Last updated: May 30, 2017 | 4,275 views
evilscan is a Node.js based massive IP Port scanner designed for concurrency, speed and scanning large ranges of IP addresses.
Features
- Individual IP or IP range scan
- Individual port, ports list, or port range
- Banner grabbing (not fully implemented, works with verbose ports only)
- IAC negotiation
- Reverse dns
- Geolocation information
- Shell or JSON output
- Optional progress details
Usage
Usage:
|
|
evilscan <fqdn|ipv4|cidr> [options] |
Example:
|
|
root@debian:~# evilscan 192.168.0.0/24 --port=21-23,80 |
Options:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
--port port(s) you want to scan, examples: --port=80 --port=21,22 --port=21,22,23,5900-5902 --reverse display DNS reverse lookup --reversevalid only display results having a valid reverse dns, except if ports specified --geo display geoip (free maxmind) --banner display banner --bannerlen set banner length grabing default 512 --bannerraw display raw banner (as a JSON Buffer) --progress display progress indicator each seconds --status ports status wanted in results (example --status=OT) T(timeout) R(refused) O(open, default) U(unreachable) --scan scan method tcpconnect (full connect, default) tcpsyn (half opened, not yet implemented) udp (not yet implemented) --concurrency max number of simultaneous socket opened default 500 --timeout maximum number of milliseconds before closing the connection default 2000 --display display result format (json,xml,console) default console --json shortcut for --display=json --xml shortcut for --display=xml --console shortcut for --display=console --help display help --about display about --version display version number |
Sample Output
|
|
root@debian:~# evilscan 127.0.0.1 --port=0-65535 --banner 127.0.0.1|111||open 127.0.0.1|53||open 127.0.0.1|23|Debian GNU/Linux jessie/sid\r\ndebian login:|open 127.0.0.1|5432||open 127.0.0.1|27017||open 127.0.0.1|28017||open 127.0.0.1|35223||open 127.0.0.1|35491||open 127.0.0.1|39619||open |
You can download evilscan here:
evilscan-master.zip
Or read more here.
Posted in: Hacking Tools, Networking Hacking Tools
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: May 26, 2017 | 3,380 views
sheep-wolf is a tool to help you Exploit MD5 Collisions in software, specially malware samples which are commonly detected using MD5 hash signatures.
and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of results/!
Dependencies
- 32-bit Windows (virtual) machine (64-bit breaks stuff)
- Visual Studio 2012 to compile the projects (Express will do)
- Fastcoll for collisions
- Optional: Cygwin+MinGW to compile Evilize
How does it work?
shepherd.bat executes shepherd.exe with the user supplied command line arguments
shepher.exe generates a header file (sc.h) that contains the encrypted shellcode, the password and the CRC of the plain shellcode
shepherd.bat executes the build process of sheep.exe
sheep.exe is built with sc.hincluded by Visual Studio
shepherd.bat executes evilize.exe
evilize.exe calculates a special IV for the chunk of sheep.exe right before the block where the collision will happenevilize.exe executes fastcoll.exe with the IV as a parameter
fastcoll.exe generates two 128 byte colliding blocks: a and b
evilize.exe replaces the original string buffers of sheep.exe so that they contain combinations a and b- The resulting files (
evilize/wolf.exe and evilize/sheep.exe ) have the same MD5 hashes but behave differently. The real code to be executed only appears in the memory of evilize/wolf.exe.
You can download sheep-wolf here:
sheep-wolf-master.zip
Or read more here.
Posted in: Cryptography, Forensics, Malware
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: May 24, 2017 | 1,071 views
So there’s been a massive Acunetix Online update that has pushed out a brand new UI plus a whole bunch of new features and capabilities, including really powerful stuff for security professionals and organisations who take their security seriously
The update has focused a lot on Usability of the UI and features for infosec pros with more powerful filtering, ability to mark things as resolved or as a false positive.
Plus some really powerful stuff like being able to assign targets scores based on their business criticality.
Updates
- New web-based user interface
- Targets and Vulnerabilities configured by business criticality
- Integration with popular WAFs and Issue Tracking Systems
- Mark Vulnerabilities as Fixed or False Positives
- Custom Scan Types
- Enhanced Reporting
- Network Security Scanning
- Added functionality for Acunetix Integrators
The reporting function is also much more powerful now with reports available in PDF and HTML plus the functionality to run a comparison to highlight differences between 2 reports.
You can read the full details of the update here:
Major Update of Acunetix Online out now!
Posted in: Advertorial, Countermeasures, Security Software
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: November 7, 2017 | 11,669 views
Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Features
- Automatically collects basic recon (ie. whois, ping, DNS, etc.)
- Automatically launches Google hacking queries against a target domain
- Automatically enumerates open ports via NMap port scanning
- Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
- Automatically checks for sub-domain hijacking
- Automatically runs targeted NMap scripts against open ports
- Automatically runs targeted Metasploit scan and exploit modules
- Automatically scans all web applications for common vulnerabilities
- Automatically brute forces ALL open services
- Automatically test for anonymous FTP access
- Automatically runs WPScan, Arachni and Nikto for all web services
- Automatically enumerates NFS shares
- Automatically test for anonymous LDAP access
- Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
- Automatically enumerate SNMP community strings, services and users
- Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
- Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
- Automatically tests for open X11 servers
- Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
- Performs high level enumeration of multiple hosts and subnets
- Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
- Automatically gathers screenshots of all web sites
- Create individual workspaces to store all scan output
Modes
- REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
- STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
- DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
- PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
- FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
- WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
- NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
- AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
- NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
- LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.
There’s a sample report availabe here.
You can download Sn1per here:
Sn1per-v2.4.zip
Or read more here.
Posted in: Hacking Tools
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: May 20, 2017 | 6,042 views
Pybelt is a Python-based hackers tool belt capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.
Features
Pybelt is an open source python hacking kit that comes with:
- Port Scanner
- SQL Injection scanner
- Dork Checker
- Hash Cracker
- Hash Type Verification
- Proxy Finder
- XSS Scanner
Installation
Clone the repository:
|
|
git clone https://github.com/ekultek/pybelt.git |
Or download the latest release.
Once you have the program installed cd into the directory and run the following command:
|
|
pip install -r requirements.txt |
This will install all of the programs needed libraries and should be able to be run from there.
You can download Pybelt here:
Pybelt-1,0.zip
Or read more here.
Posted in: Cryptography, Hacking Tools, Networking Hacking Tools
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: May 19, 2017 | 1,183 views
Finally UK Schedule 7 of the Terrorism Act 2000 is finally being enacted and is no longer an idle threat, so be aware it’s not only the USA that has these kind of draconian laws.
A man who refused to share his phone and laptop passwords has been charged under Schedule 7, which is pretty shitty.
British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.
Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials. CAGE positions itself as a non-profit organization that represents and supports families affected by the West’s TWAT (aka The War On Terror).
On Wednesday this week, he was charged under Schedule 7 of the Terrorism Act 2000: specifically, he is accused of obstructing or hampering an investigation by refusing to cough up his login details.
“On 20 November 2016, at Heathrow Airport, he did willfully obstruct, or sought to frustrate, an examination or search under Schedule 7 of the Terrorism Act 2000, contrary to paragraph 18(1)(c) of that Schedule,” London’s Metropolitan Police alleged. “He is due to appear in Westminster Magistrates’ Court on 20 June.”
Rabbani apparently committed the offense last November and was protecting some pretty heavy evidence it seems and he also been stopped under Schedule 7 many times.
This time it’s going to court and three months jail time is no joke.
If found guilty, Rabbani could face up to three months in prison and a fine of £2,500 (US$3,242). He has said he will fight the case and is hopeful of winning. He claims he has been stopped under Schedule 7 about 20 times and has always refused to hand over his passwords. However, it appears that the Met is now ready to test this case in court, so formal charges have been brought.
Schedule 7 was controversial when it was first introduced by the Blair administration. Back then it was claimed by the Labour government that it would be used only in extreme terrorism cases, but since then has been used plenty of times – most notably to hold the partner of Glenn Greenwald over the leaking of the Snowden archives.
What makes Schedule 7 rather tricksy is that no evidence is required to pull someone over for questioning under the law. Usually, Brit officers must have at least reasonable suspicion of a crime before collaring a suspect, but under these antiterror rules, they can hold and quiz people for up to nine hours with no evidence at all.
To be fair Cage does have a bit of a dodgy reputation for being terrorism apologists, so he does fit a certain profile that would explain the 20+ Schedule 7 stops.
And if he’s really carrying such sensitive data in the open on his laptop and phone he’s a bit of a n00b ain’t he?
Source: The Register
Posted in: Legal Issues, Privacy
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
