Saturday, 16 March 2019

BUG HUNTER - A COLLECTION OF BUG HUNTING TOOLS


A Collection of Information Gathering, Mapping, Discovery and Exploitation Tools for Bug Hunting.

Information Gathering :

Basic Commands for Information Gathering, Masscan, DNS Recon, Sublist3r, Alt-DNS, Amass, Subfinder, Enumall, Aquatone, Cloudflare_Enum, InfoG, The Harvester, Recon-NG, SetoolKit, WhatWeb, Maltego

Mapping :

Nmap, Firefox Browser, Firefox Browser Extensions, Burp Suite Pro, Burp Suite Extensions, Intruder Payloads for Burp Suite, Payloads All The Thing

Discovery :

Acunetix-WVS, Arachni, Burp Suite, Nexpose, Nikto, Vega, Wapiti, Web Security Scanner, Websecurify Suite, Joomscan, w3af, Zed Attack Proxy, WP-Scan, FuzzDB, CeWL

Exploitation :

XSS : XSS Radar, XSSHunter, xssHunter Client, DOMxssScanner, XSSer, BruteXSS, XSStrike, XSS'OR
SQLi : SQLmap
XXE : OXML-xxe, XXEinjextor
SSTI : Tplmap
SSRF : SSRF-Detector, Ground Control
LFI : LFISuit
Mobile : MobSF, GenyMotion, Apktool, dex2jar, jd-gui, idb
Other : Gen-xbin-Avi, GitTools, DVCS Ripper, TKO Subs, SubBruteforcer, Second-Order, Race The Web, CORStest, RCE Struts-pwn, ysoSerial, PHPGGC, Retire-js, Getsploit, Findsploit, BFAC, WP-Scan, CMSmap, Joomscan, JSON W T T, Wfuzz, Patator, Netcat, ChangeMe, wappalyzer, builtwith, wafw00f, assetnote, jsbeautifier, LinkFinder

PoCs & Reporting :

Bug Bounty Platforms, POCs (Proof of Concepts), CheatSheet, EyeWitness, HttpScreenshot, BugBountyTemplates, Template Generator

Installation in Linux :

Open Terminal and Type :

● git clone https://github.com/thehackingsage/bughunter.git

● cd bughunter
● chmod +x bughunter.py
● sudo cp bughunter.py /usr/bin/bughunter



That's it.. type bughunter in terminal to execute the tool.

Video :

YouTube : Bug Hunter : A Collection of Tools for Bug Hunting

Repository :  

https://github.com/thehackingsage/bughunter


That's It... If You Like This Post Please Share This With Your Friends..

& Don't Forget To Follow Me At TwitterInstagramGithub & SUBSCRIBE My YouTube Channel..!!!


Happy Hacking!!!

Labels: , , , , ,

Thursday, 7 March 2019

GHIDRA : NSA Reverse Engineering Tool

GHIDRA : NSA Reverse Engineering Tool

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.

In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

Key features of Ghidra :
  • includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux.
  • capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features.
  • supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
  • users may develop their own Ghidra plug-in components and/or scripts using the exposed API.

Ghidra Installation Guide : https://ghidra-sre.org/InstallationGuide.html

Ghidra Cheat Sheet : https://ghidra-sre.org/CheatSheet.html

Github Repository : https://github.com/NationalSecurityAgency/ghidra

Download Ghidra : https://ghidra-sre.org/ 

That's It !!!


if you like this post please like & share with your friends..
Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 
https://www.h4ck3rthebook.blogspot.com

& DON'T FORGET TO FOLLOW ME ON
& SUBSCRIBE MY YOUTUBE CHANNEL..!!!
Happy Hacking !!! :)

Sunday, 3 March 2019

MalDuino - HID Attack Tool

MalDuino - HID Attack Tool by Mr. SAGE

MalDuino is an arduino-powered USB device which has keyboard injection capabilities. Once plugged in, MalDuino acts as a keyboard, typing commands at superhuman speeds. What's the point? You could gain a reverse shell, change the desktop wallpaper, anything is possible. For penetration testers, hobbyists and pranksters, MalDuino will serve you well!


MalDuino aims to offer the best BadUSB experience. In terms of software, MalDuino is programmed via the arduino IDE using open source libraries. Scripts written in DuckyScript can easily be converted into code the MalDuino can understand. Not only does this make it newb friendly, but also makes it possible for experienced arduino tinkerers to program it just like they would an Arduino. MalDuino comes in two flavours, Elite and Lite.

Lite :

MalDuino LiteThe Lite stores a script on it's 32KB of onboard memory (more than enough space for most scripts). You can write scripts using a text editor and convert them to malduino-friendly code using our script converter. Then you can upload a script using the Arduino IDE, for more in depth instructions see our guide. Then simply unplug the MalDuino Lite, toggle it into ready mode using the switch on the back and you're good to go!

Elite :

MalDuino Elite

The Elite is the more fully-featured device. Instead of storing scripts on it's onboard memory, scripts are stored on a microsd card, so instead of reprogramming the device for each new script, you can simply drop your scripts on a microsd card and you're set. Then a set of dip switches can be used to select between 16 different scripts stored on the microsd card.


But what is the potential?

Well, see this list of example scripts. There's the potential to initiate a reverse shell, download and execute a file, gain a backdoor, change someone's desktop wallpaper, the list really goes on and on. If there's some script you've got an idea for, it's really easy to implement, see below.

How can I write such scripts?

Scripts are easily written, the syntax is loosely based on ducky script.
Script Converter : https://malduino.com/converter/
Buy Now : MalDuino Lite (₹1,219 INR) |  MalDuino Elite (₹2,251 INR)
Official Website : https://malduino.com/
That's It !!!
and if you like this post please like & share with your friends..
Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 
& DON'T FORGET TO SUBSCRIBE..!!!
Keep Visiting... Enjoy !!! :)

Labels: , , , , , , ,