Scanner – Security List Network™

gethsploit is a set of python scripts to enumerate ethereum peers which have rpc-ports enabled.

Prerequisites:
Make sure you have geth installed, preferably the latest version, which has some fixes concerning attaching to other rpc-instances.

Using Gethsploit:
Make sure geth is not running, or getsploit will only run once.

Finding Ethereum nodes which are vulnerable to RPC-attacks

getsploit iterates until cancelled.
+ starts up geth
+ waits 60 seconds to populate peers
+ enumerates peers and extracts running version
+ probes the peer to see if the RPC-instance is running
+ kills geth

Requirements:
– python 2.7x
– python telnetlib, yaml, requests

usage:

git clone https://github.com/KarmaHostage/gethspoit && gethspoit
./gethsploit.py
./nodesploit.py

Source: https://github.com/KarmaHostage

Pyscan – A fast malware scanner using ShellScannerPatterns.
requiremnets:
+ python 2.7.x

Supported Platforms
+ CentOS 5/6/7
+ CloudLinux 5/6/7
+ Redhat 5/6/7
+ Ubuntu and Debian – All versions.
+ Windows with https://msys2.github.io
+ cPanel – Plesk – Directadmin (other control panels not tested.)
+ Any cms.

Usage:

git clone https://github.com/bashcode/Pyscan && cd Pyscan
python pyscan.py

Detect Only:
python <(curl -ks https://raw.githubusercontent.com/bashcode/Pyscan/master/pyscan.py)
Clean Malware:
python <(curl -ks https://raw.githubusercontent.com/bashcode/Pyscan/master/removeinjections.py)

Windows:
Download, install, and run MSYS2
Run update-core to update the core packages.
Run pacman -S python2 python2-setuptools
For significantly faster scans, compile and install re2. Install the Pyton module with easy_install2.7 re2.
Use the function pyscan provided above.

Source: https://github.com/bashcode

This tool aims to look through files in a given directory to detect any unsafe, vulnerable, or dangerous function calls. It is designed to be extensible and easy to understand; you can “plug-and-play” modules that specify criteria on which types of files will trigger what ‘scans,’ in which you determine what action it should take to find and report dangerous content within each file.
Also, it may be run as an experimental automated fuzzing tool. Given effective modules, the framework can be adapted to automatically fuzz executables. You may implement fuzzers using the generic fuzz.fuzzer.Fuzzer class. WARNING: this is a subclass of scan.scanner.Scanner, but will EXECUTE all files with executable permission! Be carefull.

peach-fuzz

File & Directory Information:
+ peach.py
This is the core of the utility; the Python script that kickstarts all threads and scans from the given command-line arguments.

+ scan
This directory hosts all the classes that can be duplicated and extended for specific file “scans,” in which you could do pretty much anything you want. They are just housed in this folder to keep things clean.

+ vulnscan.json
This acts like the global configuation; in this JSON file you specify what scans you want to run for all of the files processed, and determine whatever criteria you want to use to identify those files (file extension, MIME type, or executable). All scanners listed in this configuration should be merely that: scanners. No fuzzers should be listed here!

+ fuzzing.json
This file is similar to vulnscan.json except that it contains references to fuzzers and can be used to start automatically fuzzing a directory or file. WARNING: using this config will execute ALL files with executable permissions! Be careful using it!

+ test
This directory holds anything that has been often used to test some of the scanners. You can add to it as you please.

+ colors.py
This small module acts as a wrapper for colorama, in an effort to supply some shorthand function calls.

Usage:

git clone https://github.com/Caleb1994/peach && cd peach
pip2 install pwn
python2 peach.py -h

Source: https://github.com/Caleb1994

Changelog v9.0:
+ NEW ARGS:
–regex
–sregex
–ifirst
–port
–pause
–ip

CHANGES:
+ new optim building
+ unique scans process
+ scan by regex
+ search by regex
+ optimized ports scan
+ added option to scan ips.
+ added option to choose where to install the tool
+ Now you can install in any system linux windows

Atscan scanner V 9.0

Description:
ATSCAN
SEARCH engine
XSS scanner.
Sqlmap.
LFI scanner.
Filter wordpress and Joomla sites in the server.
Find Admin page.
Decode / Encode MD5 + Base64.

atscan v6.1

Libreries to install:
ap-get install libxml-simple-perl
aptitude install libio-socket-ssl-perl
aptitude install libcrypt-ssleay-perl
NOTE: Works in linux platforms. Best Run on Ubuntu 14.04, Kali Linux 2.0, Arch Linux, Fedora Linux, Centos | if you use a windows you can download manualy.

Examples:
Simple search:
Search: –dork [dork] –level [level]
Search + get ip: –dork [dork] –level [level] –ip
Search + get ip + server: –dork [dork] –level [level] –ip –server
Search with many dorks: –dork [dork1,dork2,dork3] –level [level]
Search + get ip+server: –dork [dorks.txt] –level [level]
Search + set save file: –dork [dorks.txt] –level [level] –save myfile.txt
Search + Replace + Exploit: –dork [dorks.txt] –level [level] –replace [string] –with [string] –valid [string]

Subscan from Serach Engine:
Search + Exploitation: –dork [dork] –level [10] –xss/–lfi/–wp …
Search + Server Exploitation: -t [ip] –level [10] –xss/–lfi/–wp …
Search + Replace + Exploit: –dork [dork] –level [10] –replace [string] –with [string] –exp [exploit] –xss/–lfi/–wp …

Validation:
Search + Exploit + Validation: –dork [dork] –level [10] –exp –isup/–valid [string]
Search + Server Exploit + Validation: -t [ip] –level [10] –exp –isup/–valid [string]
Search + Replace + Exploit: –dork [dork] –level [10] –replace [string] –with [string] –isup/–valid [string]

Use List / Target:
-t [target/targets.txt] –exp –isup/–valid [string]
-t [target/targets.txt] –xss/–lfi ..

Server:
Get Server sites: -t [ip] –level [value] –sites
Get Server wordpress sites: -t [ip] –level [value] –wp
Get Server joomla sites: -t [ip] –level [value] –joom
Get Server upload sites: -t [ip] –level [value] –upload
Get Server zip sites files: -t [ip] –level [value] –zip
WP Arbitry File Download: -t [ip] –level [value] –wpadf
Joomla RFI: -t [ip] –level [1] –joomfri –shell [shell link]
Scan basic tcp (quick): -t [ip] –ports –basic tcp
Scan basic udp basic (quick): -t [ip] –ports –basic udp
Scan basic udp+tcp: -t [ip] –ports –basic udp+tcp
Scan complete tcp: -t [ip] –ports –all tcp
Scan complete udp: -t [ip] –ports –all udp
Scan complete udp+tcp: -t [ip] –ports –all udp+tcp
Scan rang tcp: -t [ip] –ports –select tcp –start [value] –end [value]
Scan rang udp: -t [ip] –ports –select udp–start [value] –end [value]
Scan rang udp + tcp: -t [ip] –ports –select udp+tcp –start [value] –end [value]

Encode / Decode:
Generate MD5: –md5 [string]
Encode base64: –encode64 [string]
Decode base64: –decode64 [string]

External Command:
–dork [dork/dorks.txt] –level [level] –command “curl -v –TARGET”
–dork [dork/dorks.txt] –level [level] –command “curl -v –FULL_TARGET”
-t [target/targets.txt] –level [level] –command “curl -v –TARGET”
-t [target/targets.txt] –command “curl -v –FULL_TARGET”

How to Usage:

git clone https://github.com/AlisamTechnology/ATSCAN
cd ATSCAN
chmod +x install.sh
./install.sh
atscan

Update:
atscan --update

Source : https://github.com/AlisamTechnology | Our Post Before Download: v9.0.zip | v9.0.tar.gz

Latest Change SSLyze v0.13.6 :
* Added the Android Open Source Project’s trust store when using –certinfo.
* Bug fixes for IPv6 support, –nb_retries, –nb_timeout and UTF-8 and internationalized names in certificates.
–hsts no longer raises an exception when the server sends back a redirection to HTTP.

sslyze v0.13.6

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Key features include:
– Multi-processed and multi-threaded scanning (it’s fast)
– SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
– Performance testing: session resumption and TLS tickets support
– Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more
– Server certificate validation and revocation checking through OCSP stapling
– Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
– Support for client certificates when scanning servers that perform mutual authentication
– XML output to further process the scan results
– And much more !

Installation:
SSLyze requires Python 2.7; the supported platforms are Windows 7 32/64 bits, Linux 32/64 bits and OS X 64 bits.
Usage ; Command line options

The following command will provide the list of available command line options:

$ pip install sslyze
$ python sslyze.py -h

Sample command line:

$ python sslyze.py --regular www.isecpartners.com:443 www.google.com

See the test folder for additional examples.

Download : Master.zip | Clone Url
stable package : v0.13.6.zip | v0.13.6.tar.gz
Source : https://github.com/nabla-c0d3 | Our Post Before

Changelog Version v1.4 :
+ fixed bugs
+ added a new menu : Post Exploitation
+ added a website checker
+ added a Vbulletin 5.X remote code execution
+ added a Joomla! 1.5 – 3.4.5 remote code execution @ Version v1.3 :
+ removed windows and linux bugs
+ fixes non working tools on private submenu
+ added new tools : Shell and Directory Finder
+ Banner and logo redesigne.

penbox

THIS TOOL IS ONLY FOR EDUCATIONAL PURPOSES ONLY!
A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs

Requirements
+ Python 2
+ sudoer

penbox v1.3

Operating System Support:
1) Mac OSX
2) Linux
3) Windows
Main Menu:
1 : Information Gathering
2 : Password Attacks
3 : Wireless Testing
4 : Exploitation Tools
5 : Sniffing & Spoofing
6 : Web HAcking
7 : Private Tools

Usage:

git clone https://github.com/x3omdax/PenBox && cd PenBox
python penbox.py

Update:
git pull origin master

Source: https://github.com/x3omdax | Our Post Before

Changelog v0.9:
+ add @subTee AppLocker bypass
+ add Amsi bypass
+ Clean UP

PowerOPS v0.9

PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier.

It tries to follow the KISS principle, being as simple as possible. The main goal is to make it easy to use PowerShell offensively and help to evade antivirus and other mitigations solutions. It does this by:
1. Doesn’t rely on powershell.exe, it calls PowerShell directly through the .NET framework, which might help bypassing security controls like GPO, SRP, App Locker.
2. The payloads are executed from memory and never touch disk, evading most antivirus engines.

PowerOPS – Powershell for Offensive Operations

PowerOPS was inspired by Cn33liz/p0wnedShell. However I was only interested in PowerShell modules and I was looking for more flexibility. Since PowerOPS offers basically an interactive PowerShell command prompt you are free to use the PowerShell tools included the way you want, and additionally execute any valid PowerShell command.

The following PowerShell tools/functions are included:
+ PowerShellMafia/Powersploit
— Get-Keystrokes
— Invoke-DllInjection
— Invoke-Mimikatz
— Invoke-NinjaCopy
— Invoke-Shellcode
— Invoke-ReflectivePEInjection
— Invoke-TokenManipulation
— Invoke-WMICommand
— PowerUp
— PowerView
+ Nishang
— Get-Information
— Get-PassHashes
— Port-Scan
+ Auto-GPPPassword
+ PowerCat
+ Empire
— Invoke-Psexec
— Invoke-SSHComman
Additionally you can run any valid PowerShell command.
Powershell functions within the Runspace are loaded in memory from Base64 Encoded Strings.

Download: PowerOPS.zip | Our Post Before
Source: https://github.com/fdiskyou

Overview of the tool:
– Performs OSINT on a domain / email / username / phone and find out information from different sources.
– Correlates and collaborate the results, show them in a consolidated manner.
– Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. related to the target.
– Use specific script / launch automated OSINT for consolidated data.
– Available in both GUI and Console.

Following API configs are mandatory for proper results in domainOsint.py:
+ shodan_api
+ censysio_id
+ censysio_secret
+ zoomeyeuser
+ zoomeyepass
+ clearbit_apikey
+ emailhunter

Other modules:
+ github_access_token
+ instagram_token
+ instagram_client_id
+ instagram_client_secret
+ jsonwhois

We are working towards few sample API keys which we can deliver as part of the project, so that new users can quickly evaluate the tool. Although those will help only in running basic scans, as all the evaluations will go with these keys and hence more chances of hitting the rate limiting on these APIs.

Use:

git clone https://github.com/upgoingstar/datasploit && cd datasploit
pip install -r requirements.txt
mv config_sample.py config.py
python domainOsint.py <domain_name>

Source: https://github.com/upgoingstar

Changelog v0.7 (Maintenance Release with a couple of cool additions):
+ Web app attacks-Added the ability to specify multiple parameters for injection simultaneously; For example, trying an associative array injection attack on two parameters in the same HTTP request, like the username and password field on a logon page.
+ Bugfix-Workaround to correct issues with self-signed certificates when attacking HTTPS sites and running on Python 2.7.9 or later.
+ Bugfix-Improper formatting on timing based attack URL (trailing &).
+ General-Cleaned up Web app attack code. All moved into a freestanding Python module.

NoSQLMap v0.7

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.
It is named as a tribute to Bernardo Damele and Miroslav’s Stampar’s popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow’s excellent presentation at Defcon 21, “Abusing NoSQL Databases”. Presently the tool’s exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.

NoSQLMap-v0-5

Requirements
On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap’s dependencies.
Varies based on features used:
+ Metasploit Framework
+ MongoDB
+ Python with PyMongo
+ httplib2
+ and urllib available.

Features:
– Automated MongoDB and CouchDB database enumeration and cloning attacks.
– Extraction of database names, users, and password hashes through MongoDB web applications.
– Scanning subnets or IP lists for MongoDB and CouchDB databases with default access and enumerating versions.
– Dictionary and brute force password cracking of recovered MongoDB and CouchDB hashes.
– PHP application parameter injection attacks against MongoClient to return all database records.
– Javascript function variable escaping and arbitrary code injection to return all database records.
– Timing based attacks similar to blind SQL injection to validate Javascript injection vulnerabilities with no feedback from the application.

Installation using git v0.7:

git clone https://github.com/tcstool/NoSQLMap && cd NoSQLMap
python setup.py

Debian/Ubuntu/Kali:
Makesure all dependency has been install like Metasploit Framework & MongoDB.
apt-get install mongodb (make sure you have privileges access/root user)
sudo apt-get install python-pbkdf2 (don't use pip, error because letter & upper case PBKDF2)
sudo apt-get install python-httplib2
sudo apt-get install python-ipcalc
sudo apt-get install python-couchdb
sudo apt-get install python-pymongo
then run
./nosqlmap.py

Update:
Please use Fresh Clone at stable version from github

Source : http://www.nosqlmap.net | Our post Before

Changelog v9.5:
+ Best optimization.

Description:
ATSCAN
SEARCH engine
XSS scanner.
Sqlmap.
LFI scanner.
Filter wordpress and Joomla sites in the server.
Find Admin page.
Decode / Encode MD5 + Base64.

atscan v6.1

Use List / Target:
-t [target/targets.txt] –exp –isup/–valid [string]
-t [target/targets.txt] –xss/–lfi ..

Encode / Decode:
Generate MD5: –md5 [string]
Encode base64: –encode64 [string]
Decode base64: –decode64 [string]

How to Usage:

git clone https://github.com/AlisamTechnology/ATSCAN
cd ATSCAN
chmod +x install.sh
./install.sh
atscan

Update:
atscan --update

Source : https://github.com/AlisamTechnology | Our Post Before Download: v9.5.zip | v9.5.tar.gz

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering toolsets, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals.

Mara

Features supported
+ Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
+ Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
+ Statically Analyze java source code and dalvik bytecode
+ Scan for apk vulnerabilities via androbugs
+ Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

Usage:

git clone https://github.com/xtiankisutsa/MARA_Framework && cd MARA_Framework
sudo ./requirements.sh
sudo sh mara.sh

Source: https://github.com/xtiankisutsa

Changelog and What’s new in v1.0 ?
+ Fixed Sublist3r v1.0 on Windows Platform
+ Added New OSINT Sources
— Virustotal: Now sublist3r can enumerate subdomains through Virustotal
— SSL Certs: Now sublist3r can enumerate subdomains through the SSL certificates information.
— PassiveDNS: Now sublist3r can enumerate subdomains through the passive DNS records.
+ Added Port Scan Feature
— Now you can filter and scan the found subdomains against specific tcp ports using -p option.
+ Added Threading to DNSdumpster:
— Now DNSdumpster will show the live and working hosts using multi threading.
+ Improved the subbrute wordlist:
— Added new subdomains wordlist to subbrute based on Bitquark’s dnspop research

Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search engines: Google, Yahoo, Bing, Baidu, and Ask. More search engines may be added in the future. Sublist3r also gathers subdomains using Netcraft and DNSdumpster.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.

Dependencies:
+ Requests library (http://docs.python-requests.org/en/latest/)
+ dnspython library (http://www.dnspython.org/)

Installation :

git clone https://github.com/aboul3la/Sublist3r.git

Install dependencies Ubuntu/Debian:
sudo apt-get install python-requests
sudo apt-get install python-dnspython

Install dependencies Centos/RedHat:
sudo yum install python-requests
sudo yum install python-dnspython
cd Sublist3r
python sublist3r.py -d facebook.com (example)

Source:https://github.com/aboul3la | Download: v1.0.zip | v1.0tar.gz | Our Post Before

Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs):
+ Hashes
** MD5, SHA1 and SHA256 (using md5sum, sha1sum, sha -a 256)
+ File Names
** string – checked for substring of the full path, e.g. “temp/p.exe” in “/var/temp/p.exe”
+ Strings
** grep in files
+ C2 Server
** checking for C2 server strings in ‘lsof -i’ and ‘lsof -i -n’ output
+ Hot Time Frame
** using stat in different modes – define min and max epoch time stamp and get all files that have been created in between

fenrir

Latest Changelog v0.5.2:
– String extract in output
– release, issue and uname in output
– Syslog output disabled by default (to avoid false positives)
– C2 check in lsof enabled by default
– More interesting extensions

Basic characteristics:
* Bash Script
* No installation or agent needed
* Uses common tools to extract attributes (e.g. md5sum, grep, stat in different modes)
* Intended to run on any Linux / Unix / OS X with Bash
* Low footprint – Ansible playbook with RAM drive solution
* Smart exclusions (file size, extension, certain directories) speeds up the scan process

Why Fenrir?
+ FENRIR is the 3rd tool after THOR and LOKI. THOR is our full featured APT Scanner with many modules and export types for corporate customers. LOKI is a free and open IOC scanner that uses YARA as signature format.
+ The problem with both predecessors is that both have certain requirements on the Linux platform. We build THOR for a certain Linux version in order to match the correct libc that is required by the YARA module. LOKI requires Python and YARA installed on Linux to run.
+ We faced the problem of checking more than 100 different Linux systems for certain Indicators of Compromise (IOCs) without installing an agent or software packages. We already had an Ansible playbook for the distribution of THOR on a defined set of Linux remote systems. This playbook creates a RAM drive on the remote system, copies the local program binary to the remote system, runs it and retrieves the logs afterwards. This ensures that the program’s footprint on the remote system is minimal. I adapted the Ansible playbook for Fenrir. (it is still untested)

Usage & Download from git:

git clone https://github.com/Neo23x0/Fenrir && cd Fenrir
./fenrir.sh [your path folder]

Update:
git pull origin master

Source: https://github.com/Neo23x0

Wikileaks has released a large set of e-mails leaked from the Turkish party AKP. Unfortunately, no processing of any kind has been performed on these e-mails – they are just a raw dump. Since many of the AKP members have been recipients of malware sent by e-mail (most likely random spam but could have also been targeted attacks), the received malware in the e-mails is also present in the dump. As a result, the Wikileaks site is hosting malware, which leads to various sites like Google and Facebook blocking it. For the record, I consider this to be extremely irresponsible on the part of Wikileaks. Malware distribution is not “journalism” by any definition of the term.

This script was written for the purpose of getting information about the attached files with suspicious extensions, so that they could be scanned – either by downloading them and scanning them locally, or by obtaining their MD5 hashes and submitting those to VirusTotal.

wlscrape

Usage And Download from git:

git clone https://github.com/bontchev/wlscrape && wlscrape
sudo pip install "requests[security]"
sudo pip install lxml
sudo pip install json
sudo pip install wget

sudo python2 wlscrape.py -d exe (example)

Source: https://github.com/bontchev

Changelog v4.0.6 Stable, 14th August 2016:
* Re-added LFI, XSS and Other Checks from previous versions.
* Added Self-Updater.
* Improved Search_Ignore list.

example v3n0M v4.0.6 running on windows console

V3n0M is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software.

This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.
Very useful for executing:
* Metasploit Modules Scans
* LFI, RFI and XSS Scanning[LFI/RFI/XSS]
* SQL Injection Vuln Scanner[SQLi]
* Extremely Large D0rk Target Lists
* FTP Crawler
* DNS BruteForcer
* Python3.5 Asyncio based scanning

What You Hold:
The official adoption of darkd0rker heavily recoded, updated, expanded and improved upon
* Brand new, just outta the box!
* Largest and most powerful d0rker online, 18k+d0rks searched over ~ Engines at once.
* Free and Open /src/
* CrossPlatform Python based toolkit
* Version 4.0.6 Released on 14th August 2016
* Licensed under GPLv2
* Tested on: ArchLinux 4.4.6-1, Ubuntu, Debian, Windows, MacOS

Installation & Usage from git:

git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner && cd V3n0M-Scanner
sudo pip3 install dnspython3 aiohttp httplib2 socksipy-branch requests url
python3 setup.py
cd src
python3 v3n0m.py

Update:
cd V3n0M-Scanner
git pull origin master

Download: V.4.0.6.zip | V.4.0.6.tar.gz
Source: https://github.com/v3n0m-Scanner | Our Post Before

Changelog v2:
+ Adding tools Shellnoob
+ Adding tools jboss-autopwn
+ adding sniper: recon
+ added Get server banner
+ added Bypass Cloudflare
+ added BruteX – Automatically brute force all services running on a target.
+ added XSStracer – checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection.
+ and more..

penbox v2

PenBox is A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have every script that a hacker needs
Information Gathering:
* nmap
* Setoolkit
* Port Scanning
* Host To IP
* wordpress user enumeration
* CMS scanner
* XSStracer – checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
* Doork – Google Dorks Passive Vulnerability Auditor

Password Attacks:
* Cupp
* Ncrack

Wireless Testing:
* reaver
* pixiewps

Exploitation Tools:
* Venom
* sqlmap
* Shellnoob
* commix
* FTP Auto Bypass
* jboss-autopwn

Sniffing & Spoofing:
* Setoolkit
* SSLtrip
* pyPISHER
* SMTP Mailer

Web Hacking:
* Drupal Hacking
* Inurlbr
* WordPress & Joomla Scanner
* Gravity Form Scanner
* File Upload Checker
* WordPress Exploit Scanner
* WordPress Plugins Scanner
* Shell and Directory Finder
* Joomla! 1.5 – 3.4.5 remote code execution
* Vbulletin 5.X remote code execution
* BruteX – Automatically brute force all services running on a target

Private Tools:
* Get all websites
* Get joomla websites
* Get wordpress websites
* Find control panel
* Find zip files
* Find upload files
* Get server users
* Scan from SQL injection
* Scan ports (range of ports)
* Scan ports (common ports)
* Get server banner
* Bypass Cloudflare

Post Exploitation:
* Shell Checker
* POET

Recon:
* Sniper

Usage:

git clone https://github.com/x3omdax/PenBox && cd PenBox
python penbox.py

Update:
git pull origin master

Source: https://github.com/x3omdax | Our Post Before

This project idea is use google search engine to find vulnerable targets, for specific exploits. The exploits parsers will be concentrated in google_parsers module. So when you make a search, you can choose explicit in “–exploit parser” argument, a especific exploit to the robot test if is the targets are vulnerable for that or not.
Note:
use the right dork for the specific exploit.

google_explorer

How the robot works:
1 – Make a google search
2 – Parse the from each page results
3 – Test if each target is vulnerable for a specific exploit.

Requirements:
+ Python 3
+ Pip

Download & Use from git:

git clone https://github.com/anarcoder/google_explorer && cd google_explorer
sudo pip3 install -r requirements.txt
sudo google_explorer.py --help

Source: https://github.com/anarcoder

Changelog SQLMAP v1.0.10:
+ Proper form for excluded case in escaper
+ New auxiliary (extra) file (for administration purposes)
+ Fix “or-assign” for return value in netscaler.py
+ Stripping PostgreSQL .so files for size issues (Issue #2173)
+ Adding new tamper script (on request from @MilanGabor)
+ Revisiting default level 1 payloads (MySQL stacked queries are as frequent as double rainbows)

sqlmap v1.0.10

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

SqlmaThis Tools has been tested on Kali-Sana, Arch Linux, Ubuntu, Debian platform & Mac OSX.

Installation :

git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-dev
python sqlmap.py -hh (for basic full Option)

Update:
python sqlmap.py --update

Source : http://sqlmap.org | Our Post Before | Download: 1.0.10.zip | 1.0.10.tar.gz

Changelog v9/10/2016:
+ Scanner: Automated HTTP Enumeration v0.4 *New
+ Exploit: add freepbx exploit
+ Misc: Breakout Atari 2600 Homebrew (PAL only).

Automated HTTP Enumeration v0.4

Dnsspider : A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation

This section offers a selection of our fully featured security and hacking tools from NullSecurity.
+ Automation :
This section includes automation tools and wrapper scripts for well-known and public security tools to make your life easier. You can adjust the scripts fast and easily according to your own needs. Mostly written in bourne shell.
+ Backdoor :
Backdoors and rootkits for kernel and userland, network, hardware and software. Once you have gone through all the hard work making sure you can get on the system. Make sure you can always get back in.
+ Binary :
ELF and PE binary related tools. This section includes packers, runtime crypters, including our famous (thanks trusted sec team) hyperion tool from our very own belial and other stuff.
+ Cracker :
Tools for cracking network and software login masks. Not been able to find an exploit to give you RCE? Too lazy to SE? So go smash down the front doors and rummage around with our cracking and brute force tools.
+ Cryptography :
Encrypt all the things! With privacy issues moving up most people agenda with items like PRISM in the news cryptography it one of todays hot topics. It’s also pretty useful for exfiltrating data from your target environment, connecting to that C2 box and keeping your loot away from prying eyes.
+ DDoS :
(D)DoS tools if you wanna by like those n00bs at anonymous or simulate everyones favourite underground extortionists.
+ Exploit :
Proof of Concept tools and, if we are feeling particularly generous, fully working exploits because there is nothing more fun that RCE, except dinner with noptrix of course.
+ Fuzzer :
Didn’t find the exploit you wanted in our exploit section well try one of our fuzzers and write you own god damn code.
+ Keylogger :
When you really need to know those credentials you keep seeing the user enter or are too lazy to go searching for every new piece of useful information just try one of our keyloggers and get the user to do the hard work for you!
+ LogCleaner :
Just because our mothers raised us right, we always clean up after ourselves and pwnage is no exception. These logcleaners also help in not getting caught on that important engagement.
+ Misc :
This section includes miscellanous files. Often, you will find non-security related stuff here.
+ Resersing :
Whether figuring out how that new piece of malware you just discovered works or hunting for the next 0day from $vendor, our reversing toolz will help you on your way.
+ Scanner
Can’t find any useful hints on shodan? Google dorks not dishing up the goods? Hell get one of our scanners out and track down your targets in 2 shakes of a lol-cat’s tail.
+ Shellcode
Just because our fuzzer worked or the PoC was fantastic doesn’t mean that running calc is gonna put a smile on your face. If you got RCE try our shellcodes to actually do something useful.
+ Wireless
Why wireless? It works and you don’t have to wear your favorite nullsecurity hoody to hide you face from the camera in reception. Hack all the thingz!

Use and Download:

git clone https://github.com/nullsecuritynet/tools && cd tools
now you can run one by one tools inside the folder

Upgrade:
git pull origin master

Downlaod : Master.zip | Clone Url
Source : http://nullsecurity.net/ | Our Post Before

Changelog OWASP VBScan v0.1.7 [Larry Wall]:
* Several bugfix (2016/10/15)
* Updated exploit database
* Compatible With Windows [Linux,OSX,Windows]
* Added Full Path Disclosure (FPD) module
* Added firewall detect/bypass module
* Optimized version checker module engine [#12 issue]
* Upgrade config finder module
* Random user agent module set as default setting
* Added HTML Report

vbscan v0.1.7

VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

VBScan is a Black Box vBulletin Vulnerability Scanner

Why VBScan ? If you want to do a penetration test on a vBulletin Forum, VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

Usage:

git clone https://github.com/rezasp/vbscan && cd vbscan
perl vbscan.pl

Update:
cd vbscan
perl vbscan --update
git pull origin master

Source :http://reza.es/ | Our post before

gethsploit – Finding Ethereum nodes which are vulnerable to RPC-attacks.

Pyscan – A fast malware scanner using ShellScannerPatterns.

Peach Fuzz – Vulnerability Scanning Framework.

ATSCAN v9.0 stable – perl script for vulnerable Server, Site and dork scanner.

SSLyze v0.13.6 – Fast and full-featured SSL scanner.

PenBox v1.4 – A Penetration Testing Framework.

PowerOPS v0.9 – Powershell for Offensive Operations.

Datasploit – A tool to perform various OSINT techniques.

NoSQLMap v0.7 – Automated Mongo database and NoSQL web application exploitation tool.

ATSCAN v9.5 stable – perl script for Search / Server / Site / Dork / Exploitation Scanner.

MARA is a Mobile Application Reverse engineering and Analysis Framework.

Sublist3r v1.0 released : Fast subdomains enumeration tool for penetration testers

Fenrir is a simple IOC scanner bash script.

wlscrape – A tool for scrapping the possible malware from the Wikileaks AKP leak.

v3n0M v4.0.6 – Popular Pentesting scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns

PenBox v2 – A Penetration Testing Framework.

google_explorer – Google robot to make mass exploit.

sqlmap v1.0.10 – Automatic SQL injection and database takeover tool.

Tools Updates : a Collection security and hacking tools; likes exploits, proof of concepts, shellcodes, scripts, and more.

Owasp VBScan v0.1.7 – is a Black Box vBulletin Vulnerability Scanner.