BruteSploit - Collection Of Method For Automated Generate, Bruteforce And Manipulation Wordlist

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and can be used in CTF for manipulation,combine,transform and permutation some words or file text.

Tutorial 
Check in this video :

Changelog

• v.1.1.1 Added Brute Instagram
• v.1.1.0 Fixed Bugs
• v.1.0.0 Release Brutsploit

Getting Started

1. git clone https://github.com/Screetsec/Brutesploit.git
2. cd Brutesploit
3. chmod +x Brutesploit
4. sudo ./Brutesploit or sudo su ./Brutesploit

A linux operating system. We recommend :

• Kali Linux 2 or Kali 2016.1 rolling
• Cyborg
• Parrot
• BackTrack
• Backbox

Credits

• Thanks to allah and Screetsec [ Edo -maland- ]
• Dracos Linux ( www.dracos-linux.org )
• Backbox indonesia ( www.www.backboxindonesia.or.id )
• Offensive Security for the awesome OS
• Kali Linux ( http://www.kali.org/ )
• http://www.kitploit.com/
• Big Thanks to : http://www.github.com/

Download BruteSploit

Read More

[Ghost Phisher Tool] Fake DNS Server, Fake DHCP Server and Fake HTTP server

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honeypot, could be used to service DHCP request , DNS requests or phishing attacks

Requirements:

• python,
• python-qt4,
• dhcp3-server,
• ettercap-gtk

http://adf.ly/145t5I

Read More

[MASTIFF2HTML] Static Analysis Framework Results Viewer

MASTIFF2HTML is a python program that is used to create a GUI results interface in HTML from MASTIFF results.

Download the python program at:
http://adf.ly/1462hT
MASTIFF is an automated static malware analysis framework.

Learn more about MASTIFF at:
http://www.tekdefense.com/news/2013/2/22/tektip-ep23-mastiff-with-a-splash-of-maltrieve.html

Read More

[Zeus] Registry Analysis Using Volatility Framework

How to analysis a registry from the memory using Volatility Framework.

In this video I’m using Zeus Memory for registry analysis, and l will show F-secure top10 malware registry launchpoints. Not all but some of them

Download Zeus Memory : http://malwarecookbook.googlecode.com/svn-history/r26/trunk/17/1/zeus.vmem.zip

Most trojans, worms, backdoors, and such make sure they will be run after a reboot by introducing autorun keys and values into the Windows registry. Some of these registry locations are better documented than others and some are more commonly used than others. One of the first steps to take when doing forensic analysis is to check the most obvious places in the registry for modifications.

Source : - http://adf.ly/1465nY

Read More

[OWASP HTTP Post Tool] DoS Apache Webserver Attack

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection.

This is NO Slowloris Attack!
Limitations of HTTP GET DDOS attack:

- Does not work on IIS web servers or web
servers with timeout limits for HTTP headers.

- Easily defensible using popular load balancers,
such as F5 and Cisco, reverse proxies and
certain Apache modules, such as mod_antiloris.

- Anti-DDOS systems may use "delayed
binding"/"TCP Splicing" to defend against HTTP
GET attacks.

Why HTTP POST DDOS attack works

- This attack can evade Layer 4 detection
techniques as there is no malformed TCP, just
like Slowloris.

- Unlike Slowloris, there is no delay in sending
HTTP Header, hence nullifying IIS built-in
defense, making IIS vulnerable too.

- Size, character sets and time intervals can be
randomised to foil any recognition of Layer 7
traffic patterns by DDOS protection systems.

- Difficult to differentiate from legit connections
which are slow

Download OWASP HTTP Post Tool

Read More

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist.

For more information I have posted a documentation page. If you want to see how it works, you can see this sample output:

Simple Scan

Zone Transfer Scan

Wildcard Bypass

New: Knock is now available on BackBox 2, Italian distribution for Penetration Test.
In version 1.5 is enabled support to wildcard bypass.

Video of Knock in action

Common usage

This tool can be useful in black box pentest to find vulnerable subdomains. Like testing.domain.com

Current features

Knock is targeted to:

Scan subdomains

DNS request for zone transfer

DNS resolver

Wildcard testing

Wildcard bypass

Required

Python version 2.x

DNSpython for Zone Transfer discovery

Note

Knock works on Linux, Windows, MAC OS X and should theoretically work on some other platforms such as FreeBSD, OpenBSD, and proprietary Unixes with a python version 2.x

Download

Knock 1.5 for all operating system

Read More

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation.

Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to install that exe and other side you will get the meterpreter session. Very easy to perform but very good for social-engineering.

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

BeEF : - http://beefproject.com/

PDF : - http://adf.ly/146Bj3

Read More