This publication is intended to guide you through to create a custom wordlist using hashcat. 1. First create or have already a word list. (I created a 4 words list) cat mylist.txt 2. if you want to add dates next to the work you cant create a wordlist for i Read more…
A plugin-based scanner that aids security researchers in identifying issues with several CMS. (https://github.com/droope/droopescan) Supported CMS are: SilverStripe WordPress Drupal Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) How to use 1. Download the application git clone https://github.com/droope/droopescan.git cd droopescan Read more…
fcrackzip is a third-party tool for cracking zip files passwords. It tries to brute force using a list of passwords. Installation sudo apt install fcrackzip Before using fcrackzip we need a password protected zip file. zip –password <password><filename.zip> <data> zip –password vk9security new_file.zip data.txt How to use 1. Show help Read more…
Ssh2john is part of John The Reaper suite. This is a script that basically transforms [RSA/DSA/EC/OPENSSH (SSH private keys) ] private key to john format for later cracking using JtR How to 1. Having an RSA private key already cat id_rsa 2. locate the ssh2john script using find find / Read more…
WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes. This tool is available at: https://github.com/wpscanteam/wpscan, this comes installed in most security distributions. How to use 1. Display Read more…
John the Ripper is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak passwords. It is one of the most popular password testing and breaking programs as it combines Read more…
BeEF utilizes YAML files in order to configure the core functionality, as well as the extensions. Most of the core BeEF configurations are in the main configuration file: config.yaml, found in the BeEF directory. BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses Read more…
Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server. This tool is written in Perl language. Open-source web server scanner that examines a website and reports back vulnerabilities. you can use with any Read more…
Crunch is a utility that is used to create wordlists using letters, numbers, and symbols for every possible combination or according to specific rules. Syntax to create the wordlist (lowercase letters, then uppercase letters, then numbers and finally symbols) crunch <min-len> <max-len> [<charset string>] [options] https://sourceforge.net/projects/crunch-wordlist/ How to use 1. Read more…
Cewl is a wordlist generator written in Ruby language, it spiders a given URL to a specified depth. It returns a list of words which can then be used for password crackers such as John the Ripper. https://github.com/digininja/CeWL It comes installed in most security OS How to use 1. Display Read more…
Used to test the quality and security of a Magento site you don’t have access to. This is a scanner for Magento https://github.com/steverobbins/magescan Installation 1. Download it from https://github.com/steverobbins/magescan/releases. (.phar file) 2. Show help -h, –help = Display this help message php magescan.phar –help 3. Display version of the app Read more…
sqlmap is one of the most popular and powerful SQL injection automation tool out there. Given a vulnerable http request URL, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read Read more…
Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities, it uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It is a paid tool and requires licenses for extension on the features. However, there Read more…
dirsearch is a simple command line tool designed to brute force directories and files in websites. https://github.com/maurosoria/dirsearch Installation 1. Download the source code git clone https://github.com/maurosoria/dirsearch.git ls cd dirsearch/ ls 2. To execute the program ./dirsearch.py python3 dirsearch.py How to use 1. Display the help menu ./dirsearch.py –help Search -w Read more…
Gobuster is a tool used to brute-force on URLs (directories and files) in websites and DNS subdomains. Gobuster can be downloaded through the apt- repository and thus execute the following command for installing it. https://github.com/OJ/gobuster Gobuster is a tool used to brute-force: URIs (directories and files) in web sites. DNS Read more…
OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited Read more…
pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as Read more…
Bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless Read more…
WFuzz is a web application bruteforcer that can be considered an alternative to Burp Intruder as they both have some common features. With both Wfuzz and Burp Intruder we can bruteforce different web applications elements, like GET/POST parameters, cookies, forms, directories, files, HTTP headers, etc. This simple concept allows any Read more…
List of known tools that can help with your Web Application testing. Proxy Burp Suite – Integrated platform for performing security testing of web applications. Extensions Freddy the Serial(isation) Killer – detecting and exploiting serialisation libraries/APIs. Tplmap – Burp Suite Extension. Web scarab – Proxy interception OWASP Zed Attack Proxy Read more…
Sherlock is a Powershell script to quickly find missing software patches for local privilege escalation vulnerabilities It can be loaded from Powershell or even loaded into Empire to be executed. https://github.com/rasta-mouse/Sherlock https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1 Download 1. Download into Kali/Parrot git clone https://github.com/rasta-mouse/Sherlock.git Executing Sherlock through Empire 1. import the script into the Read more…
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to Read more…
Low Orbit Ion Cannon (LOIC) is one the easiest DDoS tools available, DoS (Denial of service) attack is one of the more powerful hacks, capable of completely taking a server down. In this way, the server will not be able to handle the requests of valid users. With a DOS Read more…