Saker:-- #Flexible #Penetrate #Testing #Auxiliary #Suite.
brief support features:-
1. scan website
#information #gathering
#framework #fingerprint
2. #fuzz #web request
#XSS
#SQL #injection
SSRF
XXE
3. #subdomain gathering
4. #port scanner
5. bruteforce
web dir
zip password
domain
6. auxiliary servers
#DNS rebinding
SSRF
XSS
7. third party API integration
crtsh
DNS dumper
#github
#sqlmap
#Download #Link:-
https://github.com/LyleMi/Saker
Saker:-- #Flexible #Penetrate #Testing #Auxiliary #Suite.
brief support features:-
1. scan website
#information #gathering
#framework #fingerprint
2. #fuzz #web request
#XSS
#SQL #injection
SSRF
XXE
3. #subdomain gathering
4. #port scanner
5. bruteforce
web dir
zip password
domain
6. auxiliary servers
#DNS rebinding
SSRF
XSS
7. third party API integration
crtsh
DNS dumper
#github
#sqlmap
#Download #Link:-
https://github.com/LyleMi/Saker
brief support features:-
1. scan website
#information #gathering
#framework #fingerprint
2. #fuzz #web request
#XSS
#SQL #injection
SSRF
XXE
3. #subdomain gathering
4. #port scanner
5. bruteforce
web dir
zip password
domain
6. auxiliary servers
#DNS rebinding
SSRF
XSS
7. third party API integration
crtsh
DNS dumper
#github
#sqlmap
#Download #Link:-
https://github.com/LyleMi/Saker
Saker:-- #Flexible #Penetrate #Testing #Auxiliary #Suite.
brief support features:-
1. scan website
#information #gathering
#framework #fingerprint
2. #fuzz #web request
#XSS
#SQL #injection
SSRF
XXE
3. #subdomain gathering
4. #port scanner
5. bruteforce
web dir
zip password
domain
6. auxiliary servers
#DNS rebinding
SSRF
XSS
7. third party API integration
crtsh
DNS dumper
#github
#sqlmap
#Download #Link:-
https://github.com/LyleMi/Saker
GitHub
GitHub - LyleMi/Saker: Flexible Penetrate Testing Auxiliary Suite
Flexible Penetrate Testing Auxiliary Suite. Contribute to LyleMi/Saker development by creating an account on GitHub.
#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--
#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.
The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.
#Link:-
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--
#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.
The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.
#Link:-
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.
The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.
#Link:-
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--
#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.
The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.
#Link:-
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
Forbes
Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat
Google has confirmed a critical security threat for millions of Android 8, 9 and 10 users that could permanently kibosh your smartphone with a single malicious message
Photos from National Cyber Security Services's post
Searpy:-- #Search #Engine #Toolkit.
Batch search tool for #acquisition during #infiltration.
search engine:-
1. #Shodan
2. #Fofa
3. #Zoomeye
4. #Google
5. #Baidu
6. #Bing
7. 360so
8. goo
#Usage:-
python Searpy.py --fofa -s "app:jboss" -p 1
python Searpy.py --shodan -s "weblogic" -l 10
python Searpy.py --google -s "inurl:login.action" -p 1
#Download #Link:-
https://github.com/j3ers3/Searpy
Searpy:-- #Search #Engine #Toolkit.
Batch search tool for #acquisition during #infiltration.
search engine:-
1. #Shodan
2. #Fofa
3. #Zoomeye
4. #Google
5. #Baidu
6. #Bing
7. 360so
8. goo
#Usage:-
python Searpy.py --fofa -s "app:jboss" -p 1
python Searpy.py --shodan -s "weblogic" -l 10
python Searpy.py --google -s "inurl:login.action" -p 1
#Download #Link:-
https://github.com/j3ers3/Searpy
GitHub
GitHub - j3ers3/Searpy: 🥀 Search Engine Tookit,URL采集、Favicon哈希值查找真实IP、子域名查找
🥀 Search Engine Tookit,URL采集、Favicon哈希值查找真实IP、子域名查找 - j3ers3/Searpy
Flynet:-- A #powerful #TCP/ #UDP tool, which support #socks5 proxy by tcp and udp, #http #proxy and #NAT traversal. This tool can help you #bypass #gfw easily.
#flynet Is a command-line tool written in #Golang language, currently supported features include:
1. Http proxy
2. Local Socks5 proxy
3. C/S mode of Socks5 proxy by TCP
4. C/S mode of Socks5 proxy by UDP
5. NAT traversal
#Download #Link:-
https://github.com/asche910/flynet
Flynet:-- A #powerful #TCP/ #UDP tool, which support #socks5 proxy by tcp and udp, #http #proxy and #NAT traversal. This tool can help you #bypass #gfw easily.
#flynet Is a command-line tool written in #Golang language, currently supported features include:
1. Http proxy
2. Local Socks5 proxy
3. C/S mode of Socks5 proxy by TCP
4. C/S mode of Socks5 proxy by UDP
5. NAT traversal
#Download #Link:-
https://github.com/asche910/flynet
#flynet Is a command-line tool written in #Golang language, currently supported features include:
1. Http proxy
2. Local Socks5 proxy
3. C/S mode of Socks5 proxy by TCP
4. C/S mode of Socks5 proxy by UDP
5. NAT traversal
#Download #Link:-
https://github.com/asche910/flynet
Flynet:-- A #powerful #TCP/ #UDP tool, which support #socks5 proxy by tcp and udp, #http #proxy and #NAT traversal. This tool can help you #bypass #gfw easily.
#flynet Is a command-line tool written in #Golang language, currently supported features include:
1. Http proxy
2. Local Socks5 proxy
3. C/S mode of Socks5 proxy by TCP
4. C/S mode of Socks5 proxy by UDP
5. NAT traversal
#Download #Link:-
https://github.com/asche910/flynet
GitHub
GitHub - asche910/flynet: A powerful TCP/UDP tool, which support socks5 proxy by tcp and udp, http proxy and NAT traversal.
A powerful TCP/UDP tool, which support socks5 proxy by tcp and udp, http proxy and NAT traversal. - GitHub - asche910/flynet: A powerful TCP/UDP tool, which support socks5 proxy by tcp and udp, ht...
Photos from National Cyber Security Services's post
Android-Security-Evaluation-Environment:-- An #emulated, disposable, efficient #Android #pentesting and #security evaluation #environment.
Creating a #penetration #testing environment using Android Studio: Android #Virtual #Devices (#AVD)
#Downlaod #Link:-
https://github.com/TheSeanis/Android-Security-Evaluation-Environment
Android-Security-Evaluation-Environment:-- An #emulated, disposable, efficient #Android #pentesting and #security evaluation #environment.
Creating a #penetration #testing environment using Android Studio: Android #Virtual #Devices (#AVD)
#Downlaod #Link:-
https://github.com/TheSeanis/Android-Security-Evaluation-Environment
GitHub
TheSeanis/Android-Security-Evaluation-Environment
An emulated, disposable, efficient Android pentesting and security evaluation environment. - TheSeanis/Android-Security-Evaluation-Environment
#ImgBackdoor:-- #Hide your #payload into .jpg file.
This #module takes one existing image.jpg and one payload.ps1 (input by the user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.
This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide #extensions for known file types' method to hide the agent.exe extension.
All payloads (user input) will be downloaded from our #apache2 #webserver
and #executed into target #RAM. The only extension (payload input by the user)
that requires to write the payload to disk are .exe binaries.
#Download #Link:-
https://github.com/kennedy69/ImgBackdoor
#ImgBackdoor:-- #Hide your #payload into .jpg file.
This #module takes one existing image.jpg and one payload.ps1 (input by the user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.
This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide #extensions for known file types' method to hide the agent.exe extension.
All payloads (user input) will be downloaded from our #apache2 #webserver
and #executed into target #RAM. The only extension (payload input by the user)
that requires to write the payload to disk are .exe binaries.
#Download #Link:-
https://github.com/kennedy69/ImgBackdoor
This #module takes one existing image.jpg and one payload.ps1 (input by the user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.
This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide #extensions for known file types' method to hide the agent.exe extension.
All payloads (user input) will be downloaded from our #apache2 #webserver
and #executed into target #RAM. The only extension (payload input by the user)
that requires to write the payload to disk are .exe binaries.
#Download #Link:-
https://github.com/kennedy69/ImgBackdoor
#ImgBackdoor:-- #Hide your #payload into .jpg file.
This #module takes one existing image.jpg and one payload.ps1 (input by the user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.
This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide #extensions for known file types' method to hide the agent.exe extension.
All payloads (user input) will be downloaded from our #apache2 #webserver
and #executed into target #RAM. The only extension (payload input by the user)
that requires to write the payload to disk are .exe binaries.
#Download #Link:-
https://github.com/kennedy69/ImgBackdoor
GitHub
GitHub - Tsuyoken/ImgBackdoor: Hide your payload into .jpg file
Hide your payload into .jpg file. Contribute to Tsuyoken/ImgBackdoor development by creating an account on GitHub.
Photos from National Cyber Security Services's post
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
GitHub
GitHub - noperator/CVE-2019-18935: RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. - noperator/CVE-2019-18935
Assembly:-- A #modern front-end #development #framework for UI-friendly rapid #prototyping.
#Download #Link:-
https://github.com/Kuipr/Assembly
Assembly:-- A #modern front-end #development #framework for UI-friendly rapid #prototyping.
#Download #Link:-
https://github.com/Kuipr/Assembly
#Download #Link:-
https://github.com/Kuipr/Assembly
Assembly:-- A #modern front-end #development #framework for UI-friendly rapid #prototyping.
#Download #Link:-
https://github.com/Kuipr/Assembly
GitHub
Kuipr/Assembly
A modern front-end development framework for UI-friendly rapid prototyping. - Kuipr/Assembly
wallet-core:-- Cross-platform, cross-blockchain #wallet library.
Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).
#Download #Link:-
https://github.com/trustwallet/wallet-core
wallet-core:-- Cross-platform, cross-blockchain #wallet library.
Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).
#Download #Link:-
https://github.com/trustwallet/wallet-core
Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).
#Download #Link:-
https://github.com/trustwallet/wallet-core
wallet-core:-- Cross-platform, cross-blockchain #wallet library.
Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).
#Download #Link:-
https://github.com/trustwallet/wallet-core
GitHub
GitHub - trustwallet/wallet-core: Cross-platform, cross-blockchain wallet library.
Cross-platform, cross-blockchain wallet library. Contribute to trustwallet/wallet-core development by creating an account on GitHub.
Forwarded from شروحات برمجة وحماية
ننوه أننا فقدنا امكانية الوصول الى القنوات التالية
مما يعني أننا لن نتمكن من نشر المزيد من الشروحات على قنواتنا التالية ...
@Black_hat_islamic
@Termuxx
@Anonymous_ARAB
@CEH_44
@termuux
@Spider_Team1
للإستمرار بمتابعة شروحاتنا يرجى الاشتراك في ....
@CEH_33
@Programmer_Tech
@PythonP
@Java_AR
@hackersoa
@hackerlibrary
@mr_lunixes
مما يعني أننا لن نتمكن من نشر المزيد من الشروحات على قنواتنا التالية ...
@Black_hat_islamic
@Termuxx
@Anonymous_ARAB
@CEH_44
@termuux
@Spider_Team1
للإستمرار بمتابعة شروحاتنا يرجى الاشتراك في ....
@CEH_33
@Programmer_Tech
@PythonP
@Java_AR
@hackersoa
@hackerlibrary
@mr_lunixes
Forwarded from جامع النافع