Last updated: December 7, 2020 | 21,573 views
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download.
This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
Features of zANTI Android Wireless Hacking Tool
This network auditor comes along with a rather simple interface compared to other solutions and running its tasks is pretty straightforward. These are its main features:
Scan
Conduct network scans, in different intensity levels in order to identify connected devices, their properties and their vulnerabilities.
Diagnose
Enable Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and Metasploit.
Report
Highlight security gaps in your existing network and mobile defences and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.
Installing zANTI Android Wireless Hacking Tool
Minimum operating system requirements: Android 4.0.
The installation of the app by means of the APK file requires the activation of the “Unknown sources” option within Settings>Applications.
You can download zANTI here – the password is darknet123! –
zAnti3.19.apk.zip
Or read more here.
Posted in: Hacking Tools
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: November 6, 2020 | 7,410 views
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.
Goals of HELK Open Source Threat Hunting Platform
- Provide an open-source hunting platform to the community and share the basics of Threat Hunting.
- Expedite the time it takes to deploy a hunting platform.
- Improve the testing and development of hunting use cases in an easier and more affordable way.
- Enable Data Science capabilities while analyzing data via Apache Spark, GraphFrames & Jupyter Notebooks.
Installing HELK Open Source Threat Hunting Platform
You can start playing with the HELK in a few steps:
Step 1, download:
|
|
git clone https://github.com/Cyb3rWard0g/HELK.git |
Step 2, install:
|
|
cd HELK/ sudo ./helk_install.sh |
You can download HELK here:
HELK-v0.1.7-alpha03042019.zip
Or read more here.
Posted in: Hacking Tools
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: November 3, 2020 | 11,538 views
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.
Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.
How to use Trape OSINT Analysis Tool
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
user:~$ python2 trape.py --help usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT] [-ak ACCESSKEY] [-l LOCAL] [--update] [-n] [-ic INJC] optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit -u URL, --url URL Put the web page url to clone -p PORT, --port PORT Insert your port -ak ACCESSKEY, --accesskey ACCESSKEY Insert your custom key access -l LOCAL, --local LOCAL Insert your home file -n, --ngrok Insert your ngrok Authtoken -ic INJC, --injectcode INJC Insert your custom REST API path -ud UPDATE, --update UPDATE Update trape to the latest version |
Install Trape OSINT Analysis Tool
First download the tool:
|
|
git clone https://github.com/jofpin/trape.git cd trape python2 trape.py -h |
If it does not work, try to install all the libraries that are located in the file requirements.txt
|
|
python2 -m pip install -r requirements.txt |
Example execution:
|
|
python2 trape.py --url http://example.com --port 8080 |
You can download Trape here:
trape-master.zip
Or read more here.
Posted in: Social Engineering
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: October 22, 2020 | 2,117 views
Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript.
When fuzzing for core interpreter bugs, e.g. in JIT compilers, semantic correctness of generated programs becomes a concern. This is in contrast to most other scenarios, e.g. fuzzing of runtime APIs, in which case semantic correctness can easily be worked around by wrapping the generated code in try-catch constructs. There are different possibilities to achieve an acceptable rate of semantically correct samples, one of them being a mutational approach in which all samples in the corpus are also semantically valid. In that case, each mutation only has a small chance of turning a valid sample into an invalid one.
Using Fuzzilli JavaScript Engine Fuzzing Library
The basic steps to use this fuzzer are:
- Download the source code for one of the supported JavaScript engines. See the Targets/ directory for the list of supported JavaScript engines.
- Apply the corresponding patches from the target’s directory. Also see the README.md in that directory.
- Compile the engine with coverage instrumentation (requires clang >= 4.0) as described in the README.
- Compile the fuzzer:
swift build [-c release].
- Run the fuzzer:
swift run [-c release] FuzzilliCli --profile= [other cli options] /path/to/jsshell. See also swift run FuzzilliCli --help.
How FuzzIl works
FuzzIL has a number of properties:
- A FuzzIL program is simply a list of instructions.
- A FuzzIL instruction is an operation together with input and output variables and potentially one or more parameters (enclosed in single quotes in the notation above).
- Inputs to instructions are always variables, there are no immediate values.
- Every output of an instruction is a new variable, and existing variables can only be reassigned through dedicated operations such as the Reassign instruction.
- Every variable is defined before it is used.
A number of mutations can then be performed on these programs:
- InputMutator: replaces input variables of instructions with different ones to mutate the dataflow of the program.
- CodeGenMutator: generates code and inserts it somewhere in the mutated program. Code is generated either by running a code generator or by copying some instructions from another program in the corpus (splicing).
- CombineMutator: inserts a program from the corpus into a random position in the mutated program.
- OperationMutator: mutates the parameters of operations, for example replacing an integer constant with a different one.
- and more…
You can download Fuzzilli here:
fuzzilli-v0.9.1.zip
Or read more here.
Posted in: Exploits/Vulnerabilities
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: October 13, 2020 | 3,507 views
APICheck is an HTTP API DevSecOps toolset, it integrates existing HTTP APIs tools, creates execution chains easily and is designed for integration with third-party tools in mind.
APICheck is comprised of a set of tools that can be connected to each other to achieve different functionalities, depending on how they are connected. It allows you to create execution chains and it can not only integrate self-developed tools but also can leverage existing tools in order to take advantage of them to provide new functionality.
Each tool in APICheck is a Docker image. This means that tools are a black box that could receive some information into its standard input and write results to the standard or error outputs. Additionally, the return code can be used to stop the current chain.
Who is APICheck HTTP API DevSecOps Toolset for?
APICheck focuses not only in the security testing and hacking use cases, the goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to different user profiles:
- Developers
- System Administrators
- Security Engineers & Penetration Testers
To allow interoperability among commands and tools, all of them share a common JSON data format. In other words, APICheck commands output JSON documents, and accept them as input, too. This allows you to build pipelines (as we showed in the previous section).
Using APICheck HTTP API DevSecOps Toolset
Once installed, you can run the Package Manager by using the command acp.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
$ acp Usage: acp [-h] [-w] {list,info,install,version} ... APICheck Manager positional arguments: {list,info,install,version} available actions list search in A info show expanded tool info install install an APICheck tool version displays version optional arguments: -h, --help show this help message and exit -w, --disable-warning disable check of RC Shell File |
You can download APICheck here:
|
|
pip install apicheck-package-manager |
Or read more here.
Posted in: Security Software
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
Last updated: October 7, 2020 | 4,631 views
The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.
trident was designed and built to fulfill several requirements and to provide:
- the ability to be deployed on several cloud platforms/execution providers
- the ability to schedule spraying campaigns in accordance with a target’s account lockout policy
- the ability to increase the IP pool that authentication attempts originate from for operational security purposes
- the ability to quickly extend functionality to include newly-encountered authentication platforms
Using trident Password Spraying Tool
|
|
Usage: trident-cli campaign [flags] Flags: -a, --auth-provider string this is the authentication platform you are attacking (default "okta") -h, --help help for campaign -i, --interval duration requests will happen with this interval between them (default 1s) -b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00") -p, --passfile string file of passwords (newline separated) -u, --userfile string file of usernames (newline separated) -w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s) |
Example output:
|
|
$ trident-client results +----+-------------------+------------+-------+ | ID | USERNAME | PASSWORD | VALID | +----+-------------------+------------+-------+ | 1 | alice@example.org | Password1! | true | | 2 | bob@example.org | Password2! | true | | 3 | eve@example.org | Password3! | true | +----+-------------------+------------+-------+ |
You can download trident here:
trident-v0.1.3.zip
Or read more here.
Posted in: Password Cracking Tools
Latest Posts:
Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 162 Shares
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. July 7, 2021 - 148 Shares
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. May 27, 2021 - 266 Shares
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. May 7, 2021 - 140 Shares
Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. April 19, 2021 - 248 Shares
APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. March 5, 2021 - 265 Shares
