Monday, August 31, 2020

Evilginx2 - Install And Configure In Localhost Complete

More articles


Posted by at No comments:

Sunday, August 30, 2020

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources


About Lockdoor-Framework
    Author: SofianeHamlaoui
   Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

   LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
   For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

   Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
 * Information Gathering 🔎:
  • dirsearch: A Web path scanner
  • brut3k1t: security-oriented bruteforce framework
  • gobuster: DNS and VHost busting tool written in Go
  • Enyx: an SNMP IPv6 Enumeration Tool
  • Goohak: Launchs Google Hacking Queries Against A Target Domain
  • Nasnum: The NAS Enumerator
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • wafw00f: identify and fingerprint Web Application Firewall
  • Photon: ncredibly fast crawler designed for OSINT.
  • Raccoon: offensive security tool for reconnaissance and vulnerability scanning
  • DnsRecon: DNS Enumeration Script
  • Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
  • sherlock: Find usernames across social networks
  • snmpwn: An SNMPv3 User Enumerator and Attack tool
  • Striker: an offensive information and vulnerability scanner.
  • theHarvester: E-mails, subdomains and names Harvester
  • URLextractor: Information gathering & website reconnaissance
  • denumerator.py: Enumerates list of subdomains
  • other: other Information gathering,recon and Enumeration scripts I collected somewhere.
  • ReconDog: Reconnaissance Swiss Army Knife
  • RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
  • Dracnmap: Info Gathering Framework
 * Web Hacking 🌐:
  • Spaghetti: Spaghetti - Web Application Security Scanner
  • CMSmap: CMS scanner
  • BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
  • J-dorker: Website List grabber from Bing
  • droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
  • Optiva: Web Application Scanner
  • V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • AtScan: Advanced dork Search & Mass Exploit Scanner
  • WPSeku: Wordpress Security Scanner
  • WPScan: A simple Wordpress scanner written in python
  • XSStrike: Most advanced XSS scanner.
  • SQLMap: automatic SQL injection and database takeover tool
  • WhatWeb: the Next generation web scanner
  • joomscan: Joomla Vulnerability Scanner Project
  • Dzjecter: Server checking Tool
 * Privilege Escalation ⚠️:
  • Linux 🐧:linux_checksec.sh
       linux_enum.sh
       linux_gather_files.sh
       linux_kernel_exploiter.pl
       linux_privesc.py
       linux_privesc.sh
       linux_security_test
       Linux_exploits folder
  • Windows Windows:   windows-privesc-check.py
       windows-privesc-check.exe
  • MySql:raptor_udf.c
       raptor_udf2.c
 * Reverse Engineering ⚡:
  • Radare2: unix-like reverse engineering framework
  • VirtusTotal: VirusTotal tools
  • Miasm: Reverse engineering framework
  • Mirror: reverses the bytes of a file
  • DnSpy: .NET debugger and assembly
  • AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
  • DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara: a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike: a protocol fuzzer creation kit + audits
  • other: other scripts collected somewhere
 * Exploitation ❗:
  • Findsploit: Find exploits in local and online databases instantly
  • Pompem: Exploit and Vulnerability Finder
  • rfix: Python tool that helps RFI exploitation.
  • InUrlBr: Advanced search in search engines
  • Burpsuite: Burp Suite for security testing & scanning.
  • linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
  • other: other scripts I collected somewhere.
 * Shells 🐚:
  • WebShells: BlackArch's Webshells Collection
  • ShellSum: A defense tool - detect web shells in local directories
  • Weevely: Weaponized web shell
  • python-pty-shells: Python PTY backdoors
 * Password Attacks ✳️:
  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
 * Encryption - Decryption 🛡️:
  • Codetective: a tool to determine the crypto/encoding algorithm used
  • findmyhash: Python script to crack hashes using online services
 * Social Engineering 🎭:
  • scythe: an accounts enumerator

Contributing:
  1. Fork Lockdoor-Framework:
    git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a new Pull Request

Features 📙:
  • Pentesting Tools Selection 📙:
   Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
   what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
   Easy customization: Easily add/remove tools. (Added value)
   Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]
  • Resources and cheatsheets 📙 (Added value):
   Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
   Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:
Lockdoor-Framework's screenshots:
First Step
Lockdoor update
ROOT Menu
Information Gathering
Web Hacking
Exploitation
Reverse Engineering
Enc/Dec
Password Attacks
Shells
PrivEsc
Social Engineering
PSAFRT
Walkthroughs
About
Support the author:
   On Paypal: Sofiane Hamlaoui
   BTC Address: 

Related news
  1. Tools For Hacker
  2. Hack Tools For Windows
  3. Pentest Tools Framework
  4. Hacking Tools For Beginners
  5. Hacking Tools Pc
  6. Pentest Box Tools Download
  7. Hacking Apps
  8. New Hacker Tools
  9. Pentest Tools
  10. Pentest Tools Port Scanner
  11. Hack Apps
  12. Pentest Tools
  13. Hacker Tools List
  14. Hacking Tools For Windows
  15. Hacking App
  16. Hacking Tools For Beginners
  17. Hack Tools
  18. Hacking Tools Hardware
  19. Hacking Tools Name
  20. Nsa Hacker Tools
  21. Pentest Tools For Windows
  22. Pentest Tools Windows
  23. Pentest Tools
  24. Pentest Tools For Android
  25. Usb Pentest Tools
  26. Pentest Automation Tools
  27. Pentest Reporting Tools
  28. Computer Hacker
  29. Growth Hacker Tools
  30. Hack Tools For Ubuntu
  31. Free Pentest Tools For Windows
  32. Hack Tools Pc
  33. Pentest Tools Framework
  34. Pentest Tools Nmap
  35. New Hacker Tools
  36. Pentest Tools Download
  37. Hackers Toolbox
  38. Usb Pentest Tools
  39. Hacking Tools For Windows 7
  40. Hacker Tools Online
  41. Ethical Hacker Tools
  42. Best Hacking Tools 2019
  43. What Are Hacking Tools
  44. Hacking Tools Software
  45. Hacking Tools For Windows 7
  46. Hacking Tools 2019
  47. Hack Tools Online
  48. Hacking Tools Software
  49. Hacking Tools For Pc
  50. Hack Tools Github
  51. Hack Tools 2019
  52. Pentest Tools Open Source
  53. Pentest Tools Kali Linux
  54. Hack Tools
  55. Hacker Tools List
  56. Best Hacking Tools 2019
  57. Hacks And Tools
  58. Best Hacking Tools 2019
  59. Hacker Tools Software
  60. Pentest Tools Subdomain
  61. Easy Hack Tools
  62. Pentest Tools Kali Linux
  63. Hacking Tools Windows 10
  64. Hacker
  65. Hacking App
  66. Hacker Tools Hardware
  67. Pentest Tools Free
  68. Hack Tools For Ubuntu
  69. Pentest Tools Subdomain
  70. Hacking Tools Software
  71. Github Hacking Tools
  72. Nsa Hacker Tools
  73. Hacker Tools Windows
  74. Pentest Tools Url Fuzzer
  75. Hackrf Tools
  76. Hacker Tools Apk
  77. Best Hacking Tools 2020
  78. Hacking Tools Name
  79. Hacking Tools Usb
  80. Hacker Tools 2020
  81. Best Hacking Tools 2020
  82. Pentest Tools Github
  83. Hacks And Tools
  84. Hack Tools Github
  85. Hack Tools Download
  86. Pentest Tools Github
  87. Pentest Tools Review
  88. Hacking Tools Windows 10
  89. Hacking Tools Mac
  90. Blackhat Hacker Tools
  91. Hacker Tools 2020
  92. Hacker Tools Free Download
  93. Hacking Tools Hardware
  94. Hack Tools For Pc
  95. Hacker Tools For Ios
  96. Hacker
  97. Hacker Tool Kit
  98. Hack Tools For Pc
  99. Easy Hack Tools
  100. Hack And Tools
  101. Game Hacking
  102. Bluetooth Hacking Tools Kali
  103. Pentest Tools Subdomain
  104. Pentest Box Tools Download
  105. Hack Website Online Tool
  106. Pentest Tools Linux
  107. Hack Tools Pc
  108. Physical Pentest Tools
  109. Hacking Tools Windows
  110. Pentest Tools Website Vulnerability
  111. Beginner Hacker Tools
  112. Hacking Tools Download
Posted by at No comments:

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
Related word
Posted by at No comments:
Subscribe to: Posts (Atom)