t14m4t is an automated brute-forcing attack tool, wrapper of THC-Hydra and Nmap Security Scanner.t14m4t is scanning an user defined target (or a document containing targets) for open ports of services supported by t14m4t, and then starting brute-forcing attack against the services running on discovered ports, using lists of most commonly used weak credentials.Installation:Installation consists ofRead More
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usagerun ./get.sh to download external payloads and unzip any payload files that are compressed.Payload Credits fuzzdb – https://github.com/fuzzdb-project/fuzzdb SecLists – https://github.com/danielmiessler/SecLists xsuperbug – https://github.com/xsuperbug/payloads NickSanzotta – https://github.com/NickSanzotta/BurpIntruder 7ioSecurity – https://github.com/7ioSecurity/XSS-Payloads shadsidd – https://github.com/shadsidd shikari1337 – https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/ xmendez – https://github.com/xmendez/wfuzz minimaxir –Read More
Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../install : sudo pip3 install -r requirements.txt EvilNet Attack Network Scan Network Wifi Attack ARP Attack Brute Force Attack protocol Vlan Hopping Attack Mac Flooding Attack Twitter: https://twitter.com/matrix0700 Download EvilNet
This Script Supports Only Zip File in This VersionYou Can Also Use This Script With crunchCross-platform SupportedUsage: zipcracker.py [options] Options: –version show program’s version number and exit -h, –help show this help message and exit -f FILENAME, –file=FILENAME Please Specify Path of Zip File -d DICTIONERY, –dict=DICTIONERY Please Specify Path of Dictionery. -o OUTPUT, –output=OUTPUTRead More
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability (listed as a feature by Microsoft) allows a remote attacker to view his victim’s desktop without his consent, and even control it on demand, using tools native to the operating system itself.Thanks to theRead More
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions.Legal disclaimer:Usage of EvilApp for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibilityRead More
Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code How it works?Self-XSS is a social engineering attack used to gain control of victims’ web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attackRead More
wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack.Main Features Rogue access point attack Man-in-the-middle attack Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web trafficRead More
About Thoron Framework Thoron Framework is a Linux post-exploitation framework that exploitLinux tcp vulnerability to get shell-like connection. Thoron Framework is used to generate simple payloads to provide Linux tcp attack. Getting started Thoron installation cd thoron chmod +x install.sh ./install.sh Thoron uninstallation cd thoron chmod +x uninstall.sh ./uninstall.sh Thoron Framework execution To execute ThoronRead More
Elemental is a centralized threat library of MITRE ATT&CK techniques, Atomic Red Team tests, and over 280 Sigma rules. It provides an alternative way to explore the ATT&CK dataset, mapping relevant Atomic Red Team tests and Sigma rules to their respective technique. Elemental allows defenders to create custom ATT&CK Techniques and upload Sigma Rules. The ATT&CKRead More
