Archive | 2020

zANTI – Android Wireless Hacking Tool Free Download

Last updated: December 7, 2020 | 5,969 views 2

zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download.

This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

Features of zANTI Android Wireless Hacking Tool

This network auditor comes along with a rather simple interface compared to other solutions and running its tasks is pretty straightforward. These are its main features:

Scan
Conduct network scans, in different intensity levels in order to identify connected devices, their properties and their vulnerabilities.

Diagnose

Enable Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and Metasploit.

Report

Highlight security gaps in your existing network and mobile defences and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.

Installing zANTI Android Wireless Hacking Tool

Minimum operating system requirements: Android 4.0.
The installation of the app by means of the APK file requires the activation of the “Unknown sources” option within Settings>Applications.

You can download zANTI here – the password is darknet123! –

zAnti3.19.apk.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools

Latest Posts:

GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process

January 1, 2021 - 94 Shares

zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.

December 7, 2020 - 162 Shares

HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc

November 6, 2020 - 168 Shares

Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

November 3, 2020 - 231 Shares

Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.

October 22, 2020 - 101 Shares

OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.

October 13, 2020 - 126 Shares

HELK – Open Source Threat Hunting Platform

Last updated: November 6, 2020 | 4,491 views

The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.

This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.

Goals of HELK Open Source Threat Hunting Platform

Provide an open-source hunting platform to the community and share the basics of Threat Hunting.
Expedite the time it takes to deploy a hunting platform.
Improve the testing and development of hunting use cases in an easier and more affordable way.
Enable Data Science capabilities while analyzing data via Apache Spark, GraphFrames & Jupyter Notebooks.

Installing HELK Open Source Threat Hunting Platform

You can start playing with the HELK in a few steps:

Step 1, download:

    git clone https://github.com/Cyb3rWard0g/HELK.git

1	git clone https://github.com/Cyb3rWard0g/HELK.git

Step 2, install:

    cd HELK/
    sudo ./helk_install.sh

1 2	cd HELK/ sudo ./helk_install.sh

You can download HELK here:

HELK-v0.1.7-alpha03042019.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools

Latest Posts:

January 1, 2021 - 94 Shares

December 7, 2020 - 162 Shares

November 6, 2020 - 168 Shares

Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

November 3, 2020 - 231 Shares

October 22, 2020 - 101 Shares

October 13, 2020 - 126 Shares

Trape – OSINT Analysis Tool For People Tracking

Last updated: November 3, 2020 | 6,611 views

Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.

Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.

How to use Trape OSINT Analysis Tool

user:~$ python2 trape.py --help
usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
                                              [-ak ACCESSKEY] [-l LOCAL]
                                              [--update] [-n] [-ic INJC]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -u URL, --url URL     Put the web page url to clone
  -p PORT, --port PORT  Insert your port
  -ak ACCESSKEY, --accesskey ACCESSKEY
                        Insert your custom key access
  -l LOCAL, --local LOCAL
                        Insert your home file
  -n, --ngrok           Insert your ngrok Authtoken
  -ic INJC, --injectcode INJC
                        Insert your custom REST API path
  -ud UPDATE, --update UPDATE
                        Update trape to the latest version

user:~$ python2 trape.py --help

usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]

[-ak ACCESSKEY] [-l LOCAL]

[--update] [-n] [-ic INJC]

optional arguments:

-h, --help show this help message and exit

-v, --version show program's version number and exit

-u URL, --url URL Put the web page url to clone

-p PORT, --port PORT Insert your port

-ak ACCESSKEY, --accesskey ACCESSKEY

Insert your custom key access

-l LOCAL, --local LOCAL

Insert your home file

-n, --ngrok Insert your ngrok Authtoken

-ic INJC, --injectcode INJC

Insert your custom REST API path

-ud UPDATE, --update UPDATE

Update trape to the latest version

Install Trape OSINT Analysis Tool

First download the tool:

git clone https://github.com/jofpin/trape.git
cd trape
python2 trape.py -h

git clone https://github.com/jofpin/trape.git

cd trape

python2 trape.py -h

If it does not work, try to install all the libraries that are located in the file requirements.txt

python2 -m pip install -r requirements.txt

1	python2 -m pip install -r requirements.txt

Example execution:

python2 trape.py --url http://example.com --port 8080

1	python2 trape.py --url http://example.com --port 8080

You can download Trape here:

trape-master.zip

Or read more here.

Posted in: Social Engineering

Topic: Social Engineering

Latest Posts:

January 1, 2021 - 94 Shares

December 7, 2020 - 162 Shares

November 6, 2020 - 168 Shares

Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

November 3, 2020 - 231 Shares

October 22, 2020 - 101 Shares

October 13, 2020 - 126 Shares

Fuzzilli – JavaScript Engine Fuzzing Library

Last updated: October 22, 2020 | 1,526 views

Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript.

When fuzzing for core interpreter bugs, e.g. in JIT compilers, semantic correctness of generated programs becomes a concern. This is in contrast to most other scenarios, e.g. fuzzing of runtime APIs, in which case semantic correctness can easily be worked around by wrapping the generated code in try-catch constructs. There are different possibilities to achieve an acceptable rate of semantically correct samples, one of them being a mutational approach in which all samples in the corpus are also semantically valid. In that case, each mutation only has a small chance of turning a valid sample into an invalid one.

Using Fuzzilli JavaScript Engine Fuzzing Library

The basic steps to use this fuzzer are:

Download the source code for one of the supported JavaScript engines. See the Targets/ directory for the list of supported JavaScript engines.
Apply the corresponding patches from the target’s directory. Also see the README.md in that directory.
Compile the engine with coverage instrumentation (requires clang >= 4.0) as described in the README.
Compile the fuzzer: swift build [-c release].
Run the fuzzer: swift run [-c release] FuzzilliCli --profile= [other cli options] /path/to/jsshell. See also swift run FuzzilliCli --help.

How FuzzIl works

FuzzIL has a number of properties:

A FuzzIL program is simply a list of instructions.
A FuzzIL instruction is an operation together with input and output variables and potentially one or more parameters (enclosed in single quotes in the notation above).
Inputs to instructions are always variables, there are no immediate values.
Every output of an instruction is a new variable, and existing variables can only be reassigned through dedicated operations such as the Reassign instruction.
Every variable is defined before it is used.

A number of mutations can then be performed on these programs:

InputMutator: replaces input variables of instructions with different ones to mutate the dataflow of the program.
CodeGenMutator: generates code and inserts it somewhere in the mutated program. Code is generated either by running a code generator or by copying some instructions from another program in the corpus (splicing).
CombineMutator: inserts a program from the corpus into a random position in the mutated program.
OperationMutator: mutates the parameters of operations, for example replacing an integer constant with a different one.
and more…

You can download Fuzzilli here:

fuzzilli-v0.9.1.zip

Or read more here.

Posted in: Exploits/Vulnerabilities

Topic: Exploits/Vulnerabilities

Latest Posts:

January 1, 2021 - 94 Shares

December 7, 2020 - 162 Shares

November 6, 2020 - 168 Shares

Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

November 3, 2020 - 231 Shares

October 22, 2020 - 101 Shares

October 13, 2020 - 126 Shares

OWASP APICheck – HTTP API DevSecOps Toolset

Last updated: October 13, 2020 | 2,909 views

APICheck is an HTTP API DevSecOps toolset, it integrates existing HTTP APIs tools, creates execution chains easily and is designed for integration with third-party tools in mind.

APICheck is comprised of a set of tools that can be connected to each other to achieve different functionalities, depending on how they are connected. It allows you to create execution chains and it can not only integrate self-developed tools but also can leverage existing tools in order to take advantage of them to provide new functionality.

Each tool in APICheck is a Docker image. This means that tools are a black box that could receive some information into its standard input and write results to the standard or error outputs. Additionally, the return code can be used to stop the current chain.

Who is APICheck HTTP API DevSecOps Toolset for?

APICheck focuses not only in the security testing and hacking use cases, the goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to different user profiles:

Developers
System Administrators
Security Engineers & Penetration Testers

To allow interoperability among commands and tools, all of them share a common JSON data format. In other words, APICheck commands output JSON documents, and accept them as input, too. This allows you to build pipelines (as we showed in the previous section).

Using APICheck HTTP API DevSecOps Toolset

Once installed, you can run the Package Manager by using the command acp.

$ acp

Usage: acp [-h] [-w] {list,info,install,version} ...

APICheck Manager

positional arguments:
  {list,info,install,version}
                        available actions
    list                search in A
    info                show expanded tool info
    install             install an APICheck tool
    version             displays version

optional arguments:
  -h, --help            show this help message and exit
  -w, --disable-warning
                        disable check of RC Shell File

$ acp

Usage: acp [-h] [-w] {list,info,install,version} ...

APICheck Manager

positional arguments:

{list,info,install,version}

available actions

list search in A

info show expanded tool info

install install an APICheck tool

version displays version

optional arguments:

-h, --help show this help message and exit

-w, --disable-warning

disable check of RC Shell File

You can download APICheck here:

pip install apicheck-package-manager

1	pip install apicheck-package-manager

Or read more here.

Posted in: Security Software

Topic: Security Software

Latest Posts:

January 1, 2021 - 94 Shares

December 7, 2020 - 162 Shares

November 6, 2020 - 168 Shares

Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

November 3, 2020 - 231 Shares

October 22, 2020 - 101 Shares

October 13, 2020 - 126 Shares

trident – Automated Password Spraying Tool

Last updated: October 7, 2020 | 3,285 views

The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.

trident was designed and built to fulfill several requirements and to provide:

the ability to be deployed on several cloud platforms/execution providers
the ability to schedule spraying campaigns in accordance with a target’s account lockout policy
the ability to increase the IP pool that authentication attempts originate from for operational security purposes
the ability to quickly extend functionality to include newly-encountered authentication platforms

Using trident Password Spraying Tool

Usage:
  trident-cli campaign [flags]

Flags:
  -a, --auth-provider string   this is the authentication platform you are attacking (default "okta")
  -h, --help                   help for campaign
  -i, --interval duration      requests will happen with this interval between them (default 1s)
  -b, --notbefore string       requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
  -p, --passfile string        file of passwords (newline separated)
  -u, --userfile string        file of usernames (newline separated)
  -w, --window duration        a duration that this campaign will be active (ex: 4w) (default 672h0m0s)

Usage:

trident-cli campaign [flags]

Flags:

-a, --auth-provider string this is the authentication platform you are attacking (default "okta")

-h, --help help for campaign

-i, --interval duration requests will happen with this interval between them (default 1s)

-b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")

-p, --passfile string file of passwords (newline separated)

-u, --userfile string file of usernames (newline separated)

-w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)

Example output:

$ trident-client results
+----+-------------------+------------+-------+
| ID | USERNAME          | PASSWORD   | VALID |
+----+-------------------+------------+-------+
|  1 | alice@example.org | Password1! | true  |
|  2 | bob@example.org   | Password2! | true  |
|  3 | eve@example.org   | Password3! | true  |
+----+-------------------+------------+-------+

$ trident-client results

+----+-------------------+------------+-------+

+----+-------------------+------------+-------+

+----+-------------------+------------+-------+

You can download trident here:

trident-v0.1.3.zip

Or read more here.

Posted in: Password Cracking Tools

Topic: Password Cracking Tools

Latest Posts:

January 1, 2021 - 94 Shares

December 7, 2020 - 162 Shares

November 6, 2020 - 168 Shares

Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.

November 3, 2020 - 231 Shares

October 22, 2020 - 101 Shares

October 13, 2020 - 126 Shares

1 2 … 4 Next →

Navigation

Archive | 2020

Features of zANTI Android Wireless Hacking Tool

Installing zANTI Android Wireless Hacking Tool

Latest Posts:

Goals of HELK Open Source Threat Hunting Platform

Installing HELK Open Source Threat Hunting Platform

Latest Posts:

How to use Trape OSINT Analysis Tool

Install Trape OSINT Analysis Tool

Latest Posts:

Using Fuzzilli JavaScript Engine Fuzzing Library

How FuzzIl works

Latest Posts:

Who is APICheck HTTP API DevSecOps Toolset for?

Using APICheck HTTP API DevSecOps Toolset

Latest Posts:

Using trident Password Spraying Tool

Latest Posts: