NTLMRawUnHide – A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format

NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool was developed to extract NTLMv2 hashes from files generated by native Windows binaries like NETSH.EXE and PKTMON.EXE without conversion. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl UsageRead More

Lockphish – The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial: https://www.kalilinux.in/2020/05/lockphish.htmlAuthor: The Linux Choice (Who deleted his GitHub repository)Twitter: https://twitter.com/linux_choice Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by NgrokRead More

Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1’s known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures.Chimera was created for this write-up and is further evidence of how trivial it is to bypass detection signatures.Read More

Arcane – A Simple Script Designed To Backdoor iOS Packages (Iphone-Arm) And Create The Necessary Resources For APT Repositories

Arcane is a simple script designed to backdoor iOS packages (iphone-arm) and create the necessar y resources for APT repositories. It was created for this publication to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.How Arcane works…To understand what’s happening in the GIF, decompressRead More

Lockphish – A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Lockphish for attacking targets without prior mutualRead More

Nullscan – A Modular Framework Designed To Chain And Automate Security Tests

A modular framework designed to chain and automate security tests. It parses target definitions from the command line and runs corresponding modules and their nullscan-tools afterwards. It can also take hosts and start nmap first in order to perform a basic portscan and run the modules afterwards. Also, nullscan can parse a given nmap logfileRead More

CredNinja – A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter

This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below), it really shines when used at the scale of a large network. At the core of it, you provide it a list of credentials youRead More

X