BruteSploit - Collection Of Method For Automated Generate, Bruteforce And Manipulation Wordlist

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and can be used in CTF for manipulation,combine,transform and permutation some words or file text.

Tutorial 
Check in this video :

Changelog

• v.1.1.1 Added Brute Instagram
• v.1.1.0 Fixed Bugs
• v.1.0.0 Release Brutsploit

Getting Started

1. git clone https://github.com/Screetsec/Brutesploit.git
2. cd Brutesploit
3. chmod +x Brutesploit
4. sudo ./Brutesploit or sudo su ./Brutesploit

A linux operating system. We recommend :

• Kali Linux 2 or Kali 2016.1 rolling
• Cyborg
• Parrot
• BackTrack
• Backbox

Credits

• Thanks to allah and Screetsec [ Edo -maland- ]
• Dracos Linux ( www.dracos-linux.org )
• Backbox indonesia ( www.www.backboxindonesia.or.id )
• Offensive Security for the awesome OS
• Kali Linux ( http://www.kali.org/ )
• http://www.kitploit.com/
• Big Thanks to : http://www.github.com/

Download BruteSploit

Read More

Dagon - Advanced Hash Manipulation

Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more.

Screenshots

Bruteforcing made easy with a built in wordlist creator if you do not specify one. The wordlist will create 100,000 strings to use

Verify what algorithm was used to create that hash you're trying to crack. You can specify to view all possible algorithms by providing the -L flag (some algorithms are not implemented yet)

Random salting, unicode random salting, or you can make your own choice on the salt.

Basic usage
For full functionality of Dagon please reference the homepage here
python dagon.py -h This will run the help menu and provide a list of all possible flags
python dagon.py -c <HASH> --bruteforce This will attempt to bruteforce a given hash
python dagon.py -l <FILE-PATH> --bruteforce This will attempt to bruteforce a given file full of hashes (one per line)
python dagon.py -v <HASH> This will try to verify the algorithm used to create the hash
python dagon.py -V <FILE-PATH> This will attempt to verify each hash in a file, one per line

Installation
Dagon requires python version 2.7.x to run successfully.

• git clone https://github.com/ekultek/dagon.git
• cd Dagon
• pip install -r requirements.txt

This should install all the dependencies that you will need to run Dagon

Contributions
All contributions are greatly appreciated and helpful. When you contribute you will get your name placed on the homepage underneath contributions with a link to your contribution. You will also get massive respect from me, and that's a pretty cool thing. What I'm looking for in contributions is some of the following:

• Hashing algorithm creations, specifically; A quicker MD2 algorithm, full Tiger algorithms, Keychain algorithms for cloud and agile
• More wordlists to download from, please make sure that the link is encoded
• Rainbow table attack implementation
• More regular expressions to verify different hash types

Download Dagon

Read More

Blindy - Simple Script for running BruteForce Blind MySql Injection

Simple script for running bruteforce blind MySql injection

The script will run through queries listed in sets in provided file (default-queries.json as default) and try to bruteforce places with {} placeholder. If no {} placeholder present, the script will simply make request with current query.

command line

$ python3 blindy.py --help
usage: blindy.py [-h] [-f filename] [-m method] -p name -r regexp -u url
                 [-s set_of_queries]

Run blind sql injection using brutforce

optional arguments:
  -h, --help            show this help message and exit
  -f filename           File name for your commands in json format, defaults
                        to default-queries.json
  -m method, --method method
                        Where to inject (GET - get parameter/default, POST -
                        post parameter, HEADER - header)
  -p name               Name of parameter (for get - param name, post - param
                        name, for header - name of header). If params need to
                        have fixed value use -p submit=true
  -r regexp             Regular expression for negative pattern (script search
                        for the pattern and if present - will consider that
                        injection failed and igrone result.)
  -u url                Url to test
  -s set_of_queries, --set set_of_queries
                        Which set of queries to analyze from json file, for
                        ex. login, blind. Default to blind.

Example usage
Bruteforce inject into POST query_param

python3 blindy.py -m POST -p query_param -p submit=1 -r 'Pattern\ to\ ignore\ result' -u http://example.com/index.php -s blind

Bruteforce inject into POST query_param with placeholder

python3 blindy.py -m POST -p "query_param=login {}" -p submit=1 -r 'Pattern\ to\ ignore\ result' -u http://example.com/index.php -s blind

This will inject the queries in a place of {} parameter placeholder
Simple check a list of queries against username parameter

python3 blindy.py -m POST -p username -p submit=1 -r 'Pattern\ to\ ignore\ result' -u http://example.com/login.php -s login

Download Blindy

Read More

Stitch - Python Remote Administration Tool (RAT)

This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on.

Features

Cross Platform Support

• Command and file auto-completion
• Antivirus detection
• Able to turn off/on display monitors
• Hide/unhide files and directories
• View/edit the hosts file
• View all the systems environment variables
• Keylogger with options to view status, start, stop and dump the logs onto your host system
• View the location and other information of the target machine
• Execute custom python scripts which return whatever you print to screen
• Screenshots
• Virtual machine detection
• Download/Upload files to and from the target system
• Attempt to dump the systems password hashes
• Payloads' properties are "disguised" as other known programs

Windows Specific

• Display a user/password dialog box to obtain user password
• Dump passwords saved via Chrome
• Clear the System, Security, and Application logs
• Enable/Disable services such as RDP,UAC, and Windows Defender
• Edit the accessed, created, and modified properties of files
• Create a custom popup box
• View connected webcam and take snapshots
• View past connected wifi connections along with their passwords
• View information about drives connected
• View summary of registry values such as DEP

Mac OSX Specific

• Display a user/password dialog box to obtain user password
• Change the login text at the user's login screen
• Webcam snapshots

Mac OSX/Linux Specific

• SSH from the target machine into another host
• Run sudo commands
• Attempt to bruteforce the user's password using the passwords list found in Tools/
• Webcam snapshots? (untested on Linux)

Implemented Transports
All communication between the host and target is AES encrypted. Every Stitch program generates an AES key which is then put into all payloads. To access a payload the AES keys must match. To connect from a different system running Stitch you must add the key by using the showkey command from the original system and the addkey command on the new system.

Implemented Payload Installers
The "stitchgen" command gives the user the option to create NSIS installers on Windows and Makeself installers on posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the firewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer places the payload and attempts to add persistence. To create NSIS installers you must download and install NSIS.

Wiki

• Crash Course of Stitch

Requirements

• Python 2.7

For easy installation run the following command that corresponds to your OS:

# for Windows
pip install -r win_requirements.txt

# for Mac OSX
pip install -r osx_requirements.txt

# for Linux
pip install -r lnx_requirements.txt

• Pycrypto
• Requests
• Colorama
• PIL

Windows Specific

• Py2exe
• pywin32

Mac OSX Specific

• PyObjC

Mac OSX/Linux Specific

• PyInstaller
• pexpect

To Run

python main.py
or
./main.py

Motivation
My motivation behind this was to advance my knowledge of python, hacking, and just to see what I could accomplish. Was somewhat discouraged and almost abandoned this project when I found the amazing work done by n1nj4sec , but still decided to put this up since I had already come so far.

Other open-source Python RATs for Reference

• vesche/basicRAT
• n1nj4sec/pupy

Screenshots

Download Stitch

Read More