DAVScan is a quick and lightweight WebDAV security scanner designed to discover hidden files and folders on DAV enabled web servers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities.
The scanner attempts to fingerprint the target server and then spider the server based on the results of a root PROPFIND request.
- Server header fingerprinting – If the webserver returns a server header, davscan can search for public exploits based on the response.
- Basic DAV scanning with PROPFIND – Quick scan to find anything that might be visible from DAV.
- Unicode Auth Bypass – Works using GET haven’t added PROPFIND yet. Not fully tested so double check the work.
- Exclusion of DoS exploit results – You can exclude denial of service exploits from the searchsploit results.
- Exclusion of MSF modules from exploit results – Custom searchsploit is included in the repo for this. Either overwrite existing searchsploit or backup and replace. This feature may or may not end up in the real searchsploit script.
davscan.py [–h] –H HOST [–p PORT] [–a AUTH] [–u USER] [–P PASSWORD] [–o OUTFILE] [–d ] [–m ]
–H HOST, —host HOST hostname or IP address of web server; –h foo.com
–h, —help show this help message and exit
–p PORT, —port PORT port to connect to the host on (defaults to port 80); –p 80
–a AUTH, —auth AUTH Basic authentication required; –a basic
–u USER, —user USER user; –u derp
–P PASSWORD, —password PASSWORD password for user; –P ‘hunter2’
–o OUTFILE, —out OUTFILE output file. defaults to /tmp/davout; –o /foo/bar
–d, —no–dos exclude DoS results from searchploit.
–m, —no–msf exclude MSF modules from results.
You can download DAVScan here:
dnsteal is a DNS exfiltration tool, essentially a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
dnsteal is coded in Python and is available on Github.
dnsteal currently has:
- Support for multiple files
- Gzip compression supported
- Supports the customisation of subdomains
- Customise bytes per subdomain and the length of filename
# cd dnsteal/
# ./dnsteal.py -h
___ _ _ ___ _ _
| \| \| / __| |_ ___ __ _| |
| |) | .` \__ \ _/ –_) _` | |
— https://github.com/m57/dnsteal.git —
Stealthy file extraction via DNS requests
Usage: python ./dnsteal.py [listen_address] [options]
–z Unzip incoming files.
–v Verbose output.
–h This help menu
–b Bytes to send per subdomain (default = 57, max=63)
–s Number of data subdomains per request (default = 4, ie. $data.$data.$data.$data.$filename)
–f Length reserved for filename per request (default = 17)
$ python ./dnsteal.py –z 127.0.0.1
———— Do not change the parameters unless you understand! ————
The query length cannot exceed 253 bytes. This is including the filename.
The subdomains lengths cannot exceed 63 bytes.
./dnsteal.py 127.0.0.1 –z –s 4 –b 57 –f 17 4 subdomains, 57 bytes => (57 * 4 = 232 bytes) + (4 * ‘.’ = 236). Filename => 17 byte(s)
./dnsteal.py 127.0.0.1 –z –s 4 –b 55 –f 29 4 subdomains, 55 bytes => (55 * 4 = 220 bytes) + (4 * ‘.’ = 224). Filename => 29 byte(s)
./dnsteal.py 127.0.0.1 –z –s 4 –b 63 –f 1 4 subdomains, 63 bytes => (62 * 4 = 248 bytes) + (4 * ‘.’ = 252). Filename => 1 byte(s)
You can download dnsteal here:
OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.
The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.
By reducing this burden we hope pen testers will have more time to:
- See the big picture and think out of the box,
- Find, verify and combine vulnerabilities efficiently,
- Have time to Investigate complex vulnerabilities like business logic, architectural flaws, virtual hosting sessions, etc.
- Perform more tactical/targeted fuzzing on seemingly risky areas
- Demonstrate true impact despite the short time-frames we are typically given to test.
This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.
- Web UI. Now configure and monitor OWTF via a responsive and powerful interface accessible via your browser.
- Exposes RESTful APIs to all core OWTF capabilties.
- Instead of implementing yet another spider (a hard job), OWTF will scrub the output of all tools/plugins run to gather as many URLs as possible.
- Scan by various aggression levels: OWTF supports scans which are based on the aggressiveness of the plugins/tools invoked.
- Extensible OWTF manages tools through ‘plugins’ making it trivial to add new tools.
- OWTF has been developed keeping Kali Linux in mind, but it also supports other pentesting distros such as Samurai-WTF, etc.
- Tool paths and configuration can be easily modified in the web interface.
- Fastest Python MiTM proxy yet!
- Crash reporting directly to Github issue tracker
- Comprehensive interactive report at end of each scan
- Easy plugin-based system; currently 100+ plugins!
- CLI and web interface
You can download OWASP OWTF here:
wget –N https://raw.githubusercontent.com/owtf/bootstrap-script/master/bootstrap
The App Penetrate Pro is developed by Biogo Ferreria. It is an excellent App for decoding WEP/WPA WiFi Keys.
The Latest Build of the penetrate pro supports the following features.
- Routers based on Thomson: Thomson, Infinitum, BBox, DMax, Orange, SpeedTouch, BigPond, O2Wireless, Otenet.
- Pirelli Discus
- Verizon FiOS (only some routers)
- Fastweb (Pirelli & Telsey)
- Jazztel_XXXX and WLAN_XXXX
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you.
Minimum of Android 2.4
How to use it
- Download the Penetrate Pro form this LINK
- Install it in your android device (Your Android Device must be rooted)
- When you open it you will see a window
If it says “Reversible: 0 found”, you have to change the target.
Reversing the Thomson routers requires a dictionary file or you can use 3G for it.
Once you got a reversible router, you can tap on it to get the WiFi Keys (Don’t forget to enable “Get keys from the web” by going to the settings):
You can copy the keys just by simply tapping on them.
Penetrate pro also has a “Manual Search” option that allows users to find keys for a particular router which is not in the main list.
How To Use Manual Search Option
1. First, select the “Manual search” option from the menu.
2. Select the router:
3. Enter the numbers at the end of the network name. Then tap on “search”.
4. It will display the key(s):
Of course, Penetrate Pro is not a sophisticated tool like Aircrack android, but it is clearly a useful tool for penetration testers.
PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly.
In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.
How Can I See if a Website I Use is Vulnerable?
Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.
Let’s try an example together, let’s say you’re looking to check if our the New York Times website http://www.nytimes.com is vulnerable. You could type in
www.nytimes.com in the search bar, and you should receive a result back that looks like the following:
bsqli:0 | sqli:0 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:0
The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you’re non-technical, you can ignore almost every part of that and just look at the Overall Risk field – this will tell you the risk of visiting a website.
As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.
What Types of Vulnerabilities does PunkSPIDER Map?
Check it out here:
Hacking is easy if you have right tools and the right knowledge, isnâ€™t it? As for wifi hacking, You need to have the right wifi hacking tools. As per say we really donâ€™t know what kind of hacking tools you need because we donâ€™t know that what kind of Wifi hacking you are doing. Because the topic â€œwifi hackingâ€ is really huge you know. And we have decided to give you the list of wifi hacking tools as categorizing them with their use in their specific type of wifi hacking.
For that reason first we have to mention the wifi hacking types and then put wifi hacking tools within them, we will describe the wifi hacking tools with the short description of their use in a tutorial.Donâ€™t worry! when this tutorial will end you will have your list of wifi hacking tools in a way that you could understand easily.
All Wifi Hacking Tools In One List
- Fern Wifi Cracker
- Ghost Phisher
DET is a proof of concept Data Exfiltration Toolkit using either single or multiple channel(s) at the same time.
The idea behind DET was to create a generic tool-kit to plug any kind of protocol/service to test implemented Network Monitoring and Data Leakage Prevention (DLP) solutions configurations, against different data exfiltration techniques.
DET already supports encryption and compression and also multiple protocols, listed here:
- SMTP/IMAP (eg. Gmail)
- Raw TCP
- PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))
And other “services”:
- Google Docs (Unauthenticated)
- Twitter (Direct Messages)
The following modules are “experimental”:
- Skype (95% done)
- Tor (80% done)
- Github (30/40% done)
python det.py –h
usage: det.py [–h] [–c CONFIG] [–f FILE] [–d FOLDER] [–p PLUGIN] [–e EXCLUDE]
Data Exfiltration Toolkit (SensePost)
–h, —help show this help message and exit
–c CONFIG Configuration file (eg. ‘-c ./config-sample.json’)
–f FILE File to exfiltrate (eg. ‘-f /etc/passwd’)
–d FOLDER Folder to exfiltrate (eg. ‘-d /etc/’)
–p PLUGIN Plugins to use (eg. ‘-p dns,twitter’)
–e EXCLUDE Plugins to exclude (eg. ‘-e gmail,icmp’)
–L Server mode
Clone the repo:
git clone https://github.com/sensepost/DET.git
pip install –r requirements.txt —user
In the future the author hopes to add proper data obfuscation and other modules (FTP, Flickr using Steganography and YouTube).
Every one wants to create a virus but virus creation is not a child’s play. It needs a good skill in programming and knowledge about system resources. Today i am going to post about a virus creating tool. This tool is Virus Matic 2010 or in short V-Maker. You don’t need to know any thing. Only select the option you want and it will create a virus for you.
Main Feature of V-Maker
You can create your own prank files/viruses with ease by V-Maker.
- Disable Mouse and Keyboard
- Disable Regedit
- Delete System32
- Block Site
- Disable Task Manager
- Take Screen Shot Of Victim PC
- Message Box (When User Click on Virus)
- Automatically Download Start (When User click on virus download start automatic)
- USB Spread
DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory.
Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.
The tool has been tested and known to work with:
– Microsoft SQL Server 2000/2005
– Oracle 8/9/10/11
– IBM DB2 Universal Database
The tool is pre-configured for these drivers but does not ship with them, due to licensing issues. The links below can be used to find some of the drivers. They should all be copied to the jdbc directory.
Links to JDBC Drivers:
– Microsoft SQL Server 2005
– Microsoft SQL Server 2000
DBPwAudit v0.8 by Patrik Karlsson <firstname.lastname@example.org>
DBPwAudit –s <server> –d <db> –D <driver> –U <users> –P <passwords> [options]
–s – Server name or address.
–p – Port of database server/instance.
–d – Database/Instance name to audit.
–D – The alias of the driver to use (–L for aliases)
–U – File containing usernames to guess.
–P – File containing passwords to guess.
–L – List driver aliases.
Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver (-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):
root@darknet:~# dbpwaudit -s 192.168.1.130 -d testdb -D MySQL -U root -P /usr/share/wordlists/nmap.lst
You can download DBPwAudit here: