Clik here to view.
BSQLinjector – Blind SQL injection exploitation tool written in ruby.
BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using “–test” switch to clearly see how configured payload looks like before sending it to an application. Blind SQL...
View ArticleClik here to view.
BDFProxy (The Backdoor Factory Proxy) version-0.3.8 released.
For security professionals and researchers only. Changelog v0.3.8 12/20/2015: + Added configuration options in bdfproxy.cfg to support PE code signing from BDF => CODE_SIGN See BDF README for...
View ArticleClik here to view.
killchain v0.2 ~ A unified console to perform the “kill chain” stages of...
“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks: + Reconnaissance + Weaponization + Delivery + Exploit + Installation + Command & Control + And...
View ArticleClik here to view.
roothelper – A Bash script that will aid with privilege escalation on a Linux...
Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads...
View ArticleClik here to view.
dnschan – A remote access trojan over DNS.
NOTICE : This post and how to build it, just For Education and Research Purpose Only! dnschan This is a trojan that runs over DNS. Latest Change 23/12/2015: – DNSClient : minor client updates –...
View ArticleClik here to view.
Updates REXT v0.0 – Router Exploitation Toolkit.
Latest Changelog 23/12/2015: – requirements.txt : requests==2.9.1 from requests==2.5.1 – Added default host value to Exploit.py – exploit module: Dlink DIR-300 and DIR-600 exec noauth. Router...
View ArticleClik here to view.
weblogic unserialize exploit is a java unserialize vulnerable for weblogic...
weblogic unserialize exploit is a java unserialize vulnerable for weblogic exploit. 1. dependencies components : + python 2.7 + java 2. Program Description: exploit method from Freebuf of “weblogic...
View ArticleClik here to view.
Updates InstaBrute – Instagram bruteforce exploit module.
Changelog 28/12/2015: + Implemented: Delay option for slow connections. Fixed: Logged in detection based on driver title. InstaBrute is a Instagram bruteforce exploit module. Features: – Check username...
View ArticleClik here to view.
Easy File Sharing Metasploit Buffer Overflow.
These modules exploit the Easy File Sharing 7.2 Windows program(Download) The exploits lie in the GET and HEAD requests, allowing external code to overwrite the SEH and get called and executed....
View ArticleClik here to view.
Nishang v-0.6.2 – PowerShell for penetration testing and offensive security.
Changelog v0.6.2: + Added support for dumping cleartext credentials from RDP sessions for Invoke-MimikatzWfigestDowngrade. – fix issues #29.DESCRIPTION This script uses MJPEG to stream a target’s...
View ArticleClik here to view.
Penbox ~ Pentesting tools auto downloader Script.
Penbox ~ Pentesting tools auto downloader Script. Requirements : python2.7 penbox v1.0 Has been tested on Debian and Ubuntu 14.04 TLS Operating System Support Menu: 1) Max OSX 2) Linux 3) Windows Main...
View ArticleClik here to view.
Windows-Exploit-Suggester revision v3.0 released.
Changelog Windows Exploit Suggester, revision 3.0: – Adding new exploits to db This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential...
View ArticleClik here to view.
p0wnedShell v1.2 – PowerShell Runspace Post Exploitation Toolkit.
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It...
View ArticleClik here to view.
PenBox v1.1 ~ Pentesting tools auto downloader Script.
Penbox ~ Pentesting tools auto downloader Script. Requirements : python2.7 Changelog v1.1: + Privat Tool: 1) Get all websites 2) Get joomla websites 3) Get wordpress websites 4) Find control panel 5)...
View ArticleClik here to view.
MEDCIN Engine Memory Write/Heap Buffer Overflow module.
CVE-2015-2898-2901, CVE-2015-6006 POC Exploit & Metasploit module This is a proof of concept exploit for version 2.22.20142.166 and prior of the MEDCIN Engine (medcinserv.exe or medcinservv22.exe)....
View ArticleClik here to view.
EaST – Exploits and Security Tools Framework.
This software is necessary for learning and improving skills and knowledge of attacks on information systems and to conduct audits and proactive protection. The need to develop domestic Pentest...
View ArticleClik here to view.
backdoor-image is a ‘backdoor’ user to a image or filesystem at ‘target’.
NOTICE : This post and script for research Purpose Only! backdoor-image is a ‘backdoor’ user to a image or filesystem at ‘target’. File lists: + backdoor-image.sh add a ‘backdoor’ user to a image or...
View ArticleClik here to view.
Xploit is an Open source exploit framework made in C#.
Xploit is a Open source exploit framework made in C# header CMD XPloit Feature and Modules: + Auxiliary/Local — Local Brute force by wordlist — Dns Exfiltrate — DNS-Exfiltration file parser — DNS-Serve...
View ArticleClik here to view.
PenBox v1.2 ~ Pentesting tools auto downloader Script.
Penbox ~ Pentesting tools auto downloader Script. Requirements : python2.7 Changelog Version v1.2 : + All Os Compatible : Windows , Linux , OSX + pixiewps + commix + Web Hacking + Drupal Hacking +...
View ArticleClik here to view.
BufferAttack is an Various Methods of Buffer Attacks.
BufferAttack is an Various Methods of Buffer Attacks, plus implementation of preventive technique using sandboxing. Trigger Debug with commandobjdump -d ./trigger Now you can see it; if arg=1 and...
View Article
