Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a ‘Swiss Army Knife’ for pen-testing and/or hacking CTF’s.
Karkinos Beginner Friendly Penetration Testing Tool Features
- Encoding/Decoding characters
- Encrypting/Decrypting text or files
- Reverse shell handling
- Cracking and generating hashes
How to Install Karkinos Beginner Friendly Penetration Testing Tool
Dependencies are:
- Any server capable of hosting PHP
- Tested with PHP 7.4.9
- Tested with Python 3.8
- Make sure it is in your path as:
- Windows:
python - Linux:
python3 - If it is not, please change the commands in
includes/pid.php - Pip3
- Raspberry Pi Zero friendly :) (crack hashes at your own risk)
Then:
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinos- pip3 install -r requirements.txt
cd wordlists && unzip passlist.zipYou can also unzip it manually using file explorer. Just make surepasslist.txtis in wordlists directory.- Make sure you have write privilages for
db/main.db - Enable
extension=mysqliin yourphp.inifile. - If you don’t know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics.
- Thats it! Now just host it using your preferred web server or run:
php -S 127.0.0.1:8888in the Karkinos directory.
Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the PORT value in:
- /bin/Server/app.py Line 87
- /bin/Busting/app.py Line 155
- /bin/PortScan/app.py Line 128
You can download Karkinos here:
Or read more here.
Topic: Hacking Tools
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.
It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path.
Features of Aclpwn.Py Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.Py currently has the following features:
- Direct integration with BloodHound and the Neo4j graph database (fast pathfinding)
- Supports any reversible ACL based attack chain (no support for resetting user passwords right now)
- Advanced pathfinding (Dijkstra) to find the most efficient paths
- Support for exploitation with NTLM hashes (pass-the-hash)
- Saves restore state, easy rollback of changes
- Can be run via a SOCKS tunnel
- Written in Python (2.7 and 3.5+), so OS independent
Installation of Aclpwn.py ACL Based Privilege Escalation
Aclpwn.py is compatible with both Python 2.7 and 3.5+. It requires the neo4j-driver, impacket and ldap3 libraries. You can install aclpwn.py via pip: pip install aclpwn. For Python 3, you will need the python36 branch of impacket since the master branch (and versions published on PyPI) are Python 2 only at this point.
This tool does not exploit any vulnerabilities, but relies on misconfigured (often because of delegated privileges) or insecure default ACLs. To solve these issues, it is important to identify potentially dangerous ACLs in your Active Directory environment with BloodHound. For detection, Windows Event Logs can be used.
You can download Aclpwn.py here:
Or read more here.
Topic: Hacking Tools
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.
Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub contains many frameworks, databases, applications, programming languages and more such as:
- Drupal
- ffmpeg
- CouchDB
- ActiveMQ
- Glassfish
- Joombla
- JBoss
- Kibana
- Laravel
- Rails
- Python
- Tomcat
And many, many more.
To use Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Install the docker/docker-compose on Ubuntu 20.04:
|
1 2 3 4 5 6 7 8 9 10 11 |
# Install pip curl -s https://bootstrap.pypa.io/get-pip.py | python3 # Install the latest version docker curl -s https://get.docker.com/ | sh # Run docker service systemctl start docker # Install docker compose pip install docker-compose |
It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.
You can download Vulhub by:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# Download project wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip unzip vulhub-master.zip cd vulhub-master # Enter the directory of vulnerability/environment cd flask/ssti # Compile environment docker-compose build # Run environment docker-compose up -d |
Or read more here.
Topic: Exploits/Vulnerabilities
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.
In addition, the algorithm categorizes SQLi attacks and provides templates for new attacks or new fuzzing algorithms.
LibInjection currently supports:
- C and C++
- PHP
- Python
- Lua
- Java (external port)
- [LuaJIT/FFI]
LibInjection is available for integration into applications, web application firewalls, or porting to other programming languages.
You can download LibInjection here:
Or read more here.
Topic: Countermeasures
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based operating systems. Features of Grype Vulnerability Scanner For Container Images & Filesystems Scan the contents of a container image or filesystem to find known vulnerabilities and find vulnerabilities for major […]
Topic: Security Software
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows […]
Topic: Security Software