
- implement algorithm recommendations section (based on recognized software)
- implement full libssh support (version history, algorithms, security, etc)
- fix SSH-1.99 banner recognition and version comparison functionality
- do not output empty algorithms (happens for misconfigured servers)
- make consistent output for Python 3.x versions
- add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc)
- use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3)
v1.5.0 (2016-09-20)
- create security section for related security information
- match and output assigned CVE list and security issues for Dropbear SSH
- implement full SSH1 support with fingerprint information
- automatically fallback to SSH1 on protocol mismatch
- add new options to force SSH1 or SSH2 (both allowed by default)
- parse banner information and convert it to specific sofware and OS version
- do not use padding in batch mode
- several fixes (Cisco sshd, rare hangs, error handling, etc)
v1.0.20160902
- implement batch output option
- implement minimum output level option
- fix compatibility with Python 2.6
v1.0.20160812
- implement SSH version compatibility feature
- fix wrong mac algorithm warning
- fix Dropbear SSH version typo
- parse pre-banner header
- better errors handling
v1.0.20160803
- use OpenSSH 7.3 banner
- add new key-exchange algorithms
v1.0.20160207
- use OpenSSH 7.2 banner
- additional warnings for OpenSSH 7.2
- fix OpenSSH 7.0 failure messages
- add rijndael-cbc failure message from OpenSSH 6.7
v1.0.20160105
- multiple additional warnings
- support for none algorithm
- better compression handling
- ensure reading enough data (fixes few Linux SSH)
v1.0.20151230
- Dropbear SSH support
v1.0.20151223
- initial version
Automated Brute-Force Login Attacks Against EAP Networks - Auto_EAP
Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Using the python library wpaspy, created by Jouni Malinen j@w1.fi to interact with the wpa_supplicant daemon, automated authentication attacks can be preformed with the intent of not causing account lock-outs.
Demo
./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0
Initialized...
Trying Username Alice with Password test: SUCCESS
Trying Username Bob with Password test: FAILED
Trying Username Charles with Password test: FAILED
Trying Username David with Password test: SUCCESS
Completed
Installation
Run 'RunMeFirst.py' within the root directory of Auto_EAP. This will compile the wpaspy library as well as setup a stand alone wpa_supplicant.conf file that Auto_EAP.py will use for testing, leaving the system’s wpa_supplicant config file untouched.
Help
./Auto_EAP.py -h
usage: Auto_EAP.py [-h] -i Interface -s SSID -U Usernamefile -p Password -K
Key_mgmt -E Eap_type
optional arguments:
-h, --help show this help message and exit
-i Interface, --interface Interface
The Interface to use
-s SSID, --ssid SSID The SSID to attack
-U Usernamefile, --User Usernamefile
Path to username file
-p Password, --password Password
Password to use
-K Key_mgmt, --key_mgmt Key_mgmt
Key_Management type to use
-E Eap_type, --eap_type Eap_type
Eap type to use
Todo list
- [✓] Resoved bug with .a type wireless cards (Shout out to Havok0x90 for his help in resolving this issue)
- [-] Add multi-threading functionality
- [-] Add support for password lists
Phishing Campaign Toolkit - King Phisher 1.5.2
King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.
Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.
For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki .
Feature Overview
- Run multiple phishing campaigns simultaneously
- Send email with embedded images for a more legitimate appearance
- Optional Two-Factor authentication
- Credential harvesting from landing pages
- SMS alerts regarding campaign status
- Web page cloning capabilities
- Integrated Sender Policy Framework (SPF) checks
- Geo location of phishing visitors
- Send email with calendar invitations
Plugins
Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository .
Template Files
Template files for both messages and server pages can be found in the separate King Phisher Templates repository . Any contributions regarding templates should also be submitted via a pull request to the templates repository.
Message Template Variables
The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.
Variable Name | Variable Value |
---|---|
client.company_name | The target's company name |
client.email_address | The target's email address |
client.first_name | The target's first name |
client.last_name | The target's last name |
client.message_id | The unique tracking identifier (this is the same as uid) |
sender.email | The email address in the "Source Email (MIME)" field |
sender.friendly_alias | The value of the "Friendly Alias" field |
sender.reply_to | The value of the "Reply To" field |
url.tracking_dot | URL of an image used for message tracking |
url.webserver | Phishing server URL with the uid parameter |
url.webserver_raw | Phishing server URL without any parameters |
tracking_dot_image_tag | The tracking image in a preformatted <img /> tag |
uid | The unique tracking identifier (this is the same as client.message_id) |
Documentation
Documentation for users of the application is provided on the project's wiki page . This includes steps to help new users get started with their first campaigns. Additional technical documentation intended for developers is kept seperate as outlined in section below.
Code Documentation
King Phisher uses Sphinx for internal technical documentation. This documentation can be generated from source with the command
sphinx-build -b html docs/source docs/html
. The latest documentation is kindly hosted on ReadTheDocs at king-phisher.readthedocs.io . License
King Phisher is released under the BSD 3-clause license, for more details see the LICENSE file.
Credits
Special Thanks (QA / Beta Testing):
- Jake Garlie - jagar
- Jeremy Schoeneman - Shad0wman
- Ken Smith - p4tchw0rk
- Brianna Whittaker
King Phisher Development Team:
- Erik Daguerre - wolfthefallen ( @wolf_thefallen )
- Brandan Geise - coldfusion ( @coldfusion39 )
- Jeff McCutchan - jamcut ( @jamcut )
- Spencer McIntyre - zeroSteiner ( @zeroSteiner )
The Ultimate WordPress Audit Trail Plugin - WP Security Audit Log
The WP Security Audit Log plugin is a WordPress plugin that keeps an audit trail of everything that happens on your WordPress and WordPress multisite network. There are several WordPress audit trail / log plugins available, tough we chose to review WP Security Audit Log because it is has the most comprehensive logging and the best coverage of WordPress changes. It is also the most complete and mature WordPress audit trail solution.
Why Do You Need a WordPress Audit Trail?
First things first, why would you need a WordPress audit trail? A WordPress audit trail is a record, or better a log of every change that happened on your WordPress, similar to Syslog on Linux/Unix or the Events Viewer on Microsoft Windows. The WordPress audit trail can be used to:
- Keep track of users’ productivity (ideal for multi-users setups),
- Ease the troubleshooting in case something is wrong with the WordPress website,
- Identify any possible malicious WordPress hack attacks before they actually happen,
- Catch hackers red handed if they manage to hack into your WordPress,
- Do all the forensics to track back which security hole the hackers exploited so you can close it down.
The above are just a few reasons mostly related to WordPress security of why you would need to keep a record of all the changes that happen on your WordPress. There are many other reasons related to business and operations, for example to ensure that your business WordPress website meets today’s stringent regulatory compliance regulations, in case you’re using WordPress for your business website.
Getting Started with the WP Security Audit Log Plugin
Install the WP Security Audit Log plugin from your Plugins page in your WordPress dashboard and activate it. By default the WP Security Audit Log will keep track of all these changes on your WordPress. You can also watch the short video below for a quick introduction.
Comprehensive Tracking of WordPress Changes
The comprehensive WordPress audit trail is what sets this plugin apart from the competition. For example while the other audit log plugins simply record that a post was updated, WP Security Audit Log tells you what exactly changed in the post. For example in the screenshot below we can see that the plugin kept a record when all of the below changes happened:
- User opened the post in the editor,
- Author of the post was changed,
- Title of the post was changed,
- URL of the post was changed
In case the content is changed the alert reporting the change in the plugin will allow you to see the revision of changes, as per the below screenshot.
Fully Configurable WordPress Audit Trail Plugin
WP Security Audit Log is also a fully configurable WordPress plugin, therefore it allows you to customize the plugin’s functionality to suite your own needs. Below is an overview of what you can configure.
Enable / Disable Alerts
The plugin keeps a record of all these WordPress changes. If for example you do not want to keep a record each time a logged in user, or a website visitor requests a non-existing page (HTTP 404 Error) navigate to the Enable/Disable Alerts > System Activity tab and disable Alert 6007 as shown in the below screenshot.
Browse through the different categories to find the change you would like to disable or enable back.
Generic Plugin Settings
You can also configure things such as:
- Support for WAFs and reverse proxy (more information on this option),
- Specify who can access the plugin’s settings and manage it,
- Enable logging, developer options,
- And much more.
Audit Trail Settings
In the Audit Log / Trail settings you can configure settings related to the WordPress audit trail, such as:
- Automatic pruning of alerts from the audit trail,
- Who can view the WordPress audit trial,
- The time zone the plugin uses to timestamp the WordPress changes etc.
Exclude Objects from Monitoring
You can also exclude the below from being recorded in the WordPress audit trial:
- Specific users or roles,
- Custom fields,
- IP addresses.
Beefing Up the WordPress Audit Trail
Keeping an audit trail of all the changes that happen is a WordPress security best practice but who has the time to check the log every few minutes? The good news is that you do not need to. WP Security Audit Log has a number of premium add-ons so you can:
- Configure email notifications so you are alerted instantly via email of important changes on your WordPress,
- Do free text based searches so you can find that specific change when troubleshooting an issue,
- Generate reports for managers, to monitor users’ productivity and for regulatory compliance reasons,
- See who is logged in and block multiple sessions from the same username.
You can add all of the above functionality to get the best out of your WordPress audit trail solution by purchasing the All Add-Ons bundle. Prices start from as low as $89.
Friday, November 18, 2016
Black Box vBulletin Vulnerability Scanner - VBScan 0.1.7
OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .
Why OWASP VBScan ?
If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.
- Project Leader : Mohammad Reza Espargham
- Github : https://github.com/rezasp/vbscan/
- SourceForge : https://sourceforge.net/projects/vbscan/
- OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project
usage :
./vbscan.pl <target>
./vbscan.pl http://target.com/vbulletin
OWASP VBScan 0.1.7 introduction (Youtube)
What’s New in Version 0.1.7 [Dennis Ritchie]
OWASP VBScan 0.1.7 [Larry Wall]
- Updated exploit database
- Compatible With Windows [Linux,OSX,Windows]
- Added Full Path Disclosure (FPD) module
- Added firewall detect/bypass module
- Optimized version checker module engine [#12 issue]
- Upgrade config finder module
- Random user agent module set as default setting
- Added HTML Report
Lightweight and Powerful Penetration Testing OS - DracOS
Dracos Linux ( www.dracos-linux.org ) is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Does not use a GUI-based tools-tools and just have the software using the CLI (command line interface) to perform its operations. Now Dracos currently already up to version 2.0 with the code name "Leak".
Screenshot
Teaser
As the target of development
Education
Dracos Linux is purposed as an educational,especially to recognize the operation system of linux and we respect ethical hacking.
Build from source
had always been built from codes instead of installer,this will stimulate users in indonesia to stay creative and to build the spirit of opensource.
Repository
even though proportionally based on codes,Dracos Linux still intends to construct the repository to build up the processes Like Venomizer
Heavy Control
We need to recognize this operating system Very Dificult Because Dracos in build from source code, thus forcing us to compile when installing a package or software, which of course will arise the possibility of system failure and other system vulnerabilities.
Always from terminal
None of every singel tool that was installed inside the OS uses GUI. CLI will always consider to particularly openbox to ease the users in need of multi terminal in applying Penetration Testing
Penetration Tools List
Link : http://dev.dracos-linux.org/projects/dracoslinux/wiki/Penetration_Testing
- Information Gathering
- Vulnerability Assessment
- Web Attack
- Exploitation Testing
- Privilege Escalation
- Password Attack
- Social Engineering
- Man In The Middle Attack
- Stress Testing
- Wireless Attack
- Maintaining Access
- Forensics Tools
- Reverse Engineering
- Malware Analysis
- Covering Track
Sunday, November 6, 2016
Mirai Source Code Released
The IoT Botnet Mirai’s source code has been published online by its author along with configuration and set-up details. Naturally, web security analysts are expecting a series of online attacks from malicious threat actors. The reason behind their concerns is that this code can easily convert any hackable, that is, unsecured or unprotected devices like the routers, web cameras and phone, etc., into DDoS Bots. These bots can then be used to attack websites and to take them offline.
Tuesday, November 1, 2016
Modern mass media manipulation methods are types of distraction - Media Manipulation
7:26:00 PM
Anti-Government, Anti-System, Fuck The System, How to exit the Matrix, Leave The Matrix, Open Your Mind
No comments
Media manipulation is a series of related techniques in which partisans create an image or argument that favours their particular interests. Such tactics may include the use of logical fallacies and propaganda techniques, and often involve the suppression of information or points of view by crowding them out, by inducing other people or groups of people to stop listening to certain arguments, or by simply diverting attention elsewhere. In Propaganda: The Formation of Men's Attitudes, Jacques Ellul writes that public opinion can only express itself through channels which are provided by the mass media of communication – without which there could be no propaganda. It is used within public relations, propaganda, marketing, etc. While the objective for each context is quite different, the broad techniques are often similar.
watch the video
By OffSec
An utility like pkg-audit for Arch Linux - arch-audit
An utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data
Uses data collected by the awesome Arch CVE Monitoring Team .
Installation
From AUR
The PKGBUILD is available on AUR .
After the installation just execute
arch-audit
. From sources
git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run
Example output
$ arch-audit
Package libwmf is affected by ["CVE-2009-1364", "CVE-2006-3376", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3477", "CVE-2009-3546", "CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696"]. VULNERABLE!
Package libtiff is affected by ["CVE-2016-5875", "CVE-2016-5314", "CVE-2016-5315", "CVE-2016-5316", "CVE-2016-5317", "CVE-2016-5320", "CVE-2016-5321", "CVE-2016-5322", "CVE-2016-5323", "CVE-2016-5102", "CVE-2016-3991", "CVE-2016-3990", "CVE-2016-3945", "CVE-2016-3658", "CVE-2016-3634", "CVE-2016-3633", "CVE-2016-3632", "CVE-2016-3631", "CVE-2016-3625", "CVE-2016-3624", "CVE-2016-3623", "CVE-2016-3622", "CVE-2016-3621", "CVE-2016-3620", "CVE-2016-3619", "CVE-2016-3186", "CVE-2015-8668", "CVE-2015-7313", "CVE-2014-8130", "CVE-2014-8127", "CVE-2010-2596", "CVE-2016-6223"]. VULNERABLE!
Package libtiff is affected by ["CVE-2015-7554", "CVE-2015-8683"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-8751"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5221"]. VULNERABLE!
Package jasper is affected by ["CVE-2015-5203"]. VULNERABLE!
Package lib32-openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1:1.0.2.i-1!
Package wireshark-cli is affected by ["CVE-2016-7180", "CVE-2016-7175", "CVE-2016-7176", "CVE-2016-7177", "CVE-2016-7178", "CVE-2016-7179"]. Update to 2.2.0-1!
Package wpa_supplicant is affected by ["CVE-2016-4477", "CVE-2016-4476"]. VULNERABLE!
Package openssl is affected by ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"]. Update to 1.0.2.i-1!
Package crypto++ is affected by ["CVE-2016-7420"]. VULNERABLE!
Package bzip2 is affected by ["CVE-2016-3189"]. VULNERABLE!
Package libimobiledevice is affected by ["CVE-2016-5104"]. VULNERABLE!
Package libusbmuxd is affected by ["CVE-2016-5104"]. VULNERABLE!
Package gdk-pixbuf2 is affected by ["CVE-2016-6352"]. VULNERABLE!
$ arch-audit --upgradable --quiet
wireshark-cli>=2.2.0-1
openssl>=1.0.2.i-1
lib32-openssl>=1:1.0.2.i-1
$ arch-audit -uf "%n|%c"
openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179
lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Android APK Backdoor Embedder - Spade
Quick and handy APK backdoor embedder with metasploit android payloads.
Requirements
Installation and execution
Then you can download smap by cloning the Git repository:
git clone https://github.com/suraj-root/spade.git
cd spade/
./spade.py
Demo video
Video YouTube:
Search
Translate
Popular Posts
-
In this post, we will explore a Python script designed to parse logs containing url:user:pass data. These logs are instrumental in executin...
-
Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and sc...
-
Introduction This tool is made to automate the process of retrieving secrets in the public APIs on [swaggerHub](https://app.swaggerhub.com...
Categories
#Snowden
Active Directory Attacks
Analysis
Android
Android Hack
Android Pentest
Anonimato
Anonymity
Anti-Forensic
Anti-Forensic Tools
Anti-Government
Anti-System
Apache
API Hacking
APK
ARM
Assembly
Attack Map
Auditing Tool
Automation Tools
AvKill
AWS Pentest
Backdoor
Bind
BlueTeam
Bluetooth
Bot
botnet/DDoS
Bounty
Brute Force
Bypass
Certificate
Cheat Sheet
Cloud Forensics
Cloud Pentest
Courses
Cryptography
CTF Engine
CVEs
Cyber Forensics
Cyber War
Data Base
DeepWeb
DevSecOps
Disassembler
DLL Hijacking
Dns Enumeration
Dns Recon
Dns Spoof
Documentary
DoS
Downloads
DUMP
Elearn Security
Email Hacking
Encrypted DNS
Engenharia Reversa
Enumeration
Evasion
EXIF
Exploit
Exploitation Tools
Exposed Leaked
Fake
Filmes e Documentários
Fingerprint
Firewall
Footprint
Frameworks
Fuck The System
Fuzzer
GeoIP
Google Hacking
Hackers
Hackers News
Hackers Tools
Hacking
Hacking Ebook's
Hacking VÃdeos
Hacktivism
Hardening
Hardware
Hardware Hack
Hidden
HIDS
Honeypots
How to exit the Matrix
IDS
IDS/IPS
Incident Response
Information Gathering
iOS
IoT
JAVA
Kali
Kali Linux
Keylogger
Labs
Leaked
Leaks
Leave The Matrix
Linux
Linux System
Mac
Malware
Malware Analysis
MetaSploit
Mind Map
MIPS
MITM
Monitoring
Movies
Network
Networking
New World Order
Nmap
Offensive Politics
Offensive Sec
OffSec
OffSec Exclusive Tools
Open Your Mind
OpenSSL
Os Sec
OSINT Tools
OWASP ZAP Scanner
Password Capture
Password Cracking
Passwords
Payload
PCC
PDF
Pentest
Pentest Tools
Phishing Attacks
Phones
PHP
Port Scan
Post-Exploitation Tool
PowerShell
Pr1v8
Privacidade
Privacy
Privilege Escalation
Projects
Proxy
Python
Ransomware
RAT
Recover File and Disk Analyzer
Red Team
Redes
Remote
Reverse
Reverse Engineering
Reverse Shell
RFID
Rootkit
Scan Tools
Security
Security Ebook's
Seriados
Series
Shell
Shell PHP
Shellcode
Shodan
Sniffer
Social Engineering
Source Code
Spoofing
SQLinjection
SSL
Stealer
Steganography
Stress Testing
Study
Subdomain Discovery
SysInternals
Telnet
The Theory of Conspiracy
Threat Intelligence
Tools
Tor
Trojan
Tutorials
Unix System
URL Inspector
Usb Boot
Virtual Machine
Virus
VoIP
VPN
Vulnerabilities
Vulnerability Analysis
WAF
Web Applications
Web Pentesting
Whois
Wifi-Hacks
Windows
Wireless Hacking
Word List
WordPress
X86
XSS