HackGit

2022-04-29 11:11:00 ​MaskPhish

MaskPhish is not any Phishing tool. It's just a proof of concept of "URL Making Technology". It is a simple Bash Script to hide phishing URL under a normal looking URL (google.com or facebook.com). It can be integrated into Phishing tools (with proper credits) to look the URL ledgit.

https://github.com/jaykali/maskphish

#soft #infosec #phishing #pentesting Открыть/Комментировать

2022-04-29 10:20:58 ​Evil SQL Client (ESC)

Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.

While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting Active Directory domain joined SQL Servers during penetration tests and #redteam engagements.

The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.

https://github.com/NetSPI/ESC Открыть/Комментировать

2022-04-29 09:54:08 ​CVE-2022-28346

Django QuerySet.annotate(), aggregate(), extra() SQL

https://github.com/DeEpinGh0st/CVE-2022-28346

#redteam #hackers #exploit Открыть/Комментировать

2022-04-29 09:50:58 IncreLux

Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel

https://github.com/seclab-ucr/IncreLux Открыть/Комментировать

2022-04-28 19:19:00 ​Python Backdoor

This project is a cross-platform (Windows/Linux/MacOS) open source, backdoor/reverse tcp/RAT made in Python3 which contains many features such as multi-client support.

Features:
Multi-client support
Cross-platform server and client
Fernet encryption
Built-in keylogger
Ability to send commands to all clients
Ability to capture screenshots
Ability to upload/download files
Ability to open remote shell or python interpreter
Ability to disable a process*
Ability to inject shellcode*
VM/sandboxie check*
Add to startup*
Ability to melt file*

https://github.com/xp4xbox/Python-Backdoor Открыть/Комментировать

2022-04-28 18:18:00 ​6-Eyed-Spider

This is a post-exploitation Red-Teaming tool. It gathers data going out and coming into the browser — data like POST requests, cookies, and chosen headers like (ANTI-CSRF headers), then sends all data to Strapi.

Strapi and MongoDB store the data so that 6-Eyed-Spider-CLI can use the collected data to perform specific attacks. Attacks using the users' valid cookies to execute commands, create admin users, enable unsafe functionalities, manipulate data in systems like VMware, Pfsense, and PanOS.

The tool consists of a couple of parts:
Dockerized MongoDB and Strapi
MongoDB stores the collected data.
Strapi receives and manages the collected data.
Google-Chrome Extention
Collects the browser's data from the blue team.
6-Eyed-Spider-CLI
Runs custom made plugins which make use of the collected data.

https://github.com/M507/6-Eyed-Spider Открыть/Комментировать

2022-04-28 17:17:00 ​WordPress AutoExploit

Priv8 Tools Offensive Security WordPress_AutoExploiter.

WordPress 4.2.1 (Stored XSS)
WordPress 3.9.2 3.8.4 3.7.4 XML-RPC DDoS
WordPress 3.3.1 (Add Admin)
WordPress 3.1.5 WP RSS Multi Importer (SQL Injection)
WordPress 1.2 (Login)

https://github.com/Alice666x/WordPress_AutoExploiter Открыть/Комментировать

2022-04-28 16:16:00 ​BuffMate

A Perl buffer overflow tool.

Perl utility that assists in the process of creating simple buffer overflow exploits. The entire process from fuzzing to exploitation is streamlined into one tool. Only core Perl modules are utilized for mobility and speed.

Certain offensive dependencies are required, such as metasploit-framework and msfvenom. It is recommended that you run this tool on a Kali system which includes these tools.

https://github.com/stevcoll/buffmate Открыть/Комментировать

2022-04-28 16:16:00 ​Bruteforce Wordlists

https://github.com/danielmiessler/SecLists
https://github.com/berzerk0/Probable-Wordlists
https://github.com/govolution/betterdefaultpasslist
https://github.com/insidetrust/statistically-likely-usernames
https://github.com/LandGrey/pydictor
https://github.com/sc0tfree/mentalist
https://github.com/skahwah/wordsmith
https://github.com/1N3/IntruderPayloads
https://github.com/fuzzdb-project/fuzzdb
https://github.com/Bo0oM/fuzz.txt
https://github.com/laconicwolf/Password-Scripts
https://github.com/FlameOfIgnis/Pwdb-Public

#wordlist #fuzzing #bugbounty #pentesting #infosec #cybersecurity Открыть/Комментировать

2022-04-28 15:15:00 WolverineFramework

Free, OpenSource and easy to use Cybersecurity Framework.

Little and very complete Script allowing you to install and use basic Cybersecurity tools ! The Script is constantly updated, so don't forget to run the "CheckForUpdates.sh" script frequently !

Tools in the Framework:
ettercap-graphical → Man in the Middle tool
hping3 → DoS/DDoS tool
Medusa → Multi purpose Bruteforce tool
Patator → Multi purpose Bruteforce tool (Not available on ArchLinux)
Hydra → Multi purpose Bruteforce tool
Network Mapper (nmap) → Network and ports
scanning tool
PostGreSQL → Essential database for
Metasploit
Metasploit → Framework with a lot of Exploits
Phoneinfoga → Tool to get informations on Intenret from a Phone Number
Wordpress Security Scanner (WPScan) → Tool to scan Wordpress Websites, to get all the extensions and so the vulnerabilities
MacChanger → Tool used to hide your real MAC Address behind a fake one
Arp-Scan → Tool using ARP to discover hosts inside a LAN

https://github.com/LeCoqHardi/WolverineFramework Открыть/Комментировать