PenTools is a bundle of Python and Bash penetration testing tools for the recon and information gathering stage of a PT or VA. They are fairly simple scripts but might be interesting if you are new and want to see how some things are done, or how things can be automated using Python or Bash. […]
Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can identify general information, […]
Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info […]
Tags: automated pen-testing, automated penetration testing, automated-hacking, hacking tool, hacking toolkit, Hacking Tools, kali, kali hacking tools, pen-testing, penetration-testing, sn1per, sn1per hacking kit
Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment
OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring […]
Bearded is an open source Security Automation platform. The platform allows Development, QA, and Security team members to perform automated web security scans with a set of tools, and re-execute those scans as needed. All tools can be executed in the cloud in docker containers. Bearded has a default web interface which integrates all core […]
Cyborg Hawk Linux is a Ubuntu (Linux) based Penetration Testing Linux Distro developed and designed for ethical hackers and penetration testers. Cyborg Hawk Distro can be used for network security and assessment and also for digital forensics. It also has various tools suited to the testing of Mobile Security and Wireless infrastructure. It’s clearly not […]
The LowNoiseHG (LNHG) Massive Web Fingerprinter was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets, easily-exploitable services, forgotten/outdated servers and basic network architecture knowledge of the target. The basic operation […]
Weevely is a command line weaponized PHP web shell dynamically extended over the network at runtime and is designed for remote administration and pen testing. It provides a telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30 modules shape an extensible framework to […]
Tags: command line web shell, extensible web shell, pen-testing, penetration-testing, PHP, php web shell, Python, web-shell, weevely
Posted in: Hacking Tools, Web Hacking | Add a Comment
dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options] Options: -h, --help show this help message and exit Mandatory: -u URL, --url=URL URL target -e EXTENSIONS, --extensions=EXTENSIONS Extensions list separated by comma (Example: php, asp) Dictionary Settings: -w WORDLIST, --wordlist=WORDLIST -l, --lowercase General Settings: -r, --recursive Bruteforce recursively -t THREADSCOUNT, --threads=THREADSCOUNT Number of Threads -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES Exclude status code, separated by comma (example: 301, 500) --cookie=COOKIE, --cookie=COOKIE --user-agent=USERAGENT, --user-agent=USERAGENT --no-follow-redirects, --no-follow-redirects Connection Settings: --timeout=TIMEOUT, --timeout=TIMEOUT Connection timeout --ip=IP, --ip=IP Destination IP (instead of resolving domain, use this ip) --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY Http Proxy (example: localhost:8080 --max-retries=MAXRETRIES, --max-retries=MAXRETRIES Reports: -o OUTPUTFILE, --output=OUTPUTFILE --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE |
You […]
Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: Information discovery Exploit useful information Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not […]
