πŸ”’
❌
There are new articles available, click to refresh the page.
βœ‡Darknet

Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage

By: Darknet β€”
Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage

socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms.

Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken.

Read the rest of Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage now! Only available at Darknet.

βœ‡Darknet

CFRipper – CloudFormation Security Scanning & Audit Tool

By: Darknet β€”
CFRipper – CloudFormation Security Scanning & Audit Tool

CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.

You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.

CFRipper should be part of your CI/CD pipeline. It runs just before a CloudFormation stack is deployed or updated and if the CloudFormation script fails to pass the security check it fails the deployment and notifies the team that owns the stack.

Read the rest of CFRipper – CloudFormation Security Scanning & Audit Tool now! Only available at Darknet.

βœ‡Darknet

CredNinja – Test Credential Validity of Dumped Credentials or Hashes

By: Darknet β€”
CredNinja – Test Credential Validity of Dumped Credentials or Hashes

CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning for port 445 first, or you can use β€œβ€“scan”). It will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host.

Read the rest of CredNinja – Test Credential Validity of Dumped Credentials or Hashes now! Only available at Darknet.

βœ‡Darknet

assetfinder – Find Related Domains and Subdomains

By: Darknet β€”
assetfinder – Find Related Domains and Subdomains

assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more.

assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info:

  • crt.sh
  • certspotter
  • hackertarget
  • threatcrowd
  • wayback machine
  • dns.bufferover.run
  • facebook – Needs FB_APP_ID and FB_APP_SECRET environment variables set (https://developers.facebook.com/) and you need to be careful with your app’s rate limits
  • virustotal – Needs VT_API_KEY environment variable set (https://developers.virustotal.com/reference)
  • findsubdomains – Needs SPYSE_API_TOKEN environment variable set (the free version always gives the first response page, and you also get β€œ25 unlimited requests”) β€” (https://spyse.com/apidocs)

Sources to be implemented:

  • http://api.passivetotal.org/api/docs/
  • https://community.riskiq.com/ (?)
  • https://riddler.io/
  • http://www.dnsdb.org/
  • https://certdb.com/api-documentation

Usage of assetfinder to Find Related Domains and Subdomains

The usage is very simple with only one option basically, to limit the search to subdomains only – by default it will scan for all associated domains and subdomains.

Read the rest of assetfinder – Find Related Domains and Subdomains now! Only available at Darknet.

βœ‡Darknet

Karkinos – Beginner Friendly Penetration Testing Tool

By: Darknet β€”
Karkinos – Beginner Friendly Penetration Testing Tool

Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a β€˜Swiss Army Knife’ for pen-testing and/or hacking CTF’s.

Karkinos Beginner Friendly Penetration Testing Tool Features

  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • Reverse shell handling
  • Cracking and generating hashes

How to Install Karkinos Beginner Friendly Penetration Testing Tool

Dependencies are:

  • Any server capable of hosting PHP
  • Tested with PHP 7.4.9
  • Tested with Python 3.8
  • Make sure it is in your path as:
  • Windows: python
  • Linux: python3
  • If it is not, please change the commands in includes/pid.php
  • Pip3
  • Raspberry Pi Zero friendly :) (crack hashes at your own risk)

Then:

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && unzip passlist.zip You can also unzip it manually using file explorer.

Read the rest of Karkinos – Beginner Friendly Penetration Testing Tool now! Only available at Darknet.

βœ‡Darknet

Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

By: Darknet β€”
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.

It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path.

Features of Aclpwn.Py Exploit ACL Based Privilege Escalation Paths in Active Directory

Aclpwn.Py currently has the following features:

  • Direct integration with BloodHound and the Neo4j graph database (fast pathfinding)
  • Supports any reversible ACL based attack chain (no support for resetting user passwords right now)
  • Advanced pathfinding (Dijkstra) to find the most efficient paths
  • Support for exploitation with NTLM hashes (pass-the-hash)
  • Saves restore state, easy rollback of changes
  • Can be run via a SOCKS tunnel
  • Written in Python (2.7 and 3.5+), so OS independent

Installation of Aclpwn.py ACL Based Privilege Escalation

Aclpwn.py is compatible with both Python 2.7 and 3.5+.

Read the rest of Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory now! Only available at Darknet.

βœ‡Darknet

Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack

By: Darknet β€”
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack

Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack

Vulhub contains many frameworks, databases, applications, programming languages and more such as:

  • Drupal
  • ffmpeg
  • CouchDB
  • ActiveMQ
  • Glassfish
  • Joombla
  • JBoss
  • Kibana
  • Laravel
  • Rails
  • Python
  • Tomcat

And many, many more.

Read the rest of Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack now! Only available at Darknet.

βœ‡Darknet

LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

By: Darknet β€”
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.

SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis.

Read the rest of LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) now! Only available at Darknet.

βœ‡Darknet

Grype – Vulnerability Scanner For Container Images & Filesystems

By: Darknet β€”
Grype – Vulnerability Scanner For Container Images & Filesystems

Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based operating systems.

Features of Grype Vulnerability Scanner For Container Images & Filesystems

Scan the contents of a container image or filesystem to find known vulnerabilities and find vulnerabilities for major operating system packages in:

  • Alpine
  • BusyBox
  • CentOS / Red Hat
  • Debian
  • Ubuntu

Find vulnerabilities for language-specific packages:

  • Ruby (Bundler)
  • Java (JARs, etc)
  • JavaScript (NPM/Yarn)
  • Python (Egg/Wheel)
  • Python pip/requirements.txt/setup.py listings

Supports Docker and OCI image formats

Using Grype Vulnerability Scanner For Container Images & Filesystems

To scan for vulnerabilities in an image:

grype <image>

Grype can scan a variety of sources beyond those found in Docker.

Read the rest of Grype – Vulnerability Scanner For Container Images & Filesystems now! Only available at Darknet.

βœ‡Darknet

APT-Hunter – Threat Hunting Tool via Windows Event Log

By: Darknet β€”
APT-Hunter – Threat Hunting Tool via Windows Event Log

APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.

This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected.

The target audience for APT-Hunter is threat hunters, incident response professionals or forensic investigators.

Read the rest of APT-Hunter – Threat Hunting Tool via Windows Event Log now! Only available at Darknet.

βœ‡Darknet

GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials

By: Darknet β€”
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials

GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more.

GitLab Watchman searches GitLab for internally shared projects and looks at:

  • Code
  • Commits
  • Wiki pages
  • Issues
  • Merge requests
  • Milestones

For the following data:

  • GCP keys and service account files
  • AWS keys
  • Azure keys and service account files
  • Google API keys
  • Slack API tokens & webhooks
  • Private keys (SSH, PGP, any other misc private key)
  • Exposed tokens (Bearer tokens, access tokens, client_secret etc.)
  • S3 config files
  • Passwords in plaintext
  • CICD variables exposed publicly
  • and more

Using GitLab Watchman to Audit Gitlab For Sensitive Data

GitLab Watchman will be installed as a global command, use as follows:

usage: gitlab-watchman [-h] --timeframe {d,w,m,a} --output
{file,stdout,stream} [--version] [--all] [--blobs]
[--commits] [--wiki-blobs] [--issues] [--merge-requests]
[--milestones] [--comments]

Monitoring GitLab for sensitive data shared publicly

optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--all Find everything
--blobs Search code blobs
--commits Search commits
--wiki-blobs Search wiki blobs
--issues Search issues
--merge-requests Search merge requests
--milestones Search milestones
--comments Search comments

required arguments:
--timeframe {d,w,m,a}
How far back to search: d = 24 hours w = 7 days, m =
30 days, a = all time
--output {file,stdout,stream}
Where to send results

You can run GitLab Watchman to look for everything, and output to default Stdout:

gitlab-watchman --timeframe a --all

Or arguments can be grouped together to search more granularly.

Read the rest of GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials now! Only available at Darknet.

βœ‡Darknet

GKE Auditor – Detect Google Kubernetes Engine Misconfigurations

By: Darknet β€”
GKE Auditor – Detect Google Kubernetes Engine Misconfigurations

GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities.

[ad name=”Darknet_Body_468_Links”]

The tool consists of individual modules called Detectors, each scanning for a specific vulnerability.

Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations
Installation

git clone https://github.com/google/gke-auditor
cd ./gke-auditor/
./build.sh

Usage

The tool has to be built by running the build.sh script first.

Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet.

βœ‡Darknet

zANTI – Android Wireless Hacking Tool Free Download

By: Darknet β€”
zANTI – Android Wireless Hacking Tool Free Download

zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download.

This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

Features of zANTI Android Wireless Hacking Tool

This network auditor comes along with a rather simple interface compared to other solutions and running its tasks is pretty straightforward.

Read the rest of zANTI – Android Wireless Hacking Tool Free Download now! Only available at Darknet.

βœ‡Darknet

HELK – Open Source Threat Hunting Platform

By: Darknet β€”
HELK – Open Source Threat Hunting Platform

The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.

This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.

Goals of HELK Open Source Threat Hunting Platform

  • Provide an open-source hunting platform to the community and share the basics of Threat Hunting.

Read the rest of HELK – Open Source Threat Hunting Platform now! Only available at Darknet.

βœ‡Darknet

Trape – OSINT Analysis Tool For People Tracking

By: Darknet β€”
Trape – OSINT Analysis Tool For People Tracking

Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.

Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.

Read the rest of Trape – OSINT Analysis Tool For People Tracking now! Only available at Darknet.

βœ‡Darknet

Fuzzilli – JavaScript Engine Fuzzing Library

By: Darknet β€”
Fuzzilli – JavaScript Engine Fuzzing Library

Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (β€œFuzzIL”) which can be mutated and translated to JavaScript.

When fuzzing for core interpreter bugs, e.g. in JIT compilers, semantic correctness of generated programs becomes a concern. This is in contrast to most other scenarios, e.g. fuzzing of runtime APIs, in which case semantic correctness can easily be worked around by wrapping the generated code in try-catch constructs.

Read the rest of Fuzzilli – JavaScript Engine Fuzzing Library now! Only available at Darknet.

βœ‡Darknet

OWASP APICheck – HTTP API DevSecOps Toolset

By: Darknet β€”
OWASP APICheck – HTTP API DevSecOps Toolset

APICheck is an HTTP API DevSecOps toolset, it integrates existing HTTP APIs tools, creates execution chains easily and is designed for integration with third-party tools in mind.

APICheck is comprised of a set of tools that can be connected to each other to achieve different functionalities, depending on how they are connected. It allows you to create execution chains and it can not only integrate self-developed tools but also can leverage existing tools in order to take advantage of them to provide new functionality.

Read the rest of OWASP APICheck – HTTP API DevSecOps Toolset now! Only available at Darknet.

βœ‡Darknet

trident – Automated Password Spraying Tool

By: Darknet β€”
trident – Automated Password Spraying Tool

The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.

trident was designed and built to fulfill several requirements and to provide:

  • the ability to be deployed on several cloud platforms/execution providers
  • the ability to schedule spraying campaigns in accordance with a target’s account lockout policy
  • the ability to increase the IP pool that authentication attempts originate from for operational security purposes
  • the ability to quickly extend functionality to include newly-encountered authentication platforms

Using trident Password Spraying Tool

Usage:
trident-cli campaign [flags]

Flags:
-a, --auth-provider string this is the authentication platform you are attacking (default "okta")
-h, --help help for campaign
-i, --interval duration requests will happen with this interval between them (default 1s)
-b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
-p, --passfile string file of passwords (newline separated)
-u, --userfile string file of usernames (newline separated)
-w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)

Example output:

$ trident-client results
+----+-------------------+------------+-------+
| ID | USERNAME | PASSWORD | VALID |
+----+-------------------+------------+-------+
| 1 | [email protected] | Password1!

Read the rest of trident – Automated Password Spraying Tool now! Only available at Darknet.

βœ‡Darknet

tko-subs – Detect & Takeover Subdomains With Dead DNS Records

By: Darknet β€”
tko-subs – Detect & Takeover Subdomains With Dead DNS Records

tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.

What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?

This tool allows you:

  • To check whether a subdomain can be taken over because it has:
    • a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.

Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.

❌