Know The Dangers Of Credential Reuse Attacks - Cr3dOv3r v0.3

Your best friend in credential reuse attacks.

Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) :

• Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
• Now you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!

Imagine with me this scenario

• You checking a targeted email with this tool.
• The tool finds it in a leak so you open the leakage link.
• You get the leaked password after searching the leak.
• Now you back to the tool and enters this password to check if there's any website the user uses the same password in it.
• You imagine the rest

Screenshots

Usage

usage: Cr3d0v3r.py [-h] email

positional arguments:
  email       Email/username to check
a
optional arguments:
  -h, --help  show this help message and exit

Installing and requirements

To make the tool work at its best you must have :

• Python 3.x.
• Linux or windows system.
• The requirements mentioned in the next few lines.

Installing
+For windows : (After downloading ZIP and upzip it)

cd Cr3dOv3r-master
python -m pip install -r win_requirements.txt
python Cr3dOv3r.py -h

+For linux :

git clone https://github.com/D4Vinci/Cr3dOv3r.git
chmod 777 -R Cr3dOv3r-master
cd Cr3dOv3r-master
pip3 install -r requirements.txt
python Cr3dOv3r.py -h

If you want to add a website to the tool, follow the instructions in the wiki

Contact

• Twitter

Download Cr3dOv3r v0.3

Read More

Analyze The Security Of Any Domain By Finding All the Information Possible - Domain Analyzer

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.

How

Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Google, SPF information, etc. After all the information is stored and organized it scans the ports of every IP found using nmap and perform several other security checks. After the ports are found, it uses the tool crawler.py from @verovaleros, to spider the complete web page of all the web ports found. This tool has the option to download files and find open folders.

Current version is 0.8 and the main features are:

• It creates a directory with all the information, including nmap output files.
• It uses colors to remark important information on the console.
• It detects some security problems like host name problems, unusual port numbers and zone transfers.
• It is heavily tested and it is very robust against DNS configuration problems.
• It uses nmap for active host detection, port scanning and version information (including nmap scripts).
• It searches for SPF records information to find new hostnames or IP addresses.
• It searches for reverse DNS names and compare them to the hostname.
• It prints out the country of every IP address.
• It creates a PDF file with results.
• It automatically detects and analyze sub-domains!
• It searches for domains emails.
• It checks the 192 most common hostnames in the DNS servers.
• It checks for Zone Transfer on every DNS server.
• It finds the reverse names of the /24 network range of every IP address.
• It finds active host using nmap complete set of techniques.
• It scan ports using nmap (remember that for the SYN scan you need to need root).
• It searches for host and port information using nmap.
• It automatically detects web servers used.
• It crawls every web server page using our crawler.py tool. See the description below.
• It filters out hostnames based on their name.
• It pseudo-randomly searches N domains in Google and automatically analyze them!
• Uses CTRL-C to stop current analysis stage and continue working.
• It can read an external file with domain names and try to find them on the domain.

Bonus features
@verovaleros developed a separate python web crawler called "crawler.py". Its main features are:

• Crawl http and https web sites.
• Crawl http and https web sites not using common ports.
• Uses regular expressions to find 'href' and 'src' html tag. Also content links.
• Identifies relative links.
• Identifies domain related emails.
• Identifies directory indexing.
• Detects references to URLs like 'file:', 'feed=', 'mailto:', 'javascript:' and others.
• Uses CTRL-C to stop current crawler stages and continue working.
• Identifies file extensions (zip, swf, sql, rar, etc.)
• Download files to a directory:
  • Download every important file (images, documents, compressed files).
  • Or download specified files types.
  • Or download a predefined set of files (like 'document' files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
• Maximum amount of links to crawl. A default value of 5000 URLs is set.
• Follows redirections using HTML and JavaScript Location tag and HTTP response codes.

This extended edition has more features!

• World-domination: You can automatically analyze the whole world! (if you have time)
• Robin-hood: Although it is still in development, it will let you send automatically an email to the mails found during scan with the analysis information.
• Robtex DNS: With this incredible function, every time you found a DNS servers with Zone Transfer, it will retrieve from the Robtex site other domains using that DNS server! It will automatically analyze them too! This can be a never ending test! Every vulnerable DNS server can be used by hundreds of domains, which in turn can be using other vulnerable DNS servers. BEWARE! Domains retrieved can be unrelated to the first one.

Examples

• Find 10 random domains in the .gov domain and analyze them fully (including web crawling). If it finds some Zone Transfer, retrieve more domains using them from Robtex!!

  domain_analyzer.py -d .gov -k 10 -b

• (Very Quick and dirty) Find everything related with .edu.cn domain, store everything in directories. Do not search for active host, do not nmap scan them, do not reverse-dns the netblock, do not search for emails.

  domain_analyzer.py -d edu.cn -b -o -g -a -n

• Analyze the 386.edu.ru domain fully

  domain_analyzer.py -d 386.edu.ru -b -o

• (Pen tester mode). Analyze a domain fully. Do not find other domains. Print everything in a pdf file. Store everything on disk. When finished open Zenmap and show me the topology every host found at the same time!

  domain_analyzer.py -d amigos.net -o -e

• (Quick with web crawl only). Ignore everything with 'google' on it.

  domain_analyzer.py -d mil.cn -b -o -g -a -n -v google -x '-O --reason --webxml --traceroute -sS -sV -sC -PN -n -v -p 80,4443'

• (Everything) Crawl up to 100 URLs of this site including subdomains. Store output into a file and download every INTERESTING file found to disk.

  crawler.py -u www.386.edu.ru -w -s -m 100 -f

• (Quick and dirty) Crawl the site very quick. Do not download files. Store the output to a file.

  crawler.py -u www.386.edu.ru -w -m 20

• (If you want to analyze metadata later with lafoca). Verbose prints which extensions are being downloaded. Download only the set of archives corresponding to Documents (.doc, .docx, .ppt, .xls, .odt. etc.)

  crawler.py -u ieeeexplore.ieee.org/otherfiles/ -d -v

Most of these features can be deactivated.

Screenshots

1. Example domain_analyzer.py -d .gov -k 10 -b

Installation
Just untar the .tar.gz file and copy the python files to the /usr/bin/ directory. Domain_analyzer needs to be run as root. The crawler can be run as a non-privileged user. If you want all the features (web crawler, pdf and colors), which is nice, also copy these files to /usr/bin or /usr/local/bin

• ansistrm.py
• crawler.py
• pyText2pdf.py

If you have any issues with the GeoIP database, please download it from its original source here. And install it in where your system needs it, usually at /opt/local/share/GeoIP/GeoIP.dat

Download Domain Analyzer

Read More

IP Tools To quickly get information about IP Address's, Web Pages and DNS records - Crips

This Tools is a collection of online IP Tools that can be used to quickly get information about IP Address's, Web Pages and DNS records.

Menu

• Whois lookup
• Traceroute
• DNS Lookup
• Reverse DNS Lookup
• GeoIP Lookup
• Port Scan
• Reverse IP Lookup
• INSTALL & UPDATE
• Exit

Whois lookup
Determine the registered owner of a domain or IP address block with the whois tool.

Traceroute
Using mtr an advanced traceroute tool trace the path of an Internet connection.

DNS Lookup
Find DNS records for a domain, results are determined using the dig DNS tool

Reverse DNS Lookup
Find Reverse DNS records for an IP address or a range of IP addresses.

GeoIP Lookup
Find the location of an IP address using the GeoIP lookup location tool.

Port Scan
A simple TCP Port Scan to quickly determine the status of an Internet facing service or firewall.

Reverse IP Lookup
Discover web hosts sharing an IP address with a reverse IP lookup.

INSTALL & UPDATE
To install the tools directly in the system and get new update directly using terminal

Installation Linux
[✓] git clone https://github.com/Manisso/Crips.git
[✓] cd Crips && python Crips.py
[◉] 0 : INSTALL & UPDATE
[◉] -> 0
[✓] press 0
[✓] Congratulation Crips is Installed !

Installation Windows 
[✔] Download Python 2.7
[✓] Download Crips
[✓] Extract Crips into Desktop
[◉]Open CMD and type the following commands:
[✓] $cd Desktop/Crips-master/
[✓] $python crips.py

Download Crips

Read More

Bluetooth Security Testing Suite - BlueMaho v090417

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice statistics.

1.2. What it can do? (features)

• scan for devices, show advanced info, SDP records, vendor etc
• track devices - show where and how much times device was seen, its name changes
• loop scan - it can scan all time, showing you online devices
• alerts with sound if new device found
• on_new_device - you can spacify what command should it run when it founds new device
• it can use separate dongles - one for scaning (loop scan) and one for running tools or exploits
• send files
• change name, class, mode, BD_ADDR of local HCI devices
• save results in database
• form nice statistics (uniq devices by day/hour, vendors, services etc)
• test remote device for known vulnerabilities (see exploits for more details)
• test remote device for unknown vulnerabilities (see tools for more details)
• themes! you can customize it

1.3. What tools and exploits it consist of?

• tools:
• atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann)
• bccmd by Marcel Holtmann
• bdaddr.c by Marcel Holtmann
• bluetracker.py by smiley
• carwhisperer v0.2 by Martin Herfurt
• psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner
• BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin
• btftp v0.1 by Marcel Holtmann
• btobex v0.1 by Marcel Holtmann
• greenplaque v1.5 by digitalmunition.com
• L2CAP packetgenerator by Bastian Ballmann
• obex stress tests 0.1
• redfang v2.50 by Ollie Whitehouse
• ussp-push v0.10 by Davide Libenzi
• exploits/attacks:
• Bluebugger v0.1 by Martin J. Muench
• bluePIMp by Kevin Finisterre
• BlueZ hcidump v1.29 DoS PoC by Pierre Betouin
• helomoto by Adam Laurie
• hidattack v0.1 by Collin R. Mulliner
• Mode 3 abuse attack
• Nokia N70 l2cap packet DoS PoC Pierre Betouin
• opush abuse (prompts flood) DoS attack
• Sony-Ericsson reset display PoC by Pierre Betouin
• you can add your own tools by editing 'exploits/exploits.lst' and 'tools/tools.lst'

1.4. Requirements

• OS (tested with Debian 4.0 Etch / 2.6.18)
• python (python 2.4 http://www.python.org)
• wxPython (python-wxgtk2.6 http://www.wxpython.org)
• BlueZ (3.9/3.24) http://www.bluez.org
• Eterm to open tools somewhere, you can set another term in 'config/defaul.conf' changing the value of 'cmd_term' variable. (tested with 1.1 ver)
• pkg-config(0.21), 'tee' used in tools/showmaxlocaldevinfo.sh, openobex, obexftp
• libopenobex1 + libopenobex-dev (needed by ussp-push)
• libxml2, libxml2-dev (needed by btftp)
• libusb-dev (needed by bccmd)
• libreadline5-dev (needed by atshell.c)
• lightblue-0.3.3 (needed by obexstress.py)
• hardware: any bluez compatible bluetooth-device

1.5. Configuration

1. all configuration is in 'config' dir.
2. for using bluemaho propertly you need to build tools and exploits. check if you satisfy 'requirements' for bluemaho. then run 'build.sh'. if you see 'Building complete!' message, than all went OK. if not - try to play around requirements.
3. 'default.conf' is a default configuration file, you can edit it if you need to change some options, path to files and commands used by bluemaho, theme etc. by default you don't need to change it if you do all from 'requirements' chapter. but, please, view it, for example just for setting 'user_location' variable for defining you location, which will be used for tracking function.
4. 'themes' - directory with themes for bluemaho GUI. You can set path to default theme with 'theme' variable in 'default.conf'

1.6. Run and use

You can run BlueMaho typing in console 'bluemaho.py'. For verbose output in console (and redirecting std_err and std_out) run 'bluemaho.py -v'. it saves founded devices to 'bluemaho.log' by default, you can change it in 'config/defaul.conf'. enjoy! 

Download BlueMaho

Read More

A Penetration Testing Framework - Fsociety Hacking Tools Pack

A Penetration Testing Framework , you will have evry script that a hacker needs

Menu

• Information Gathering
• Password Attacks
• Wireless Testing
• Exploitation Tools
• Sniffing & Spoofing
• Web Hacking
• Private Web Hacking
• Post Exploitation
• INSTALL & UPDATE

Information Gathering :

• Nmap
• Setoolkit
• Port Scanning
• Host To IP
• wordpress user
• CMS scanner
• XSStracer
• Dork - Google Dorks Passive Vulnerability Auditor
• Scan A server's Users

Password Attacks :

• Cupp
• Ncrack

Wireless Testing :

• reaver
• pixiewps

Exploitation Tools :

• Venom
• sqlmap
• Shellnoob
• commix
• FTP Auto Bypass
• jboss-autopwn

Sniffing & Spoofing :

• Setoolkit
• SSLtrip
• pyPISHER
• SMTP Mailer

Web Hacking :

• Drupal Hacking
• Inurlbr
• Wordpress & Joomla Scanner
• Gravity Form Scanner
• File Upload Checker
• Wordpress Exploit Scanner
• Wordpress Plugins Scanner
• Shell and Directory Finder
• Joomla! 1.5 - 3.4.5 remote code execution
• Vbulletin 5.X remote code execution
• BruteX - Automatically brute force all services running on a target
• Arachni - Web Application Security Scanner Framework

Private Web Hacking

• Get all websites
• Get joomla websites
• Get wordpress websites
• Control Panel Finder
• Zip Files Finder
• Upload File Finder
• Get server users
• SQli Scanner
• Ports Scan (range of ports)
• ports Scan (common ports)
• Get server Info
• Bypass Cloudflare

Post Exploitation

• Shell Checker
• POET
• Phishing Framework

Install Me

• Install Directly On System (Only For Linux & Mac System )
• Update instantly When There are New Update

Installation Linux
[✓] git clone https://github.com/Manisso/fsociety.git
[✓] cd fsociety && python fsociety.py
[◉] 0 : INSTALL & UPDATE
[◉] -> 0
[✓] press 0
[✓] Congratulation Fsociety is Installed !

Installation Windows
[✔] Download python 2.7
[✓] Download fsociety
[✓] Extract fsociety into Desktop
[◉]Open CMD and type the following commands:
[✓] $cd Desktop/fsociety-master/
[✓] $python fsociety.py

Use

Download Fsociety

Read More

Automatic installation and configuration of DNSCrypt - dnscrypt-autoinstall

A script for installing and automatically configuring DNSCrypt on Linux-based systems.

Description

DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually been sent by that provider, and haven't been tampered with.

This script will automatically and securely set up DNSCrypt as a background service that runs at system startup using DNSCrypt-proxy, the libsodium cryptography library, and the DNSCrypt service provider of your choice. The script also has options that allow you to change the service provider at any time, turn off DNSCrypt to use regular unencrypted DNS, as well as uninstall DNSCrypt.

Installation
The script supports recent Red Hat-based (CentOS, Fedora, Scientific Linux), Debian-based (Debian, Ubuntu, Linux Mint) distributions and OpenSUSE.

Note	Scripts with sysvinit support were moved to the "legacy" branch (CentOS 6, Debian 7, Ubuntu < 16.04)

wget https://raw.githubusercontent.com/simonclausen/dnscrypt-autoinstall/master/dnscrypt-autoinstall
chmod +x dnscrypt-autoinstall
su -c ./dnscrypt-autoinstall

Supported providers
Providers are retrieved from the latest published dnscrypt-resolvers.csv (github.com/jedisct1), with a fallback to those included with the DNSCrypt installation.

Troubleshooting
If the install fails at a particular stage and the script mentions DNSCrypt is already configured, use the forcedel argument to force an uninstallation:

./dnscrypt-autoinstall.sh forcedel

Download dnscrypt-autoinstall

Read More

A Tool to Generate Various Ways to Do a Reverse Shell - ReverShellGenerator

A tool to generate various ways to do a reverse shell.

Usage example

Reverse Shell fonts
http://bernardodamele.blogspot.com.br/2011/09/reverse-shells-one-liners.html
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Download ReverShellGenerator

Read More

Website Vulnerability Scanner & Auto Exploiter - XAttacker

XAttacker is a Website Vulnerability Scanner & Auto Exploiter developed by Mohamed Riahi

Installation

git clone https://github.com/Moham3dRiahi/XAttacker.git

Auto Cms Detect

• [1] WordPress :
• [+] Adblock Blocker
• [+] WP All Import
• [+] Blaze
• [+] Catpro
• [+] Cherry Plugin
• [+] Download Manager
• [+] Formcraft
• [+] levoslideshow
• [+] Power Zoomer
• [+] Gravity Forms
• [+] Revslider Upload Shell
• [+] Revslider Dafece Ajax
• [+] Revslider Get Config
• [+] Showbiz
• [+] Simple Ads Manager
• [+] Slide Show Pro
• [+] WP Mobile Detector
• [+] Wysija
• [+] InBoundio Marketing
• [+] dzs-zoomsounds
• [+] Reflex Gallery
• [+] Creative Contact Form
• [+] Work The Flow File Upload
• [+] WP Job Manger
• [+] PHP Event Calendar
• [+] Synoptic
• [+] Wp Shop
• [+] Content Injection
• [2] Joomla
• [+] Com Jce
• [+] Com Media
• [+] Com Jdownloads
• [+] Com Fabrik
• [+] Com Jdownloads Index
• [+] Com Foxcontact
• [+] Com Ads Manager
• [+] Com Blog
• [+] Com Users
• [+] Com Weblinks
• [+] mod_simplefileupload
• [3] DruPal
• [+] Add Admin
• [4] PrestaShop
• [+] columnadverts
• [+] soopamobile
• [+] soopabanners
• [+] Vtermslideshow
• [+] simpleslideshow
• [+] productpageadverts
• [+] homepageadvertise
• [+] homepageadvertise2
• [+] jro_homepageadvertise
• [+] attributewizardpro
• [+] 1attributewizardpro
• [+] AttributewizardproOLD
• [+] attributewizardpro_x
• [+] advancedslider
• [+] cartabandonmentpro
• [+] cartabandonmentproOld
• [+] videostab
• [+] wg24themeadministration
• [+] fieldvmegamenu
• [+] wdoptionpanel
• [+] pk_flexmenu
• [+] pk_vertflexmenu
• [+] nvn_export_orders
• [+] megamenu
• [+] tdpsthemeoptionpanel
• [+] psmodthemeoptionpanel
• [+] masseditproduct
• [5] Lokomedia
• SQL injection

Video

Usage

Short Form	Long Form	Description
-l	--list	websites list

Example
if you have list websites run tool with this command line

perl XAttacker.pl -l list.txt

if you don't have list websites run the tool with this command

perl XAttacker.pl

For coloring in windows Add This Line

use Win32::Console::ANSI;

Version
Current version is 2.1 What's New
• Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload
• GS-Dorker
• speed up
• Bug fixes
version 2.0
• speed up
• Bug fixes
version 1.9
• Bug fixes

Download XAttacker

Read More

Wireshark Crash Course - Tutorial

Description

Wireshark is the most widely used network capture and protocol analyzer on the market. It is used by IT and Network administrators to troubleshoot network connectivity issues and by Network Security analysts to dissect network attacks. This free and open source application is so widely used in the industry because it works. It is cross platform, meaning that it runs on Windows, Mac, Linux and FreeBSD.
This course is an introduction to the application and goes over the basics to get you started capturing and analyzing network traffic. It will build your base by explaining the theory behind how networks work and then get you in to real world applications of the software.
In this course you will learn:

• The basics of how networks operate
• How to capture traffic on wireshark
• How to use display and capture filters
• How to use command line wireshark to work with large packet captures

Who is the target audience?

• Network Administrators
• System Administrators
• IT Security Analysts 

Type: Course 
Language: English 
Number of videos: 24
Year: 2015
Format: MP4 
Size: 675 MB
Password: offsec 

Download Wireshark Crash Course

Read More

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan - GhostInTheNet

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.

Properties:

• Network Invisibility
• Network Anonymity
• Protects from MITM/DOS
• Transparent
• Cross-platform
• Minimalistic

Dependencies:

• Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and RaspberryPI
• BASH - the whole script
• root privileges - for kernel controlling

Limitations:

• You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
• MAC spoofing won't work if appropriate mitigations has been taken, like DAI or sticky MAC
• Might be buggy with some CISCO switches
• Not suitable for production servers

How it works
The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.
Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.
Patching of such a widely used standard is a practically impossible task.
A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.
Considering the varieties of implementations, this means that anyone in the network wouldn't be able to communication with such host, only if the host is willing it-self.
The ARP/NDP cache will be erased quickly afterwards.
Here is an example schema:

A >>> I need MAC address of B >>> B

A <<< Here it is <<< B

A <<< I need MAC address of A <<< B

A >>> I'm not giving it >>> B

To increase privacy, it's advised to spoof the MAC address, which will provide a better concealment.
All this is possible using simple commands in Linux kernel and a script that automates it all.

Analysis
No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.
This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.
Such mitigation implies impossibility of being scanned (nmap, arping).
Besides, it doesn't impact a normal internet or LAN connection on the host perspective.
If you're connecting to a host, it will be authorised to do so, but shortly after stopping the communication, the host will forget about you because, ARP/NDP tables won't stay long without a fresh request.
Regarding the large compatibility and cross-platforming, it's very useful for offsec/pentest/redteaming as well.
You see everyone, but nobody sees you, you're a ghost.
Mitigation and having real supervision on the network will require deep reconfiguration of OSes, IDPSes and all other equipement, so hardly feasible.

HowTo
You can execute the script after the connection to the network or just before:

sudo GhostInTheNet.sh on eth0

This will activate the solution until reboot.
If you want to stop it:

sudo GhostInTheNet.sh off eth0

Of course, you will have to make the script executable in the first place:

chmod u+x GhostInTheNet.sh

Notes
ARP/NDP protocol can be exploited for defensive purpose.
Now your Poisontap is literally undetectable and your Tails is even more anonymous.
You should learn some stuff about IPv6.

Download GhostInTheNet

Read More