Archive | November, 2011

GoLISMERO – Web Application Mapping Tool

Outsmart Malicious Hackers


GoLISMERO helps you to map a web application, displaying the results in a readable format for security auditors and also prepares the results for integration with other web hacking tools as w3af, wfuzz, netcat, nikto, etc.

Features

  • Map a web aplication.
  • Show all links and forms params as confortable format.
  • Save results with some formats: text, cvs, html, raw (for parsing with bash script) and wfuzz script.
  • Detect common vulnerabilites of web application.
  • Filter web information retaining only what is important.
  • Many other features you can find very useful.

You can download GoLISMERO here:

GoLISMERO_last.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Private Signed Certificate From Malaysian Government Used To Spread Malware

Keep on Guard!


It wasn’t too long ago (about 6 months) when we reported about Malaysia Government Sites Under Attack From Anonymous – which was somewhat suspicious. And well that’s about the only story we’ve had about Malaysia really.

Perhaps that incident and spate of attacks and intrusions had something to do with this most recent story, the story of a stolen certificate.

The story is that a ‘missing’ certificate which has been legitimately signed by the Malaysian government was stolen and has been used to sign malware, enabling it to bypass OS protection which prevents the installation of untrusted applications.

Researchers have discovered malware circulating in the wild that uses a private signing certificate belonging to the Malaysian government to bypass warnings many operating systems and security software display when end users attempt to run untrusted applications.

The stolen certificate belongs to the Malaysian Agricultural Research and Development Institute, according to Mikko Hypponen, chief research officer of F-Secure, the Finnish security firm that found it was being used to sign malware spread using booby-trapped PDF files. By using the official credential to vouch for the trustworthiness of the malicious application, the attackers were able to suppress warnings Microsoft Windows issues when users attempt to install unsigned applications.

“The malware itself has been spread via malicious PDF files that drop it after exploiting Adobe Reader 8,” Hypponen wrote in a blog post published on Monday. “The malware downloads additional malicious components from a server called worldnewsmagazines.org. Some of those components are also signed, although this time by an entity called www.esuplychain.com.tw.”

The discovery is the latest reminder of the challenges posed in securing the PKI, or public key infrastructure, used to digitally ensure the authenticity and integrity of websites and applications. With more than 600 entities entrusted to issue the certificates, all it takes is the compromise of one of them for an impostor to obtain the private key needed to issue counterfeit credentials for Google, eBay, the Internal Revenue Service or virtually any other service.

The certificate came from the Malaysian Agricultural Research and Development Institute, known locally as MARDI – http://www.mardi.my.

Please also note the fantastic aesthetics of Malaysian government web design, I’d estimate a few million USD was spent to create such a glorious website – it shows doesn’t it.

The security of Malaysian governmental website is also extremely suspect, any half decent attacker seems to be able to hack into them without much effort. Probably because most of them aren’t maintained and they are running outdated, vulnerable versions of the CMS Joomla!.


Over the past couple years, a growing number of private keys have been abused. One of the best known examples was the Stuxnet worm that sabotaged Iran’s nuclear program. It used pilfered digital keys belonging to two companies from Taiwan. The Duqu malware, which some researchers say has significant similarities to Stuxnet, also used private certificates.

Hackers recently compromised the systems of Netherlands-based certificate authority DigiNotar and minted counterfeit credentials for half a dozen sites, including Mozilla’s addons website and Skype. A bogus certificate for Gmail was used to spy on about 300,000 people accessing the service from Iran.

Two weeks ago, credentials issued by intermediate certificate authority Digicert Malaysia were banished from major browsers following revelations the company issued secure sockets layer certificates that could be used to attack people visiting Malaysian government websites. A day later, Netherlands-based KPN Corporate Market said it suspended the issuance of new certificates after discovering a security breach that allowed hackers to store attack tools on one of its servers.

The compromised certificate discovered by F-Secure shows the signer as anjungnet.mardi.gov.my. It expired at the end of September. Hypponen said Malaysian authorities have indicated the certificate was stolen “quite some time ago.”

It just goes to show how weak the whole PKI type infrastructure is, especially with the recent case – Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts.

Of course before that we had the huge RSA SecurID case too, some quiet hacking, some stolen certificates (which are basically just text files) and bingo – you have yourself some real power there.

Sadly this kind of occurrence seems to be getting more and more common, I hope things get secured because people have been told for years that “If it’s https it’s safe!” – when clearly…that is not always the case.

Source: The Register

Posted in: Cryptography, Malware

Topic: Cryptography, Malware


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


w3af v1.1 Released For Download – Web Application Attack & Audit Framework

Keep on Guard!


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much

Finally it’s out of BETA and RC and there’s now a stable core for the codebase.

New in v1.1

  • Considerably increased performance by implementing gzip encoding
  • Enhanced embedded bug report system using Trac’s XMLRPC
  • Fixed hundreds of bugs
  • Fixed critical bug in auto-update feature
  • Enhanced integration with other tools (bug fixed and addedmore info to the file)

You can download w3af v1.1 here:

w3af-1.1.tar.bz2

Or you can read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Topic: Database Hacking, Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit

Outsmart Malicious Hackers


The latest wave in the infosec world is that Apple has banned the well known security researcher – Charlie Miller – from it’s developer program for exposing a new iOS exploit.

It’s not really the smartest move as I’m pretty sure anyone as smart as Charlie Miller still has plenty of options – use another person’s account, sign up another account with a different identity, hack the phone without the developer program access and so on..

Really it’s quite a harsh move from Apple and it’s not going to make them any friends in the security industry.

Apple has banned well-known security researcher Charlie Miller from its developer program, for creating an apparently benign iOS app that was actually designed to exploit a security flaw he had uncovered in the firmware.

Within hours of talking about the exploit with Forbes’ security reporter Andy Greenberg, who published the details, Miller received an email from Apple: “This letter serves as notice of termination of the iOS Developer Program License Agreement … between you and Apple. Effective immediately.”

Based on Greenberg’s follow-up story, Apple was clearly within its rights to do so. Miller created a proof-of-concept application to demonstrate the security flaw and how it could be exploited by malicious code. He then hid it inside an apparently legitimate stock ticker program, an action that, according to Apple, “violated the developer agreement that forbid[s] him to ‘hide, misrepresent or obscure’ any part of his app,” Greenberg wrote.

He quoted Miller, who works for security consultancy Acuvant, “I’m mad. I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”

In a way though, you have to agree that Miller did violate the very specific developer program agreement by hiding the PoC inside a legitimate application. That probably wasn’t his smartest idea, but then again it’s helping Apple and he’s not doing it in a malicious way to infect people – he’s doing it as a security researcher.

Apple should be more proactive on working with people like this, people who are actually fixing bugs in their products for free and improving the user experience.

It’s the way Apple operates though, secretive, exclusive, domineering etc. If you don’t do things their way, screw you.


Miller, a former National Security Agency staffer, is a well-known “white hat” hacker (he made Network World’s recent list of “Security All Stars”), with expertise in Apple’s Mac OS X and iOS platforms, including the Safari browser, and in Android. Miller “has found and reported dozens of bugs to Apple in the last few years,” Greenberg noted. Miller reported the latest one barely three weeks ago, and it was Greenberg’s public account of it yesterday, in advance of a planned public presentation by Miller next week, that got the researcher kicked out of the developer program.

The vulnerability is a fascinating exercise in information security sleuthing. Miller uncovered a flaw introduced in Apple’s restrictions on code signing on iOS devices. Code signing is a process by which only Apple-approved commands run in device memory, according to Greenberg’s account.

Miller began to suspect a flaw when Apple released iOS 4.3 in March. He realized that to boost the speed of the mobile Safari browser, Apple for the first time had allowed javascript code from a website to run at a deeper level in memory. This entailed creating a security exception, allowing the browser to run unapproved code. According to Greenberg’s story, Apple created other security restrictions to block untrusted websites from exploiting this exception, so that only the browser could make use of it.

Miller wasn’t the only one to notice that Apple had done something different with Safari in iOS 4.3, but many didn’t understand what was actually happening. Various news sites and bloggers claimed that Web apps running outside of Safari, and its new Nitro javascript engine, were slower. Some suggested that Apple was deliberately slowing them down to make Web apps less attractive than native ones.

The way in which Miller uncovered the flaw once again shows his technical brilliance – something which Apple really should be harnessing rather than turning away.

A lot of people noticed changes with iOS 4.3, but couldn’t actually figure out what was going on. Well that’s what we know in the public realm anyway, no doubt the bad guys had their eyes on it and were digging in with much more malicious exploits.

It basically seems like a way to bypass any kind of code validation by Apple and execute arbitrary code from an attack server – dangerous indeed.

Source: Network World

Posted in: Apple, Exploits/Vulnerabilities, Legal Issues

Topic: Apple, Exploits/Vulnerabilities, Legal Issues


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Rec Studio 4 – Reverse Engineering Compiler & Decompiler

Outsmart Malicious Hackers


REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for many different targets, and it has been compiled on several host systems.

REC Studio 4 is a complete rewrite of the original REC decompiler. It uses more powerful analysis techniques such as partial Single Static Assignment (SSA), allows loading Mac OS X files and supports 32 and 64 bit binaries.

Although still under development, it has reached a stage that makes it more useful than the old Rec Studio 2.

Features


  • Multihost: Rec Studio runs on Windows XP/Vista/7, Ubuntu Linux, Mac OS X.
  • Symbolic information support using Dwarf 2 and partial recognition of Microsoft’s PDB format.
  • C++ is partially recognized: mangled names generated by gcc are demangled, as well as inheritance described in dwarf2 is honored. However, C++ is a very broad and difficult language, so some features like templates won’t likely be ever supported.
  • Types and function prototype definitions can be specified in text files. Some standard Posix and Windows APIs are already provided in the Rec Studio package.
  • Interactivity is supported, limited to definition of sections, labels and function entry points. Will need to improve it to support in-program definition of types and function parameters.

Although REC can read Win32 executable (aka PE) files produced by Visual C++ or Visual Basic 5, there are limitations on the output produced. REC will try to use whatever information is present in the .EXE symbol table. If the .EXE file was compiled without debugging information, if a program data base file (.PDB) or Codeview (C7) format was used, or if the optimization option of the compiler was enabled, the output produced will not be very good. Moreover, Visual Basic 5 executable files are a mix of Subroutine code and Form data. It is almost impossible for REC to determine which is which. The only option is to use a .cmd file and manually specify which area is code and which area is data.

You can download Rec Studio 4 here:

Windows – RecStudioWin.zip
Ubuntu – RecStudioLinux.tgz
Mac – RecStudioMac.tgz

Or read more here.

Posted in: Exploits/Vulnerabilities, Forensics, Secure Coding

Topic: Exploits/Vulnerabilities, Forensics, Secure Coding


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks

Keep on Guard!


This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything.

And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does help cut down on sign-ups and bot spam – but it’s certainly not fool proof.

The report just reinforces my stance proving that 13 out of 15 popular captures could be cracked with automated software.

Security researchers have discovered the vast majority of text-based anti-spam tests are easily defeated.

Computer scientists from Stanford University discovered 13 of 15 CAPTCHA schemes from popular websites were vulnerable to automated attacks. The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) has been used for several years to prevent automated sign-ups to webmail accounts or online forums in order to block spam bots. Surfers are typically asked during a registration process to identify distorted letters as depicted in an image. A variety of other approaches – including pictures of cats, audio clips and calculus puzzles – have been applied to the problem over the years.

Cybercrooks have responded to the challenge posed by CAPTCHAs by devising techniques that typically involve semi-automatically signing up for new accounts, while relying on the human cogs in 21st century sweatshops – typically located in India – to solve the CAPTCHA puzzles themselves.

The Stanford team, by contrast, looked at whether it was possible to fully automate the process of breaking CAPTCHAs. Their techniques including removing deliberately introduced image background noise and breaking text strings into single characters for easier recognition. The team built an automated tool, called Decaptcha, that applied these various tricks. The approach was partially inspired by techniques used to orientate robots in unknown environments.

It’s interesting to see an academic take on this subject though as it’s usually the realm of blackhats and hobbyists. I’m sure with a fair bit of science they did an excellent job at removing the ‘noise’ that most CAPTCHA systems tend to add to the image to try and foil automatic solving.

I’m also glad to see reCAPTCHA once again stood up well to automated cracking, you’d have to rely on the sweatshops to get past that.

The worst seems to be Authorize.net from VISA – which is surprising and also sad as it’s dealing with banking.


Decaptcha was turned against the challenge response CAPTCHAs used by 15 high-profile websites, enjoying excellent bowling figures against the majority.

For example, Visa’s Authorize.net payment gateway CAPTCHA was defeated 66 per cent of the time. eBay’s CAPTCHA was sidestepped 43 per cent of the time. Lower, but still workable, bypass rates were achieved against Wikipedia, Digg and CNN.

Google and reCAPTCHA were the only two CAPTCHA systems that consistently thwarted Decaptcha during the tests.

Authorize.net and Digg have both switched to reCAPTCHA since these tests were run, Computerworld adds.

In a research paper (PDF), the Stanford team suggest several approaches towards making CAPTCHAs harder to beat, including making the length of a text string changeable and randomising character font and size. Lines in the background of CAPTCHAs might also prove effective. In addition, the Stanford team highlighted features that are ineffective against automated attacks but may counter the activities of humans.

The researchers, Elie Bursztein, Matthieu Martin and John C Mitchel, who previously developed techniques for breaking audio CAPTCHAs, presented their latest research at the recent ACM Conference On Computer and Communication Security in Chicago.

Fortunately both Authorize.net and Digg have switched to reCAPTCHA since this report came out making them safer, it’s probably a case of responsible disclosure by the Stanford scientists.

It’s definitely worth a read if you have anything to do with CAPTCHA implementation and especially relevant if you are thinking of developing your own rather than just using something like reCAPTCHA.

You can grab the full report here:

text-based-captcha-strengths-and-weaknesses.pdf

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.