Tools

Showing posts with label Tools. Show all posts

Parrot 4.6 Release - Best Hacking OS

We square measure proud to announce the discharge of Parrot 4.6, when three months of serious development. This has been associate particularly massive 3 months for America as Parrot 4.6 is additionally our initial unharness fully served by our network while not SaaS services like cloudflare. Everything is on our infrastructure.

How to update

Download the newest unharness from they official transfer page

Update your existing Parrot system with command in terminal

sudo parrot-upgrade

Don’t forget to use this command frequently (at least once a week) to receive the newest security updates and bugfixes from the Parrot repository.

Appearance

Parrot team developed a new, ultra, awesome visual experience for Parrot 4.6, feast your eyes on a new boot-splash animation and desktop background!

The desktop-base and parrot-wallpapers additionally received some love and ar updated to replicate such changes together with the new Parrot appearence.
Note:The themes and icons are still the same.

APT Now Enforces https

They have modified our APT implementation to support https-to-http downgrades.
This allowed North American country to tack our repository as https by default.

For visual reference Parrot 4.6 is now configured to serve signed index files via https by default, and the mirror redirector is configured to redirect traffic to https mirrors when available.

In case associate degree https mirror isn't obtainable, the packages are downloaded by fallback http mirrors, but APT will still verify the signatures.

In other debian-based systems and previous Parrot OS versions, mirrors used http by default, and https is just an exception.

Http downloads don’t represent a security risk because gpg signatures are more effective than ssl downloads in certifying repository integrity, asdescribed on this website - https://whydoesaptnotusehttps.com/.

Although you'll be able to ne'er eliminate risk of unhealthy actors, we have a tendency to hope to extend the value for suppliers making an attempt to intercept or track user activities (i.e.

knowing if a user is installing specific software).

Improved drivers support

Parrot 4.6 includes the Linux 4.19 kernel that contains many security patches, performance enhancements and a stronger hardware support.

Moreover Parrot 4.6 options vital updates for broadcom and alternative wireless chipset makers, and therefore the Nvidia drivers were updated to the newest 410 version with higher Quadro support.. Debian Kernel Changelog - Linux changelog

Anonsurf has OpenNIC support

Anonsurf currently integrates a replacement choice to modification from the system DNS servers to OpenNIC DNS resolvers.

OpenNIC may be a community-driven dns resolver supplier that respects user freedom and permits domain resolution of some special high level domains.

OSINT-Search - Useful For Digital Forensics Investigations Or InitialBlack-Box Pentest Footprinting

Linux Tools Windows

OSINT-Search could be a great tool for digital forensics investigations or initial black-box pentest footprinting.

OSINT-Search Description

Python script that applies OSINT techniques by searching public data using domain, email, phone, IP addresses or URLs.
Create account at https://pipl.com/api & get the API key.
Create account at https://www.opencnam.com/ & get the Account SID and Auth Token.
Create account at https://www.shodan.io/ & get the Shodan API key.
Create account at https://whatcms.org/API & get the WhatCMS API key.
Create account at https://censys.io/register & get the API ID and API secret.
Create account at https://dashboard.fullcontact.com/consents & get The Full Contact API key.

Functionality

Collect personal information include full name, age, gender, languages, location, social networks, etc...
Collect information related to data breaches.
Collect information related to pastes of data breaches made public.
Collect which country a phone number belongs to.
Collect results of google hackings searches.
Collect results related to a domain or an IP address.
Collect digital certificates for a certain domain.
Collect CMS for a certain website.
Collect DNS Records and zone transfers information for a certain domain.
Collect Facebook ID and a facebook page full of photos after getting a facebook profile URL.
Collect URLs present in some web page.
Collect URL to know what torrents are being downloaded from some IP.
This script allows specfic searches and in bulk.
More functionalities may to be added later.

Tested On

Kubuntu 18.04.2 LTS
Kali Linux 2019.1
Windows 10

Requirements (Install)

Linux:

Python3 - https://docs.python-guide.org/starting/install3/linux/#install3-linux

sudo apt-get install git

Windows:

Python3 - https://www.python.org/downloads/windows/
git - https://git-scm.com/download/win

Both:

pip3 install -r requirements.txt
pip3 install git+https://github.com/abenassi/Google-Search-API --upgrade
pip3 install https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip --user

Run

first run, you need to submit your API fields to get all the functionality of the script. I suggest you create the accounts mentioned in the description.
'osintSearch.config.ini' configuration file, created with your data and can be edited by you.

Usage

$ python3 osintS34rCh.py

DOWNLOAD

ScanQLi - Scanner To Detect SQL Injection Vulnerabilities

Linux Tools

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool cannot exploit the SQLi, it simply notice them. Tested on Debian 9

Features

Classic
Blind
Time based
GBK (soon)
Recursive scan (follow all hrefs of the scanned web site)
Cookies integration
Adjustable wait delay between requests
Ignore given URLs

Prerequisites

1. Install git tool

apt update
apt install git

2. Clone the repo.

git clone https://github.com/bambish/ScanQLi

3. Install python required libs

apt install python-pip
cd ScanQLi
pip install -r requirements.txt

For python3 please install python3-pip and use pip3

Usage

./scanqli -u [URL] [OPTIONS]

Exsamples

Simple url scan with output file

python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log

Recursive URL scanning with cookies

python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'

DOWNLOAD

Anti DDOS | Bash Script

Linux Tools

Anti-DDOS project is associate open supply computer code project developed to guard against DOS and DDoS attacks. The project was written exploitation bash artificial language. By writing iptables rules into the Linux OS. Takes the required defense configurations. And it solely works on the Linux OS. 100 percent compatible for Linux system} operating systems. It doesn't give 100 percent security, it'll solely assist you to require the required measures.

More about DDOS, Read Here

Programing Languages: Bash .sh
System: Linux
Sources: Ismail Tasdelen

Screenshot

Tutorial:

$ git clone https://github.com/ismailtasdelen/Anti-DDOS.git
$ cd Anti-DDOS
$ chmod +x anti-ddos.sh
$ ./anti-ddos.sh

Youtube Auto Viewer

Tools Windows

This tool (.exe) is a software for get most Youtube viewer. Yups, Automatic Viral
Writen by f4ve

Virustotal result: 100% Save

Screenshot of Tools

How To Use:

Just Paste Url/ link of youtube video and insert time
Tips: insert 60 for 60 sec or 1 minute

Download Now

mXtract

Linux Tools

mXtract is associate opensource Linux based mostly tool that analyzes and dumps memory. it's developed as associate offensive pentration testing tool, its primary purpose is to scan memory for personal keys, ips, and passwords exploitation regexes. Remember, your results area unit solely pretty much as good as your regexes.

Screenshots

Scan with prolix and with an easy scientific discipline regex, scanning each knowledge section, displaying method data and scanning atmosphere files.

Why dump directly from memory?

In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.

Features

List of regex abilition
Display Clear and Readable
Run if Memory Range is Writable in Current Permissions
Output file in XML and HTML (process name:result)
Mass Scan Every Proccess or a Specific PID
Can choose memory sections to scan
Show Detailed Process Information
Scan Process Environment Files
Automatically removes unicode characters (manually allows processing with other tools)

Install

$ git clone https://github.com/rek7/mXtract
$ cd mXtract && sh compile.sh

Commands

$ ./mxtract -h
$ ./mxtract -wm -wr -e -i -d=/tmp/output/ -r=example_regexes.db

Darksplitz - Exploit Framework

Linux Tools

This tools is sustained from Nefix, DirsPy and Xmasspy project.

Installation

Will work fine within the debian shade software system, like Backbox, Ubuntu or Kali.

$ git clone https://github.com/koboi137/darksplitz
$ cd darksplitz/
$ sudo ./install.sh

Features

Extract mikrotik inform, user, password, credential (user.dat)
Password generator
Reverse IP lookup
Mac address sniffer
Online md5 cracker
Mac address lookup
Collecting url from web.archive.org
(Dark Shell) Web backdoor
(CVE-2018-14847) WinboxExploit
(Mikrotik) ChimeyRed exploit for mipsbe
Exploit web application
(CVE-2018-4407) Mass apple dos
(CVE-2018-10933) Libssh exploit
Discover Mikrotik device
Scan a directory
Subdomain scanner
Scanner Mac address
Ping of Mac address
Scan vhost (cloudflare bypass)
Bruteforce mass for wordpress
Interactive msfrpc client

Exploit web application

File upload for plupload
(CVE-2018-9206) file upload for jQuery
Laravel (.env)
(misc) sftp-config.json
Enable wordpress register
File upload for elfinder
(CVE-2018-7600) Exploit Drupal 7
(CVE-2018-7600) Exploit Drupal 8
Exploit com_fabrik for Joomla
Wordpress plugin file upload: gravityform
Wordpress plugin file upload: geoplace3
Wordpress plugin file upload: peugeot-music

Notes

This tool can work fine beneath root, as a result of scapy module and different would like root user to access a lot of options. however you'll run as user too in some options.