Slowloris is a perl script for dos attack. Slowloris is different from the old programs for ddos because he doesn't work on tcp or icmp connections, but he works on http protocol.
You can download Slowloris from here.
Slowloris needs perl to run; perl is pre-installed on linux and osx system. You can download perl from here, perl is avaible for all system.
Fistable:
perl slowloris.pl -dns example.com -port 80 -test
This tests the server to see what it’s timeout window is.
After the test:
perl slowloris.pl -dns example.com -port 80 -timeout timeout test -num 500 -tcpto 5.
If you have a problem or you need some explanations just write under this post!
Thursday, February 28, 2013
Pyloris
PyLoris is a scriptable tool for testing a service's level of vulnerability to a particular class of Denial of Service (DoS) attack.
Any service that places restrictions on the total number of simultaneous TCP connections has the potential for vulnerability to PyLoris.
Additionally, services that handle connections in independent threads, services that poorly manage concurrent connections, and services that have high memory footprint per connection are prone to this form of vulnerability.
You can download pyloris from here.
PyLoris 3.0 requires Python 2.x to run.
For launch pyloris you can use idle python, or terminal:
python pyloris.py
You can use pyloris with tor and choose between HTTP, SOCKS4 and SOCKS5 proxy.
Pyloris is avaible for all platform.
If you have a problem or you need some explanations just write under this post!
Any service that places restrictions on the total number of simultaneous TCP connections has the potential for vulnerability to PyLoris.
Additionally, services that handle connections in independent threads, services that poorly manage concurrent connections, and services that have high memory footprint per connection are prone to this form of vulnerability.
You can download pyloris from here.
PyLoris 3.0 requires Python 2.x to run.
For launch pyloris you can use idle python, or terminal:
python pyloris.py
You can use pyloris with tor and choose between HTTP, SOCKS4 and SOCKS5 proxy.
Pyloris is avaible for all platform.
If you have a problem or you need some explanations just write under this post!
Wednesday, February 27, 2013
xssscan - Cross site scripting scan
XSSscan is a cross site scripting scanner written in python that can take output from google or can search one site.
You can find xssscan here
Syntax : xssscan.py options
Options :
-g/-google : Searches google for hosts
-s/-site : Searches just that site, (default port 80)
-a/-alert : Change the alert pop-up message
-w/-write : Writes potential XSS found to file
-v/-verbose : Verbose Mode
If you have a problem or you need some explanations just write under this post!
You can find xssscan here
Syntax : xssscan.py options
Options :
-g/-google
-s/-site
-a/-alert
-w/-write
-v/-verbose : Verbose Mode
If you have a problem or you need some explanations just write under this post!
Tuesday, February 26, 2013
Ncrack - Network authentication cracking tool
Ncrack is a high-speed network authentication cracking tool.
It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback.
It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
You can donwload ncrack from here
Syntax : ncrack [options] [target and specification]
For target you can pass hostname, IP ecc..
-iL inputfile : Input from list of hosts/networks
-p : services will be applied to all non-standard notation hosts
-m : options will be applied to all services of this type
-g : options will be applied to every service globally
ssl : enable SSL
path name: used in modules like HTTP ('=' needs escaping if used)
-U filename: username file
-P filename: password file
-oN/-oX file: Output scan in normal and XML format, respectively, to the given filename.
-f: quit cracking service after one found credential
-6: Enable IPv6 cracking
For more informations type : ncrack -h
If you have a problem or you need some explanations just write under this post!
It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback.
It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
You can donwload ncrack from here
Syntax : ncrack [options] [target and specification]
For target you can pass hostname, IP ecc..
-iL inputfile : Input from list of hosts/networks
-p : services will be applied to all non-standard notation hosts
-m : options will be applied to all services of this type
-g : options will be applied to every service globally
ssl : enable SSL
path name: used in modules like HTTP ('=' needs escaping if used)
-U filename: username file
-P filename: password file
-oN/-oX file: Output scan in normal and XML format, respectively, to the given filename.
-f: quit cracking service after one found credential
-6: Enable IPv6 cracking
For more informations type : ncrack -h
If you have a problem or you need some explanations just write under this post!
Monday, February 25, 2013
Nikto - Web server scanner
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Scan items and plugins are frequently updated and can be automatically updated.
You can find nikto here
Synstax : nikto options
Options:
-host : target host
-id : host authentication to use, format is id:pass or id:pass:realm
-maxtime : Maximum testing time per host
-mutate : Guess additional file names:
1 : Test all files with all root directories
2 : Guess for password file names
3 : Enumerate user names via Apache (/~user type requests)
4 : Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
5 : Attempt to brute force sub-domain names, assume that the host name is the parent domain
6 : Attempt to guess directory names from the supplied dictionary file
-nointeractive : Disables interactive features
-nolookup : Disables DNS lookups
-nossl : Disables the use of SSL
-no404 : Disables nikto attempting to guess a 404 page
-output path : Write output to this file ('.' for auto-name)
-port : Port to use (default 80)
-ssl : Force ssl mode on port
-Tuning : Scan tuning :
1 : Interesting File / Seen in logs
2 : Misconfiguration / Default File
3 : Information Disclosure
4 : Injection (XSS/Script/HTML)
5 : Remote File Retrieval - Inside Web Root
6 : DoS 7 : Remote File Retrieval - Server Wide
8 : Command Execution / Remote Shell
9 : SQL Injection
0 : File upload
a : Authentication Bypass
b : Software Identification
c : Remote Source Inclusion
x : Reverse Tuning Options (i.e., include all except specified)
-timeout : Timeout for requests (default 10s)
-useproxy : Use the proxy defined in nikto.conf
Example :
nikto -host www.site.com -maxtime 600 -port 80 -nossl -output /home/HackForLulz/result
Target : site.com
Max time scan : 600
Port : 80
ssl : No
Output : /home/HackForLulz/result
nikto -host www.site.com -maxtime 1200 -port 80 -ssl -Tuning 9 -output /home/HackForLulz/result
Target : www.site.com
Max time scan : 1200
Port : 80
ssl : Yes
Scan tuning : SQL Injection (9)
Output : /home/HackForLulz/result
nikto -host www.site.com -port 443 -ssl -Tuning 129 -output /home/HackForLulz/result
Target : www.site.com
port : 443
ssl : Yes
Tuning : 1 (Interesting File) 2(Misconfiguration / Default File) 9(SQL Injection)
Output : /home/HackForLulz/result
For more information about nikto type : nikto -H
If you have a problem or you need some explanations just write under this post!
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Scan items and plugins are frequently updated and can be automatically updated.
You can find nikto here
Synstax : nikto options
Options:
-host : target host
-id : host authentication to use, format is id:pass or id:pass:realm
-maxtime : Maximum testing time per host
-mutate : Guess additional file names:
1 : Test all files with all root directories
2 : Guess for password file names
3 : Enumerate user names via Apache (/~user type requests)
4 : Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
5 : Attempt to brute force sub-domain names, assume that the host name is the parent domain
6 : Attempt to guess directory names from the supplied dictionary file
-nointeractive : Disables interactive features
-nolookup : Disables DNS lookups
-nossl : Disables the use of SSL
-no404 : Disables nikto attempting to guess a 404 page
-output path : Write output to this file ('.' for auto-name)
-port : Port to use (default 80)
-ssl : Force ssl mode on port
-Tuning : Scan tuning :
1 : Interesting File / Seen in logs
2 : Misconfiguration / Default File
3 : Information Disclosure
4 : Injection (XSS/Script/HTML)
5 : Remote File Retrieval - Inside Web Root
6 : DoS 7 : Remote File Retrieval - Server Wide
8 : Command Execution / Remote Shell
9 : SQL Injection
0 : File upload
a : Authentication Bypass
b : Software Identification
c : Remote Source Inclusion
x : Reverse Tuning Options (i.e., include all except specified)
-timeout : Timeout for requests (default 10s)
-useproxy : Use the proxy defined in nikto.conf
Example :
nikto -host www.site.com -maxtime 600 -port 80 -nossl -output /home/HackForLulz/result
Target : site.com
Max time scan : 600
Port : 80
ssl : No
Output : /home/HackForLulz/result
nikto -host www.site.com -maxtime 1200 -port 80 -ssl -Tuning 9 -output /home/HackForLulz/result
Target : www.site.com
Max time scan : 1200
Port : 80
ssl : Yes
Scan tuning : SQL Injection (9)
Output : /home/HackForLulz/result
nikto -host www.site.com -port 443 -ssl -Tuning 129 -output /home/HackForLulz/result
Target : www.site.com
port : 443
ssl : Yes
Tuning : 1 (Interesting File) 2(Misconfiguration / Default File) 9(SQL Injection)
Output : /home/HackForLulz/result
For more information about nikto type : nikto -H
If you have a problem or you need some explanations just write under this post!
Sunday, February 24, 2013
Nmap - Network scanner
Nmap is a free and open source utility for network discovery and security auditing.
You can find nmap here
For install guide click here
Syntax : nmap scan type options target
For target you can pass hostname , IP address ecc..
-iL filename : Input from list of hosts/networks
-sL: List Scan
-sn: Ping Scan (disable ping scan)
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sO: IP protocol scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-p range port scan : Only scan specified ports
-F: Fast mode
-r: Scan ports consecutively - don't randomize
-O: Enable OS detection
-A: Enable OS detection, version detection, script scanning, and traceroute
-6: Enable IPv6 scanning
-v: Increase verbosity level (use -vv or more for greater effect)
-oN/-oX/-oS/-oG: Output scan in normal, XML, script kiddie,
and Grepable format, respectively, to the given filename.
Nmap have a lot others options, you can see that with command : nmap -h
Nmap has also a GUI called zenmap. You can find zenmap here (DON'T RECCOMENDED)
Example :
nmap -O -r -F -sS -vv www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : No
Scan port consecutively : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Target : site.com
nmap -A -F -sU -p 20-25 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Port TCP: 20,21,22,23,24,25
Target : site.com
nmap -A -sU -sS -p T:21,80,139 U:53,111 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : No
TCP scan : Yes
UDP scan : Yes
Port TCP: 21,80,139 (specified by T:port)
Port UDP: 53,111 (specified by U:port)
If you have a problem or you need some explanations just write under this post!
You can find nmap here
For install guide click here
Syntax : nmap scan type options target
For target you can pass hostname , IP address ecc..
-iL filename : Input from list of hosts/networks
-sL: List Scan
-sn: Ping Scan (disable ping scan)
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sO: IP protocol scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-p range port scan : Only scan specified ports
-F: Fast mode
-r: Scan ports consecutively - don't randomize
-O: Enable OS detection
-A: Enable OS detection, version detection, script scanning, and traceroute
-6: Enable IPv6 scanning
-v: Increase verbosity level (use -vv or more for greater effect)
-oN/-oX/-oS/-oG
Nmap have a lot others options, you can see that with command : nmap -h
Nmap has also a GUI called zenmap. You can find zenmap here (DON'T RECCOMENDED)
Example :
nmap -O -r -F -sS -vv www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : No
Scan port consecutively : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Target : site.com
nmap -A -F -sU -p 20-25 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Port TCP: 20,21,22,23,24,25
Target : site.com
nmap -A -sU -sS -p T:21,80,139 U:53,111 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : No
TCP scan : Yes
UDP scan : Yes
Port TCP: 21,80,139 (specified by T:port)
Port UDP: 53,111 (specified by U:port)
If you have a problem or you need some explanations just write under this post!
Friday, February 22, 2013
Wireshark-cli
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
You can find wireshark here
Wireshark have a GUI but in this article we use the CLI of wireshark
If you use archlinux you can install wireshark-cli from official repo.
For other informations about wireshark on archlinux click here.
We use alias wireshark to run wireshark-cli.
Syntax : wireshark options ..
options:
-i interface : name of network interface
-f capture filter : packet filter in libpcap filter syntax
-s snaplen : packet snapshot length (default: 65535)
-I : capture in monitor mode
-p : don't capture in promiscuous mode
-c packet count : stop after n packets (default: infinite)
-a autostop condition : duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
-w filename : name of file to save (default: tempfile)
-t : use a separate thread per interface
-q : don't report packet capture counts
For more informations about the options type :
wireshark -h
example : wireshark -i wlan0 -c 500 -w
Capture network packets from interface wlan0 until 500 packet, passed into tempfile
example : wireshark -i wlan0 -a duration:60 -w file
Capture network packets from interface wlan0 until 60s, passed into file
If you have a problem or you need some explanations just write under this post!
You can find wireshark here
Wireshark have a GUI but in this article we use the CLI of wireshark
If you use archlinux you can install wireshark-cli from official repo.
For other informations about wireshark on archlinux click here.
We use alias wireshark to run wireshark-cli.
Syntax : wireshark options ..
options:
-i interface : name of network interface
-f capture filter : packet filter in libpcap filter syntax
-s snaplen : packet snapshot length (default: 65535)
-I : capture in monitor mode
-p : don't capture in promiscuous mode
-c packet count : stop after n packets (default: infinite)
-a autostop condition : duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
-w filename : name of file to save (default: tempfile)
-t : use a separate thread per interface
-q : don't report packet capture counts
For more informations about the options type :
wireshark -h
example : wireshark -i wlan0 -c 500 -w
Capture network packets from interface wlan0 until 500 packet, passed into tempfile
example : wireshark -i wlan0 -a duration:60 -w file
Capture network packets from interface wlan0 until 60s, passed into file
If you have a problem or you need some explanations just write under this post!
Wednesday, February 20, 2013
GPG - Gnu Privacy Guard
GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP.
You can find GPG here
GENERATE NEW KEY:
gpg --gen-key
Now you have to choose between :
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
After you have to choose the lenght of the key. More long more security vs. bruteforce attack.
Now you have to choose the expiration date.
Now insert real name, email, comment and the passphrase.
To generate revocation certificate type:
gpg --output filename.asc --gen-revoke email
To show the list of keys type:
gpg --list-keys
To export the public key type:
gpg --output filename.gpg --export email
Now send the public key to the others.
To import the public key type:
gpg --import filename.gpg
To encrypt a document type:
gpg --output doc.gpg --encrypt --recipient email doc
To decrypt a document type:
gpg --output doc --decrypt doc.gpg
If you have the public key you can encrypt a doc and send to some that have the private key to decrypt the document.
To sign a document type:
gpg --output doc.sig --sign doc
We use the sign to ensure the that no one has changed the document!
To verify the sign use the --verify option.
To verify the sign and decrypt the document use --decrypt
If you have a problem or you need some explanations just write under this post!
You can find GPG here
GENERATE NEW KEY:
gpg --gen-key
Now you have to choose between :
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
After you have to choose the lenght of the key. More long more security vs. bruteforce attack.
Now you have to choose the expiration date.
Now insert real name, email, comment and the passphrase.
To generate revocation certificate type:
gpg --output filename.asc --gen-revoke email
To show the list of keys type:
gpg --list-keys
To export the public key type:
gpg --output filename.gpg --export email
Now send the public key to the others.
To import the public key type:
gpg --import filename.gpg
To encrypt a document type:
gpg --output doc.gpg --encrypt --recipient email doc
To decrypt a document type:
gpg --output doc --decrypt doc.gpg
If you have the public key you can encrypt a doc and send to some that have the private key to decrypt the document.
To sign a document type:
gpg --output doc.sig --sign doc
We use the sign to ensure the that no one has changed the document!
To verify the sign use the --verify option.
To verify the sign and decrypt the document use --decrypt
If you have a problem or you need some explanations just write under this post!
Monday, February 18, 2013
Onion website
Here you can find some onion website very interesting:
Tordir : http://dppmfxaacucguzpc.onion list of onion website (RECCOMENDED)
Hashparty : http://3terbsb5mmmdyhse.onion/
Silkroad : silkroadvb5piz3r.onion is an online anonymous market place (RECCOMENDED)
Area51 : http://u3dqz36dcvhwd7kv.onion/ Tor Carding Forum : http://wkwjr7pn7xubtpx5.onion/
HackBB : clsvtzwzdgzkjda7.onion Hacking Forum
Anarchism Library : http://4zeottxi5qmnnjhd.onion/ (RECCOMENDED)
Black Market Reload : 5onwnspjvuk7cwvk.onion.to
Tordir : http://dppmfxaacucguzpc.onion list of onion website (RECCOMENDED)
Hashparty : http://3terbsb5mmmdyhse.onion/
Silkroad : silkroadvb5piz3r.onion is an online anonymous market place (RECCOMENDED)
Area51 : http://u3dqz36dcvhwd7kv.onion/ Tor Carding Forum : http://wkwjr7pn7xubtpx5.onion/
HackBB : clsvtzwzdgzkjda7.onion Hacking Forum
Anarchism Library : http://4zeottxi5qmnnjhd.onion/ (RECCOMENDED)
Black Market Reload : 5onwnspjvuk7cwvk.onion.to
Sunday, February 17, 2013
Shred
Shred is a Unix command that can be used to securely delete files and devices so that they can be recovered only with great difficulty with specialised hardware, if at all.
Syntax : shred options file
Options :
-f : change permissions to allow writing if necessary
-n : overwrite N times instead of the default (3)
-s : shred this many bytes (suffixes like K, M, G accepted)
-u : truncate and remove file after overwriting
-v : show progress
-x : do not round file sizes up to the next full block
-z : add a final overwrite with zeros to hide shredding
For more informations type : shred --help
If you have a problem or you need some explanations just write under this post!
Syntax : shred options file
Options :
-f : change permissions to allow writing if necessary
-n : overwrite N times instead of the default (3)
-s : shred this many bytes (suffixes like K, M, G accepted)
-u : truncate and remove file after overwriting
-v : show progress
-x : do not round file sizes up to the next full block
-z : add a final overwrite with zeros to hide shredding
For more informations type : shred --help
If you have a problem or you need some explanations just write under this post!
Thursday, February 14, 2013
Kaiten.c - DDoS client
Kaitan.c is an IRC based DDoS client.
It connects to the server specified below and accepts commands via the channel specified.
Syntax : !nick command
For see all commands type : !nick help
You send this message to the channel that is defined later in this code.
You can download kaiten.c from here
If you have a problem or you need some explanations just write under this post!
It connects to the server specified below and accepts commands via the channel specified.
Syntax : !nick command
For see all commands type : !nick help
You send this message to the channel that is defined later in this code.
You can download kaiten.c from here
If you have a problem or you need some explanations just write under this post!
Wednesday, February 13, 2013
Cpulimit
Cpulimit is a simple program that attempts to limit the cpu usage of a process.
Cpulimit is pre-installed on a lot of distro but if you don't have you can downlaod from here
Syntax : cpulimit OPTIONS... TARGET
Options :
-l : percentage of cpu allowed from 0 to 200 (required)
-z : exit if there is no target process, or if it dies
-i : don't limit children processes
Target :
-e : name of the executable program file or path name
-p : pid of the process (implies -z)
Example:
cpulimit -l 50 -e firefox
Percentage : 50
Program : Firefox
Limit children process : Yes
cpulimit -l 120 -e firefox -i
Percentage: 120
Program : Firefox
Limit children process : No
cpulimit -l 70 -p 1000 -z
Percentage : 70
Pid : 1000
If you have a problem or you need some explanations just write under this post!
Cpulimit is pre-installed on a lot of distro but if you don't have you can downlaod from here
Syntax : cpulimit OPTIONS... TARGET
Options :
-l : percentage of cpu allowed from 0 to 200 (required)
-z : exit if there is no target process, or if it dies
-i : don't limit children processes
Target :
-e : name of the executable program file or path name
-p : pid of the process (implies -z)
Example:
cpulimit -l 50 -e firefox
Percentage : 50
Program : Firefox
Limit children process : Yes
cpulimit -l 120 -e firefox -i
Percentage: 120
Program : Firefox
Limit children process : No
cpulimit -l 70 -p 1000 -z
Percentage : 70
Pid : 1000
If you have a problem or you need some explanations just write under this post!
Monday, February 11, 2013
Weevely - Php web shell
Weevely is a stealth PHP web shell that provides a telnet-like console.
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
Thursday, February 7, 2013
Tormail
Tor Mail is a Tor Hidden Service that allows anyone to send and receive email anonymously.
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access.
For use tormail Tor hidden service at : http://jhiwjjlqpyawmpjx.onion or click here
For visit onion web site you must use tor, for more informations click here
If you have a problem or you need some explanations just write under this post!
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access.
For use tormail Tor hidden service at : http://jhiwjjlqpyawmpjx.onion or click here
For visit onion web site you must use tor, for more informations click here
If you have a problem or you need some explanations just write under this post!
Wednesday, February 6, 2013
Skipfish - Web app scanner
Skipfish is an active web application security reconnaissance tool.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
You can download skipfish from here
After download extract (tar -zxvf skipfish-2.10b.tgz) and move into directory
Type : make
After for run skipfish type : ./skipfish
Syntax : ./skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]
For all options type : ./skipfish -h
If you have a problem or you need some explanations just write under this post!
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
You can download skipfish from here
After download extract (tar -zxvf skipfish-2.10b.tgz) and move into directory
Type : make
After for run skipfish type : ./skipfish
Syntax : ./skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]
For all options type : ./skipfish -h
If you have a problem or you need some explanations just write under this post!
Tuesday, February 5, 2013
Knock - Subdomain scan
Knock is a python script, written by Gianni Amato, designed to enumerate subdomains on a target domain through a wordlist.
Knock is targeted to:
-Scan subdomains
-DNS request for zone transfer
-DNS resolver
-Wildcard testing
-Wildcard bypass
For run we need python 2.x
You can download knock from here
For scan type :
./knock.py site.com
For scan with external wordlist type:
./knock.py site.com wordlist
Other options:
-zt : Zone Transfer discovery
-wc : Wildcard testing
-dns : Dns resolving
-bw : Bypass wildcard
If you have a problem or you need some explanations just write under this post!
Knock is targeted to:
-Scan subdomains
-DNS request for zone transfer
-DNS resolver
-Wildcard testing
-Wildcard bypass
For run we need python 2.x
You can download knock from here
For scan type :
./knock.py site.com
For scan with external wordlist type:
./knock.py site.com wordlist
Other options:
-zt : Zone Transfer discovery
-wc : Wildcard testing
-dns : Dns resolving
-bw : Bypass wildcard
If you have a problem or you need some explanations just write under this post!
Friday, February 1, 2013
JoomScan , WpScan - Joomla and Wordpress scan
Wordpress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL.
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
Subscribe to:
Posts (Atom)