Archive | December, 2019

WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords


WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine. This tool will help you in a Wifi penetration testing and could also be useful when performing red team assessments or internal infrastructure engagements.

WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords


Each option in the tool generates the “.txt” file as an output, if you run the tool multiple times, the output gets appended to the previous results.

Features of WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords

Option 1:Shows the wireless networks available to the system. If the interface name is given, only the networks on the given interface will be listed. Otherwise, all networks visible to the system will be listed.

Option 2: Shows a list of wireless profiles configured on the system.

Option 3: Shows the allowed and blocked the wireless network list.

Option 4: Shows a list of all the wireless LAN interfaces on the system.

Option 5: Generates a detailed report about each wireless access point profile on the system. Group Policy Profiles are read-only. User Profiles are readable and writeable, and the preference order can be changed.

Option 6: Dumps the cleartext passwords of every wireless profile on the system. Make sure to generate the profile file (by selecting option 2) before running this option. Always run this as an administrator user to see the cleartext password. User needs to provide the individual wireless name by reading the profile names (option 7).

Option 7: It opens the list of wireless profiles on the system using notepad.

Option 8: It saves WLAN profiles to XML files.

Option 9: Exit gracefully.

You can download WiFi-Dumper here:

Wifi-Dumper-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.


truffleHog – Search Git for High Entropy Strings with Commit History


truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

truffleHog - Search Git for High Entropy Strings with Commit History


truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy checking has also been added.

or

truffleHog will go through the entire commit history of each branch, and check each diff from each commit, and check for secrets. This is both by regex and by entropy. For entropy checks, it will evaluate the shannon entropy for both the base64 charset and hexidecimal charset for every blob of text greater than 20 characters comprised of those character sets in each diff. If at any point a high entropy string >20 characters is detected, it will print to the screen.

Using truffleHog to Search Git for High Entropy Strings

You can download truffleHog here:

truffleHog-dev.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.