Photos from National Cyber Security Services's post
Maltrail:-- #Malicious #traffic #detection #system.
Maltrail is a #malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from #domain name (e.g. zvpprsensinaix.com for #Banjori malware), URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or #HTTP User-Agent header value (e.g. #sqlmap for automatic #SQL #injection and #database takeover tool). Also, it uses (optional) advanced heuristic #mechanisms that can help in the discovery of unknown threats (e.g. new #malware).
#Downlaod #Link:-
https://github.com/stamparm/maltrail
Maltrail:-- #Malicious #traffic #detection #system.
Maltrail is a #malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from #domain name (e.g. zvpprsensinaix.com for #Banjori malware), URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or #HTTP User-Agent header value (e.g. #sqlmap for automatic #SQL #injection and #database takeover tool). Also, it uses (optional) advanced heuristic #mechanisms that can help in the discovery of unknown threats (e.g. new #malware).
#Downlaod #Link:-
https://github.com/stamparm/maltrail
OSINT-Framework- #OSINT #framework focused on #gathering #information from free #tools or #resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.
The framework was originally created with an information #security point of view. Since then, the response from other fields and disciplines has been incredible.
#Download #Link:-
https://github.com/lockfale/OSINT-Framework
OSINT-Framework- #OSINT #framework focused on #gathering #information from free #tools or #resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.
The framework was originally created with an information #security point of view. Since then, the response from other fields and disciplines has been incredible.
#Download #Link:-
https://github.com/lockfale/OSINT-Framework
The framework was originally created with an information #security point of view. Since then, the response from other fields and disciplines has been incredible.
#Download #Link:-
https://github.com/lockfale/OSINT-Framework
OSINT-Framework- #OSINT #framework focused on #gathering #information from free #tools or #resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.
The framework was originally created with an information #security point of view. Since then, the response from other fields and disciplines has been incredible.
#Download #Link:-
https://github.com/lockfale/OSINT-Framework
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
Photos from National Cyber Security Services's post
UFONet - #Denial of #Service Toolkit.
#UFONet is a #toolkit designed to launch #DDoS and #DoS #attacks.it runs on many platforms. It requires #Python (>=3) and requires :-#whois,#pycurl,#geoip,#crypto,#scanpy,#requests.
#Download #Link:-
https://github.com/epsylon/ufonet
UFONet - #Denial of #Service Toolkit.
#UFONet is a #toolkit designed to launch #DDoS and #DoS #attacks.it runs on many platforms. It requires #Python (>=3) and requires :-#whois,#pycurl,#geoip,#crypto,#scanpy,#requests.
#Download #Link:-
https://github.com/epsylon/ufonet
Photos from National Cyber Security Services's post
hidden-tear- #ransomware #open-#sources
It's a ransomware-like file #crypter sample which can be modified for specific purposes.
Features:-
-Uses #AES #algorithm to #encrypt files.
-Sends encryption key to a #server.
-Encrypted files can be #decrypt in #decrypter program with encryption key.
-Creates a text file in Desktop with given message.
-Small file size (12 KB)
-Doesn't detected to #antivirus programs
#Download #Link:-
https://github.com/goliate/hidden-tear
hidden-tear- #ransomware #open-#sources
It's a ransomware-like file #crypter sample which can be modified for specific purposes.
Features:-
-Uses #AES #algorithm to #encrypt files.
-Sends encryption key to a #server.
-Encrypted files can be #decrypt in #decrypter program with encryption key.
-Creates a text file in Desktop with given message.
-Small file size (12 KB)
-Doesn't detected to #antivirus programs
#Download #Link:-
https://github.com/goliate/hidden-tear
Photos from National Cyber Security Services's post
WordPress-PT:-- #Exploiting #Wordpress #vulnerabilities discovered via #WPScan.
Objective: Find, #analyze, recreate, and #document five vulnerabilities affecting an old version of WordPress.
Setup:-
1. #VirtualBox - #Virtual #machine #manager.
2. #Kali #Linux - #Attack #OS of choice.
3. #WPDistillery - Creating a locally hosted Wordpress #site.
4. #WPScan - #Vulnerability #scanner.
1. CVE-2018-6390 - Denial Of Service Overflow (#DOS)
2. CVE-2015-5622 - Cross-Site Scripting (#XSS)
3. CVE-2017-9061 - Error in Upload when the file's too large
4. CVE 2015-5714 - Shortcode Tags
5. CVE 2017-6817 - Authenticated XSS in #Youtube #URL Embeds
#Download #Link:-
https://github.com/bryanvnguyen/WordPress-PT
WordPress-PT:-- #Exploiting #Wordpress #vulnerabilities discovered via #WPScan.
Objective: Find, #analyze, recreate, and #document five vulnerabilities affecting an old version of WordPress.
Setup:-
1. #VirtualBox - #Virtual #machine #manager.
2. #Kali #Linux - #Attack #OS of choice.
3. #WPDistillery - Creating a locally hosted Wordpress #site.
4. #WPScan - #Vulnerability #scanner.
1. CVE-2018-6390 - Denial Of Service Overflow (#DOS)
2. CVE-2015-5622 - Cross-Site Scripting (#XSS)
3. CVE-2017-9061 - Error in Upload when the file's too large
4. CVE 2015-5714 - Shortcode Tags
5. CVE 2017-6817 - Authenticated XSS in #Youtube #URL Embeds
#Download #Link:-
https://github.com/bryanvnguyen/WordPress-PT
Photos from National Cyber Security Services's post
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe