Archive | Hacking Tools

HashData – A Command-line Hash Identifying Tool

April 3, 2017 | 1,642 views

HashData is a Ruby-based command-line REPL Hash Identifying Tool with support for a lot of different (most popular) hash types. Installation

$ gem install hashdata

1	$ gem install hashdata

Usage Command Line When installed, run hashdata and paste in hashes when prompted. Library Example Script:

require 'hashdata'
hash = HashData.new
puts(hash.check_type("1111111111111",'DES'))

require 'hashdata'

hash = HashData.new

puts(hash.check_type("1111111111111",'DES'))

The above should output true. The library only matches the start of your second input, this […]

Shares 191

Tags: audit hashes, hash, hash identifying tool, hash identity, hashdata, hashes, identify hash, identify hash type, identify password hash, password hash identifier, password-hash, ruby

Posted in: Cryptography, Hacking Tools, Password Cracking | Add a Comment

HashPump – Exploit Hash Length Extension Attack

March 27, 2017 | 1,491 views

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage

$ hashpump -h
HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]
    HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.
    -h --help          Display this message.
    -t --test          Run tests to verify each algorithm is operating properly.
    -s --signature     The signature from known message.
    -d --data          The data from the known message.
    -a --additional    The information you would like to add to the known message.
    -k --keylength     The length in bytes of the key being used to sign the original message with.
    Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.
    <Developed by bwall(@botnet_hunter)>

$ hashpump -h

HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]

HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.

-h --help Display this message.

-t --test Run tests to verify each algorithm is operating properly.

-s --signature The signature from known message.

-d --data The data from the known message.

-a --additional The information you would like to add to the known message.

-k --keylength The length in bytes of the key being used to sign the original message with.

Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.

You can download HashPump here:

$ git clone https://github.com/bwall/HashPump.git
$ apt-get install g++ libssl-dev
$ cd HashPump
$ make
$ make install

$ git clone https://github.com/bwall/HashPump.git

$ apt-get install g++ libssl-dev

$ cd HashPump

$ make

$ make install

Or read more […]

Share47

+19

Share10

Shares 66

Tags: c, cpp, hash length, hash length attack, hash length extension, hash length extension attack, hashpump, Python

Posted in: Cryptography, Exploits/Vulnerabilities, Hacking Tools | Add a Comment

Kadimus – LFI Scanner & Exploitation Tool

March 25, 2017 | 1,957 views

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

$git clone https://github.com/P0cL4bs/Kadimus.git
$ cd Kadimus

1 2	$git clone https://github.com/P0cL4bs/Kadimus.git $ cd Kadimus

Then you can run the configure file:

./configure

1	./configure

Then:

$ make

$ make

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Share66

+16

Share24

Shares 96

Tags: detect lfi, detect local file inclusion, exploit lfi, exploit local file inclusion, kadimus, lfi, lfi exploit, lfi scanner, local file inclusion, scan for lfi

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

SessionGopher – Session Extraction Tool

March 20, 2017 | 1,580 views

SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. The tool can find and decrypt saved session information for remote access tools. It has WMI functionality built in so it can be run remotely, its […]

Share43

+112

Share67

Shares 122

Tags: extract filezilla session, extract putty session, filezilla, filezilla security, fireeye, hack putty, powershell, powershell hacking, powershell session extraction, putty hacking, putty session extract, sessiongopher

Posted in: Hacking Tools, Windows Hacking | Add a Comment

Powerfuzzer – Automated Customizable Web Fuzzer

March 13, 2017 | 1,564 views

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user-friendly, modern, effective and to work consistently. It is also designed and coded to be modular and extendable, […]

Share42

+16

Share42

Shares 90

Tags: customizable fuzzer, customizable web fuzzer, fuzzer, fuzzing, fuzzing-tool, hacking, Hacking Tools, power fuzzer, powerfuzzer, web fuzzer, web fuzzing tool

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment

Angry IP Scanner – Fast Network Scanner

March 11, 2017 | 2,703 views

Angry IP scanner is a very easy to use, fast network scanner – basically a cross-platform IP address and port scanner. It can scan IP addresses in any range as well as any their ports, it’s also very lightweight and doesn’t require any installation, it can be freely copied and used anywhere. Angry IP scanner […]

Shares 115

Tags: angry ip, angry ip scanner, angryip, cross platform, fast network sanner, fast port scanner, ip scanner, network scanner, port-scanner

Posted in: Hacking Tools, Network Hacking | Add a Comment

WikiLeaks Exposes Massive CIA Leak Including Hacking Tools

March 9, 2017 | 3,085 views

WikiLeaks has dropped another massive bomb called “Vault7“, basically a massive CIA leak which covers documents, correspondence, hacking tools, exploits and much more. It details sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Smart TVs. The first installment published already contains 7,818 web pages with 943 attachments […]

Share117

+15

Share48

Shares 170

Tags: cia document leak, cia dump, cia exploits, cia hack, cia hacking tools, cia leak, cia secrets, cia vault7, cia zero day, massive cia leak, vault 7, wikileaks

Posted in: Hacking Tools, Legal Issues, Privacy | Add a Comment

Termineter – Smart Meter Security Testing Framework

February 27, 2017 | 1,994 views

Termineter is a Python Smart Meter Security Testing framework which allows authorised individuals to test Smart Meters for vulnerabilities such as energy consumption fraud, network hijacking, and more. Many of these vulnerabilities have been highlighted by the media and advisories have been sent out by law enforcement agencies. The goal of a public release for […]

Share59

+14

Share77

Shares 140

Tags: brute force smart meter, hacking a smart meter, smart meter, smart meter hacking, smart meter security, smart meter security testing, smart meters, termineter

Posted in: Hacking Tools, Hardware Hacking, Network Hacking | Add a Comment

ShellNoob – Shellcode Writing Toolkit

February 24, 2017 | 2,665 views

ShellNoob is a Python-based Shellcode writing toolkit which removes the boring and error-prone manual parts from creating your own shellcodes. Do note this is not a shellcode generator or intended to replace Metasploit’s shellcode generator, it’s designed to automate the manual parts of shellcode creation like format conversion, compilation and testing, dealing with syscalls and […]

Shares 166

Tags: asm to opcode conversion, opcode to asm conversion, shellcode, shellcode conversion, shellcode format conversion, shellcode writing, shellcode writing tool, shellcode writing toolkit, shellnoob

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment

crackle – Crack Bluetooth Smart Encryption (BLE)

February 20, 2017 | 3,294 views

crackle is a tool to crack Bluetooth Smart Encryption (BLE), it exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers. crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With […]

Share84

+112

Share39

Shares 135

Tags: ble, ble encryption, bluetooth, bluetooth low energy, bluetooth security, bluetooth smart, crack ble, crack bluetooth smart, crackle, decrypt ble encryption