Photos from National Cyber Security Services's post
AutoXploit:-- Fast #exploitation based on #metasploit.
Auto #Payload Generator & #Exploiter
#AutoXploit is simply a shell script that helps you to generate Metasploit payloads and starts the #meterpreter handler quickly. At times, #security #researchers have to generate payloads and listen to the connection through handler constantly, AutoXploit not only allows you to quickly generate payloads but it also has an option to start the handler automatically.
#Download #Link:-
https://github.com/Yashvendra/AutoXploit
AutoXploit:-- Fast #exploitation based on #metasploit.
Auto #Payload Generator & #Exploiter
#AutoXploit is simply a shell script that helps you to generate Metasploit payloads and starts the #meterpreter handler quickly. At times, #security #researchers have to generate payloads and listen to the connection through handler constantly, AutoXploit not only allows you to quickly generate payloads but it also has an option to start the handler automatically.
#Download #Link:-
https://github.com/Yashvendra/AutoXploit
Photos from National Cyber Security Services's post
#Citrix #ADC #vulnerability explanation and #exploitation. This video shows how to find hosts #vulnerable to CVE-2019-19781. Vulnerable hosts can be found easily using #Shodan.
#Link:- https://www.youtube.com/watch?v=cALcgyq42kI
To learn more:
1. https://support.citrix.com/article/CT...
2. https://www.exploit-db.com/exploits/4...
#Citrix #ADC #vulnerability explanation and #exploitation. This video shows how to find hosts #vulnerable to CVE-2019-19781. Vulnerable hosts can be found easily using #Shodan.
#Link:- https://www.youtube.com/watch?v=cALcgyq42kI
To learn more:
1. https://support.citrix.com/article/CT...
2. https://www.exploit-db.com/exploits/4...
CryptoAPI:-- A #PoC for CVE-2020-0601
#Windows #CryptoAPI #Spoofing #Vulnerability #exploitation.
#Download #Link:-
https://github.com/kudelskisecurity/chainoffools
CryptoAPI:-- A #PoC for CVE-2020-0601
#Windows #CryptoAPI #Spoofing #Vulnerability #exploitation.
#Download #Link:-
https://github.com/kudelskisecurity/chainoffools
#Windows #CryptoAPI #Spoofing #Vulnerability #exploitation.
#Download #Link:-
https://github.com/kudelskisecurity/chainoffools
CryptoAPI:-- A #PoC for CVE-2020-0601
#Windows #CryptoAPI #Spoofing #Vulnerability #exploitation.
#Download #Link:-
https://github.com/kudelskisecurity/chainoffools
Photos from National Cyber Security Services's post
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
Photos from National Cyber Security Services's post
Ghost Framework:-- #Android #post #exploitation #framework that uses an Android Debug Bridge to #remotely access an Android device. #Ghost Framework gives you the power and convenience of #remote Android #device #administration.
Why ghost framework?
1. Accessing device shell
INFO: Ghost Framework can be used to access the remote
Android device #shell without using #OpenSSH or other protocols.
2. Emulating device button presses
INFO: Ghost Framework can be used to emulate
button presses on the remote Android device.
3. Removing device password
INFO: Ghost Framework can be used to remove the
remote Android device #password if it was forgotten.
#Downlaod #Link:-
https://github.com/entynetproject/ghost
Ghost Framework:-- #Android #post #exploitation #framework that uses an Android Debug Bridge to #remotely access an Android device. #Ghost Framework gives you the power and convenience of #remote Android #device #administration.
Why ghost framework?
1. Accessing device shell
INFO: Ghost Framework can be used to access the remote
Android device #shell without using #OpenSSH or other protocols.
2. Emulating device button presses
INFO: Ghost Framework can be used to emulate
button presses on the remote Android device.
3. Removing device password
INFO: Ghost Framework can be used to remove the
remote Android device #password if it was forgotten.
#Downlaod #Link:-
https://github.com/entynetproject/ghost
Pupy:-- #Pupy is an #opensource, #cross-platform (#Windows, #Linux, #OSX, #Android) #remote #administration and #post-#exploitation tool mainly written in #python.
Pupy is a cross-platform, multi-function #RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple modes of #transport, migrate into #processes using reflective #injection, and load remote python code, python packages and python C-extensions from #memory.
Features:-
1. Windows #payload can load the entire Python #interpreter from memory using a reflective #DLL.
2. Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
3. Reflectively migrate into other processes.
4. Easily extensible, modules are simple to write and are sorted by os and category.
5. Modules can directly access python objects on the remote client using rpyc.
6. Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
7. Communication transports are modular and stackable. Exfiltrate data using #HTTP over HTTP over #AES over #XOR, or any combination of the available transports.
8. Communicate using obfsproxy pluggable transports.
9. Execute non-interactive commands on multiple hosts at once.
10. Commands and scripts running on remote hosts are interruptible.
11. Auto-completion for #commands and arguments.
12. Custom config can be defined: command aliases, modules. automatically run at connection, etc.
13. Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
14. Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
15. Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
16. Execute the PE executable remotely and from memory.
17. Generate payloads in various formats:
#Download #Link:--
https://github.com/n1nj4sec/pupy
Pupy:-- #Pupy is an #opensource, #cross-platform (#Windows, #Linux, #OSX, #Android) #remote #administration and #post-#exploitation tool mainly written in #python.
Pupy is a cross-platform, multi-function #RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple modes of #transport, migrate into #processes using reflective #injection, and load remote python code, python packages and python C-extensions from #memory.
Features:-
1. Windows #payload can load the entire Python #interpreter from memory using a reflective #DLL.
2. Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
3. Reflectively migrate into other processes.
4. Easily extensible, modules are simple to write and are sorted by os and category.
5. Modules can directly access python objects on the remote client using rpyc.
6. Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
7. Communication transports are modular and stackable. Exfiltrate data using #HTTP over HTTP over #AES over #XOR, or any combination of the available transports.
8. Communicate using obfsproxy pluggable transports.
9. Execute non-interactive commands on multiple hosts at once.
10. Commands and scripts running on remote hosts are interruptible.
11. Auto-completion for #commands and arguments.
12. Custom config can be defined: command aliases, modules. automatically run at connection, etc.
13. Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
14. Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
15. Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
16. Execute the PE executable remotely and from memory.
17. Generate payloads in various formats:
Pupy is a cross-platform, multi-function #RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple modes of #transport, migrate into #processes using reflective #injection, and load remote python code, python packages and python C-extensions from #memory.
Features:-
1. Windows #payload can load the entire Python #interpreter from memory using a reflective #DLL.
2. Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
3. Reflectively migrate into other processes.
4. Easily extensible, modules are simple to write and are sorted by os and category.
5. Modules can directly access python objects on the remote client using rpyc.
6. Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
7. Communication transports are modular and stackable. Exfiltrate data using #HTTP over HTTP over #AES over #XOR, or any combination of the available transports.
8. Communicate using obfsproxy pluggable transports.
9. Execute non-interactive commands on multiple hosts at once.
10. Commands and scripts running on remote hosts are interruptible.
11. Auto-completion for #commands and arguments.
12. Custom config can be defined: command aliases, modules. automatically run at connection, etc.
13. Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
14. Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
15. Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
16. Execute the PE executable remotely and from memory.
17. Generate payloads in various formats:
#Download #Link:--
https://github.com/n1nj4sec/pupy
Pupy:-- #Pupy is an #opensource, #cross-platform (#Windows, #Linux, #OSX, #Android) #remote #administration and #post-#exploitation tool mainly written in #python.
Pupy is a cross-platform, multi-function #RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple modes of #transport, migrate into #processes using reflective #injection, and load remote python code, python packages and python C-extensions from #memory.
Features:-
1. Windows #payload can load the entire Python #interpreter from memory using a reflective #DLL.
2. Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
3. Reflectively migrate into other processes.
4. Easily extensible, modules are simple to write and are sorted by os and category.
5. Modules can directly access python objects on the remote client using rpyc.
6. Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
7. Communication transports are modular and stackable. Exfiltrate data using #HTTP over HTTP over #AES over #XOR, or any combination of the available transports.
8. Communicate using obfsproxy pluggable transports.
9. Execute non-interactive commands on multiple hosts at once.
10. Commands and scripts running on remote hosts are interruptible.
11. Auto-completion for #commands and arguments.
12. Custom config can be defined: command aliases, modules. automatically run at connection, etc.
13. Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
14. Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
15. Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
16. Execute the PE executable remotely and from memory.
17. Generate payloads in various formats: