Navigation



Archive | August, 2018

Intercepter-NG – Android App For Hacking

Last updated: April 25, 2020 | 47,161 views

Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.

Intercepter-NG - Android App For Hacking


Specifically referring to Intercepter-NG Console Edition which works on a range of systems including NT, Linux, BSD, MacOSX, IOS and Android.

The Windows version is the one with the most powerful feature-set, but the Android app is fairly handy too.

Intercepter-NG – Android App For Hacking Features

  • Sniffing passwords or hashes of the types: ICQ, IRC, AIM, FTP, IMAP, POP3, SMTP, LDAP, BNC, SOCKS, HTTP, WWW, NNTP, CVS, TELNET, MRA, DC++, VNC, MYSQL, ORACLE, NTLM, KRB5, RADIUS
  • Sniffing chat messages of: ICQ, AIM, JABBER, YAHOO, MSN, IRC, MRA
  • Reconstructing files from: HTTP, FTP, IMAP, POP3, SMTP, SMB
  • Promiscuous-mode, ARP, DHCP, Gateway, Port, Smart Scanning
  • Capturing packets and post-capture (offline) analyzing, RAW Mode
  • Remote traffic capturing via RPCAP daemon and PCAP Over IP
  • NAT, SOCKS, DHCP
  • ARP, DNS over ICMP, DHCP, SSL, SSLSTRIP, WPAD, SMB Relay, SSH MiTM
  • SMB Hijack, LDAP Relay, MySQL LOAD DATA Injection
  • ARP Watch, ARP Cage, HTTP Injection, Heartbleed exploit, Kerberos Downgrade, Cookie Killer
  • DNS, NBNS, LLMNR Spoofing

Works on Windows NT based systems (2K\XP\2k3\Vista\7\8).

Other Android Hacking Apps include:

Hijacker – Reaver For Android Wifi Hacker App
BootStomp – Find Android Bootloader Vulnerabilities

You can download Intercepter-NG here:

Windows:

Android:

Or read more at sniff.su

Posted in: Wireless Hacking

Topic: Wireless Hacking


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
May 7, 2021 - 27 Shares
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
April 19, 2021 - 167 Shares
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
March 5, 2021 - 194 Shares
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
February 3, 2021 - 125 Shares
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
January 1, 2021 - 162 Shares
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
December 7, 2020 - 230 Shares


dcipher – Online Hash Cracking Using Rainbow & Lookup Tables

Last updated: August 20, 2018 | 9,386 views

dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.

dcipher - Online Hash Cracking Using Rainbow & Lookup Tables

The capacity to programmatically crack passwords is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible.

In this case dcipher uses online hash checking services, which have extremely large Rainbow Table sets of pre-computed hashes, to rapidly find hash collisions.


Usage for dcipher Online Hash Cracking Tool

Supported Hashes for dcipher online hash cracking

  • Base64
  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • RIPEMD320

Of course there’s plenty of options when it comes to hash cracking:

hashcat Download – Password Hash Cracking Tool
IGHASHGPU – GPU Based Hash Cracking – SHA1, MD5 & MD4
crack.pl – SHA1 & MD5 Hash Cracking Tool

You can download dcipher here:

dcipher-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
May 7, 2021 - 27 Shares
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
April 19, 2021 - 167 Shares
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
March 5, 2021 - 194 Shares
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
February 3, 2021 - 125 Shares
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
January 1, 2021 - 162 Shares
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
December 7, 2020 - 230 Shares


HTTP Security Considerations – An Introduction To HTTP Basics

Last updated: August 12, 2018 | 11,806 views

HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.

HTTP Security Considerations - An Introduction To HTTP Basics

HTTP is the protocol that powers the web and to penetrate via a web service it pays to have a good solid foundational understanding of HTTP, how it works and the common response codes – many of which can lead to some kind of vulnerability which is exploitable.

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web.

Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext.

Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989. Standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in the publication of a series of Requests for Comments (RFCs). The first definition of HTTP/1.1, the version of HTTP in common use, occurred in RFC 2068 in 1997, although this was made obsolete by RFC 2616 in 1999 and then again by the RFC 7230 family of RFCs in 2014.

Source: Wikipedia

From a security perspective it’s important to understand:

– Requests
– Request methods
– Responses
– Response status codes

All of which are covered in the Security-focused HTTP article by Acunetix.

You can find the article with the full details here:

HTTP Security: A Security-focused Introduction to HTTP, Part 1

Posted in: Countermeasures

Topic: Countermeasures


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
May 7, 2021 - 27 Shares
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
April 19, 2021 - 167 Shares
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
March 5, 2021 - 194 Shares
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
February 3, 2021 - 125 Shares
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
January 1, 2021 - 162 Shares
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
December 7, 2020 - 230 Shares


Cangibrina – Admin Dashboard Finder Tool

Last updated: August 6, 2018 | 5,964 views

Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists, Google, Nmap and robots.txt.

Cangibrina - Admin Dashboard Finder Tool


It is multi-threaded, supports modifying your user agent, using a TOR proxy, custom dorks, Nmap integration and can use both DuckDuckGo and Google.

Cangibrina Admin Dashboard Finder Requirements

  • Python 2.7
  • mechanize
  • PySocks
  • beautifulsoup4
  • html5lib
  • Nmap
  • TOR

Cangibrina Usage to Find Admin Dashboards

There are other specific tools in this area like WPScan for WordPress and DruPwn for Drupal – and in those cases the dashboard URLs are already known.

You can download Cangibrina here:

cangibrina-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
May 7, 2021 - 27 Shares
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
April 19, 2021 - 167 Shares
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
March 5, 2021 - 194 Shares
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
February 3, 2021 - 125 Shares
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
January 1, 2021 - 162 Shares
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
December 7, 2020 - 230 Shares