Photos from National Cyber Security Services's post
Bettercap:-- The #Swiss #Army #knife for 802.11, BLE and Ethernet network #reconnaissance and #MITM attacks.
#Bettercap is a #powerful, easily extensible and portable #framework written in #Go which aims to offer to #security #researchers, #redteamers and #reverse #engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking #WiFi networks, #Bluetooth Low Energy devices, #wireless #HID devices, and Ethernet networks.
Main Features:-
1. WiFi networks scanning, de-authentication attack, clientless #PMKID association attack, and automatic #WPA/ #WPA2 client handshakes capture.
2. Bluetooth Low Energy devices scanning, characteristics enumeration, reading, and writing.
3. 2.4Ghz wireless devices scanning and #MouseJacking attacks with over-the-air HID frames injection (with #DuckyScript support).
4. Passive and active IP network hosts probing and recon.
5. #ARP, #DNS and #DHCPv6 spoofers for MITM attacks on IP based networks.
6. Proxies at the packet level, #TCP level and #HTTP/ #HTTPS application-level fully scriptable with easy to implement javascript plugins.
7. A powerful network sniffer for credentials harvesting which can also be used as a network #protocol #fuzzer.
8. A very fast port scanner.
9. A powerful #REST #API with support for asynchronous events notification on #WebSocket to orchestrate your attacks easily.
10. A very convenient #web UI.
More!
#Download #Link:-
https://github.com/bettercap/bettercap
Bettercap:-- The #Swiss #Army #knife for 802.11, BLE and Ethernet network #reconnaissance and #MITM attacks.
#Bettercap is a #powerful, easily extensible and portable #framework written in #Go which aims to offer to #security #researchers, #redteamers and #reverse #engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking #WiFi networks, #Bluetooth Low Energy devices, #wireless #HID devices, and Ethernet networks.
Main Features:-
1. WiFi networks scanning, de-authentication attack, clientless #PMKID association attack, and automatic #WPA/ #WPA2 client handshakes capture.
2. Bluetooth Low Energy devices scanning, characteristics enumeration, reading, and writing.
3. 2.4Ghz wireless devices scanning and #MouseJacking attacks with over-the-air HID frames injection (with #DuckyScript support).
4. Passive and active IP network hosts probing and recon.
5. #ARP, #DNS and #DHCPv6 spoofers for MITM attacks on IP based networks.
6. Proxies at the packet level, #TCP level and #HTTP/ #HTTPS application-level fully scriptable with easy to implement javascript plugins.
7. A powerful network sniffer for credentials harvesting which can also be used as a network #protocol #fuzzer.
8. A very fast port scanner.
9. A powerful #REST #API with support for asynchronous events notification on #WebSocket to orchestrate your attacks easily.
10. A very convenient #web UI.
More!
#Download #Link:-
https://github.com/bettercap/bettercap
Photos from National Cyber Security Services's post
DWKit:-- DWKit is a #Business #Process #Management #System based on .NET Core and React.
DWKit is a .NET BPM system made with simplicity and flexibility in mind. DWKit allows you to model, automate and execute mission-critical business processes, whatever #industry you’re operating in.
Features:-
1. Drag-&-drop form builder
2. Designer of workflow
3. User Interface on #React (JSX)
4. Role-based access control
5. #Admin panel
6. Support #MSSQL/ #PostgreSQL/ #Oracle #databases
7. Works fine on #Windows/ #Linux/ #MacOSX
#Download #Link:-
https://github.com/optimajet/DWKit
DWKit:-- DWKit is a #Business #Process #Management #System based on .NET Core and React.
DWKit is a .NET BPM system made with simplicity and flexibility in mind. DWKit allows you to model, automate and execute mission-critical business processes, whatever #industry you’re operating in.
Features:-
1. Drag-&-drop form builder
2. Designer of workflow
3. User Interface on #React (JSX)
4. Role-based access control
5. #Admin panel
6. Support #MSSQL/ #PostgreSQL/ #Oracle #databases
7. Works fine on #Windows/ #Linux/ #MacOSX
#Download #Link:-
https://github.com/optimajet/DWKit
AMLIDS:-- #Android #Machine #Learning #Intrusion #Detection System is written in C#
Android App (written in C# with Xamarin Forms):-
1. Create the Android App to collect the hypothetical #information needed to create the model
2. Add LiteDb and syncing to the gRPC service
3. Add background service to do the #syncing automatically
4. Add ML detections from the background service
#Download #Link:-
https://github.com/jcapellman/AMLIDS
AMLIDS:-- #Android #Machine #Learning #Intrusion #Detection System is written in C#
Android App (written in C# with Xamarin Forms):-
1. Create the Android App to collect the hypothetical #information needed to create the model
2. Add LiteDb and syncing to the gRPC service
3. Add background service to do the #syncing automatically
4. Add ML detections from the background service
#Download #Link:-
https://github.com/jcapellman/AMLIDS
Android App (written in C# with Xamarin Forms):-
1. Create the Android App to collect the hypothetical #information needed to create the model
2. Add LiteDb and syncing to the gRPC service
3. Add background service to do the #syncing automatically
4. Add ML detections from the background service
#Download #Link:-
https://github.com/jcapellman/AMLIDS
AMLIDS:-- #Android #Machine #Learning #Intrusion #Detection System is written in C#
Android App (written in C# with Xamarin Forms):-
1. Create the Android App to collect the hypothetical #information needed to create the model
2. Add LiteDb and syncing to the gRPC service
3. Add background service to do the #syncing automatically
4. Add ML detections from the background service
#Download #Link:-
https://github.com/jcapellman/AMLIDS
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
OSCE-Exploit:-- Re-create in the "#CTP Lab"
#Download #Link:-
https://github.com/Applebois/OSCE-Exploit
OSCE-Exploit:-- Re-create in the "#CTP Lab"
#Download #Link:-
https://github.com/Applebois/OSCE-Exploit
#Download #Link:-
https://github.com/Applebois/OSCE-Exploit
OSCE-Exploit:-- Re-create in the "#CTP Lab"
#Download #Link:-
https://github.com/Applebois/OSCE-Exploit