Darknet https://www.darknet.org.uk Hacking Tools, Hacker News & Cyber Security Mon, 19 Mar 2018 08:19:53 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.4 https://www.darknet.org.uk/images/darknet_logo_small.jpghttps://www.darknet.org.uk/images/darknet_logo_small.jpgdf6f0b GetAltName – Discover Sub-Domains From SSL Certificates https://www.darknet.org.uk/2018/03/getaltname-discover-sub-domains-from-ssl-certificates/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/getaltname-discover-sub-domains-from-ssl-certificates/#respond Mon, 19 Mar 2018 08:19:32 +0000 https://www.darknet.org.uk/?p=4978 GetAltName – Discover Sub-Domains From SSL Certificates

GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.

It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.

Features of GetAltName to Discover Sub-Domains

  • Strips wildcards and www’s
  • Returns a unique list (no duplicates)
  • Works on verified and self-signed certs
  • Domain matching system
  • Filtering for main domains and TLDs
  • Gets additional sub-domains from crt.sh
  • Outputs to clipboard

GetAltName Subdomain Exctraction Tool Usage

You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.

Read the rest of GetAltName – Discover Sub-Domains From SSL Certificates now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/getaltname-discover-sub-domains-from-ssl-certificates/feed/ 0
Memcrashed – Memcached DDoS Exploit Tool https://www.darknet.org.uk/2018/03/memcrashed-memcached-ddos-exploit-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/memcrashed-memcached-ddos-exploit-tool/#respond Tue, 13 Mar 2018 14:32:42 +0000 https://www.darknet.org.uk/?p=4974 Memcrashed – Memcached DDoS Exploit Tool

Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.

This is related to the recent record-breaking Memcached DDoS attacks that are likely to plague 2018 with over 100,000 vulnerable Memcached servers showing up in Shodan.

What is Memcached?

Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.

Read the rest of Memcrashed – Memcached DDoS Exploit Tool now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/memcrashed-memcached-ddos-exploit-tool/feed/ 0
QualysGuard – Vulnerability Management Tool https://www.darknet.org.uk/2018/03/qualysguard-vulnerability-management-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/qualysguard-vulnerability-management-tool/#respond Sun, 11 Mar 2018 11:31:41 +0000 https://www.darknet.org.uk/?p=4975 QualysGuard – Vulnerability Management Tool

QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.

From reviews, it seems like a competent tool with a low rate of false positives that is fairly easy to work with and keep the more ‘dangerous’ parts of vulnerability scanning out of the hands of users, but with the flexibility for expert users to do what they need.

Read the rest of QualysGuard – Vulnerability Management Tool now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/qualysguard-vulnerability-management-tool/feed/ 0
Memcached DDoS Attacks Will Be BIG In 2018 https://www.darknet.org.uk/2018/03/memcached-ddos-attacks-will-be-big-in-2018/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/memcached-ddos-attacks-will-be-big-in-2018/#respond Wed, 07 Mar 2018 18:33:41 +0000 https://www.darknet.org.uk/?p=4971 Memcached DDoS Attacks Will Be BIG In 2018

So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.

Unfortunately, it looks like a problem that won’t easily go away as there are so many publically exposed, poorly configured Memcached servers online (estimated to be over 100,000).

Honestly, Github handled the 1.3Tbps attack like a champ with only 10 minutes downtime although they did deflect it by moving traffic to Akamai.

Read the rest of Memcached DDoS Attacks Will Be BIG In 2018 now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/memcached-ddos-attacks-will-be-big-in-2018/feed/ 0
libsodium – Easy-to-use Software Library For Encryption https://www.darknet.org.uk/2018/03/libsodium-easy-to-use-software-library-for-encryption/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/libsodium-easy-to-use-software-library-for-encryption/#respond Mon, 05 Mar 2018 17:54:43 +0000 https://www.darknet.org.uk/?p=4635 libsodium – Easy-to-use Software Library For Encryption

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.

Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS, Android, as well as Javascript and Webassembly.

Read the rest of libsodium – Easy-to-use Software Library For Encryption now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/libsodium-easy-to-use-software-library-for-encryption/feed/ 0
XSStrike – Advanced XSS Fuzzer & Exploitation Suite https://www.darknet.org.uk/2018/03/xsstrike-advanced-xss-fuzzer-exploitation-suite/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/xsstrike-advanced-xss-fuzzer-exploitation-suite/#respond Sat, 03 Mar 2018 15:49:31 +0000 https://www.darknet.org.uk/?p=4967 XSStrike – Advanced XSS Fuzzer & Exploitation Suite

XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

It is also built in an intelligent enough manner to detect and break out of various contexts.

Features of XSStrike XSS Fuzzer & Hacking Tool

XSStrike has:

  • Powerful fuzzing engine
  • Context breaking technology
  • Intelligent payload generation
  • GET & POST method support
  • Cookie Support
  • WAF Fingerprinting
  • Handcrafted payloads for filter and WAF evasion
  • Hidden parameter discovery
  • Accurate results via levenshtein distance algorithm

There are various other XSS security related tools you can check out like:

– XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool
– xssless – An Automated XSS Payload Generator Written In Python
– XSSer v1.0 – Cross Site Scripter Framework

You can download XSStrike here:


Or read more here.

Read the rest of XSStrike – Advanced XSS Fuzzer & Exploitation Suite now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/xsstrike-advanced-xss-fuzzer-exploitation-suite/feed/ 0
Bitdefender Releases FREE GandCrab Ransomware Decryption Tool https://www.darknet.org.uk/2018/03/bitdefender-releases-free-gandcrab-ransomware-decryption-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/03/bitdefender-releases-free-gandcrab-ransomware-decryption-tool/#respond Wed, 28 Feb 2018 16:46:56 +0000 https://www.darknet.org.uk/?p=4965 Bitdefender Releases FREE GandCrab Ransomware Decryption Tool

The latest ransomware kicking everyone’s ass is Gandcrab which has infected an estimated 50,000 computers, fortunately for the victims, Bitdefender has released a free Gandcrab ransomware decryption tool as a part of the No More Ransom Project.

There’s nothing particularly notable about the ransomware itself other than it combines two existing exploit kits to compromise people and it takes payment in Dash, which is a privacy coin, rather than Bitcoin (which is a first as far as I know).

Read the rest of Bitdefender Releases FREE GandCrab Ransomware Decryption Tool now! Only available at Darknet.

https://www.darknet.org.uk/2018/03/bitdefender-releases-free-gandcrab-ransomware-decryption-tool/feed/ 0
Quickjack – Advanced Clickjacking & Frame Slicing Attack Tool https://www.darknet.org.uk/2018/02/quickjack-advanced-clickjacking-frame-slicing-attack-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/quickjack-advanced-clickjacking-frame-slicing-attack-tool/#comments Mon, 26 Feb 2018 20:53:37 +0000 https://www.darknet.org.uk/?p=4622 Quickjack – Advanced Clickjacking & Frame Slicing Attack Tool

Quickjack is an intuitive, point-and-click tool for performing advanced and covert clickjacking and frame slicing attacks. It also allows you to easily perform clickjacking, or steal “clicks” from users on many websites, forcing the user to unknowingly click buttons or links (for example the Facebook Like button) using their own cookies.

Quickjack By placing the auto-generated code on any site, you can obtain thousands of clicks quickly from different users, or perform targeted attacks by luring a victim to a specific URL.

Read the rest of Quickjack – Advanced Clickjacking & Frame Slicing Attack Tool now! Only available at Darknet.

https://www.darknet.org.uk/2018/02/quickjack-advanced-clickjacking-frame-slicing-attack-tool/feed/ 1
BootStomp – Find Android Bootloader Vulnerabilities https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/#respond Mon, 12 Feb 2018 09:59:51 +0000 https://www.darknet.org.uk/?p=4640 BootStomp – Find Android Bootloader Vulnerabilities

BootStomp is a Python-based tool, with Docker support that helps you find two different classes of Android bootloader vulnerabilities and bugs. It looks for memory corruption and state storage vulnerabilities.

Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results.

Read the rest of BootStomp – Find Android Bootloader Vulnerabilities now! Only available at Darknet.

https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/feed/ 0
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/#respond Fri, 09 Feb 2018 18:08:35 +0000 https://www.darknet.org.uk/?p=4952 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018

Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68. It’s a pretty strong move, but Google and the Internet, in general, has been moving in this direction for a while.

It started with suggestions, then forced SSL on all sites behind logins, then mixed-content warnings, then showing HTTP sites are not-secured and now it’s going to be outright marked as insecure.

Read the rest of Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 now! Only available at Darknet.

https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/feed/ 0