AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit And AutoScanner

Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html

Installation

$ git clone https://github.com/m4ll0k/AutoNSE.git
$ cd AutoNSE 
$ bash autonse.sh

Exmaples

$ bash autonse.sh

Download AutoNSE

Related news

1. Como Aprender A Hackear Desde Cero
2. Hacking Udemy
3. Curso Hacker
4. Hacking Wifi Windows
5. Fake Hacking
6. Android Hacking
7. Kali Linux Hacking
8. Hacking Tools
9. Que Es El Hacking Etico
10. Servicio Hacker
11. Crack Definicion

RainbowCrack

"RainbowCrack is a general purpose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables." read more...

Website: http://www.antsight.com/zsl/rainbowcrack

More info

• Sean Ellis Growth Hacking
• Como Convertirse En Hacker
• Foro Hacking
• Hacking Y Forensic Desarrolle Sus Propias Herramientas En Python Pdf
• Hacking Pdf
• Hacking Wallpaper
• Como Hacker
• Hacking Bluetooth Speaker
• Informatico Hacker
• Hacking Usb

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources

About Lockdoor-Framework
    Author: SofianeHamlaoui

• Github: SofianeHamlaoui
• Twitter: S0fianeHamlaoui
• Facebook: S0fianeHamlaoui

   Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

   LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
   For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

   Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
 * Information Gathering 🔎:

• dirsearch: A Web path scanner
• brut3k1t: security-oriented bruteforce framework
• gobuster: DNS and VHost busting tool written in Go
• Enyx: an SNMP IPv6 Enumeration Tool
• Goohak: Launchs Google Hacking Queries Against A Target Domain
• Nasnum: The NAS Enumerator
• Sublist3r: Fast subdomains enumeration tool for penetration testers
• wafw00f: identify and fingerprint Web Application Firewall
• Photon: ncredibly fast crawler designed for OSINT.
• Raccoon: offensive security tool for reconnaissance and vulnerability scanning
• DnsRecon: DNS Enumeration Script
• Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
• sherlock: Find usernames across social networks
• snmpwn: An SNMPv3 User Enumerator and Attack tool
• Striker: an offensive information and vulnerability scanner.
• theHarvester: E-mails, subdomains and names Harvester
• URLextractor: Information gathering & website reconnaissance
• denumerator.py: Enumerates list of subdomains
• other: other Information gathering,recon and Enumeration scripts I collected somewhere.
• ReconDog: Reconnaissance Swiss Army Knife
• RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
• Dracnmap: Info Gathering Framework

 * Web Hacking 🌐:

• Spaghetti: Spaghetti - Web Application Security Scanner
• CMSmap: CMS scanner
• BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
• J-dorker: Website List grabber from Bing
• droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
• Optiva: Web Application Scanner
• V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
• AtScan: Advanced dork Search & Mass Exploit Scanner
• WPSeku: Wordpress Security Scanner
• WPScan: A simple Wordpress scanner written in python
• XSStrike: Most advanced XSS scanner.
• SQLMap: automatic SQL injection and database takeover tool
• WhatWeb: the Next generation web scanner
• joomscan: Joomla Vulnerability Scanner Project
• Dzjecter: Server checking Tool

 * Privilege Escalation ⚠️:

• Linux 🐧:linux_checksec.sh
     linux_enum.sh
     linux_gather_files.sh
     linux_kernel_exploiter.pl
     linux_privesc.py
     linux_privesc.sh
     linux_security_test
     Linux_exploits folder
• Windows :   windows-privesc-check.py
     windows-privesc-check.exe
• MySql:raptor_udf.c
     raptor_udf2.c

 * Reverse Engineering ⚡:

• Radare2: unix-like reverse engineering framework
• VirtusTotal: VirusTotal tools
• Miasm: Reverse engineering framework
• Mirror: reverses the bytes of a file
• DnSpy: .NET debugger and assembly
• AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
• DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
• Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
• yara: a tool aimed at helping malware researchers toidentify and classify malware samples
• Spike: a protocol fuzzer creation kit + audits
• other: other scripts collected somewhere

 * Exploitation ❗:

• Findsploit: Find exploits in local and online databases instantly
• Pompem: Exploit and Vulnerability Finder
• rfix: Python tool that helps RFI exploitation.
• InUrlBr: Advanced search in search engines
• Burpsuite: Burp Suite for security testing & scanning.
• linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
• other: other scripts I collected somewhere.

 * Shells 🐚:

• WebShells: BlackArch's Webshells Collection
• ShellSum: A defense tool - detect web shells in local directories
• Weevely: Weaponized web shell
• python-pty-shells: Python PTY backdoors

 * Password Attacks ✳️:

• crunch : a wordlist generator
• CeWL : a Custom Word List Generator
• patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

 * Encryption - Decryption 🛡️:

• Codetective: a tool to determine the crypto/encoding algorithm used
• findmyhash: Python script to crack hashes using online services

 * Social Engineering 🎭:

• scythe: an accounts enumerator

Contributing:

1. Fork Lockdoor-Framework:
   git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Create a new Pull Request

Features 📙:

• Pentesting Tools Selection 📙:

   Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
   what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
   Easy customization: Easily add/remove tools. (Added value)
   Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]

• Resources and cheatsheets 📙 (Added value):

   Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
   Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:

• Lockdoor Wiki page Home
• Lockdoor Demos
• Lockdoor Screenshots

Lockdoor-Framework's screenshots:

First Step

Lockdoor update

ROOT Menu

Information Gathering

Web Hacking

Exploitation

Reverse Engineering

Enc/Dec

Password Attacks

Shells

PrivEsc

Social Engineering

PSAFRT

Walkthroughs

About

Support the author:

   On Paypal: Sofiane Hamlaoui

   BTC Address: 

Download Lockdoor-Framework

Read more

• Hacking Wireless 101 Pdf
• Hacking Net
• Libro Hacker
• Hacking Wifi Windows
• Que Es Hacking Etico
• Que Estudia Un Hacker
• Growth Hacking Pdf
• Curso Hacking Etico
• Hacking Smart Tv
• Hacking Xbox One

DeepEnd Research: Analysis Of Trump's Secret Server Story

 We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

Analysis of Trump's secret server story...

Related word

• Growth Hacking Pdf
• Ingeniería Social El Arte Del Hacking Personal
• Social Hacking
• Growth Hacking Examples

RECONNAISSANCE IN ETHICAL HACKING

What is reconnaissance in ethical hacking?
This is the primary phase of hacking where the hacker tries to collect as much information as possible about the target.It includes identifying the target ip address range,network,domain,mail server records etc.

They are of two types-
Active Reconnaissance 
Passive Reconnaissance 

1-Active Reconnaissance-It the process from which we directly interact with the computer system to gain information. This information can be relevant and accurate but there is a risk of getting detected if you are planning active reconnaissance without permission.if you are detected then the administration will take the severe action action against you it may be jail!

Passive Reconnaissance-In this process you will not be directly connected to a computer system.This process is used to gather essential information without ever interacting with the target system.

Related word

• Hacking Usb
• Hacking Apps
• Hacking Smart Tv
• Como Convertirse En Hacker
• Growth Hacking Pdf
• Que Significa Hat
• Hacking With Python

WordPress 5.0.0 Crop-Image Shell Upload Exploit

Read more

• Hacking Linkedin
• El Mejor Hacker Del Mundo
• Hacking The System
• Hacking Online Games
• Hardware Hacking Tools
• Bluetooth Hacking
• Google Hacking
• Libros Hacking
• Que Hace Un Hacker

Best Hacking Tools

      MOST USEFUL HACKING TOOL

1-Nmap-Network Mapper is popular and free open source hacker's tool.It is mainly used for discovery and security auditing.It is used for network inventory,inspect open ports manage service upgrade, as well as to inspect host or service uptime.Its advantages is that the admin user can monitor whether the network and associated nodes require patching.

2-Haschat-It is the self-proclaimed world's fastest password recovery tool. It is designed to break even the most complex password. It is now released as free software for Linux, OS X, and windows.

3-Metasploit-It is an extremely famous hacking framework or pentesting. It is the collection of hacking tools used to execute different tasks. It is a computer severity  framework which gives the necessary information about security vulnerabilities. It is widely used by cyber security experts and ethical hackers also.

4-Acutenix Web Vulnerability Scanner- It crawls your website and monitor your web application and detect dangerous SQL injections.This is used for protecting your business from hackers.

5-Aircrack-ng - This tool is categorized among WiFi hacking tool. It is recommended for beginners  who are new to Wireless Specefic Program. This tool is very effective when used rightly.

6-Wireshark-It is a network analyzer which permit the the tester to captyre packets transffering through the network and to monitor it. If you would like to become a penetration tester or cyber security expert it is necessary to learn how to use wireshark. It examine networks and teoubleshoot for obstacle and intrusion.

7-Putty-Is it very beneficial tool for a hacker but it is not a hacking tool. It serves as a client for Ssh and Telnet, which can help to connect computer remotely. It is also used to carry SSH tunneling to byepass firewalls. So, this is also one of the best hacking tools for hackers.

8-THC Hydra- It is one of the best password cracker tools and it consist of operative and highly experienced development team. It is the fast and stable Network Login Hacking Tools that will use dictonary or bruteforce attack to try various combination of passwords against in a login page.This Tool is also very useful for facebook hacking , instagram hacking and other social media platform as well as computer folder password hacking.

9-Nessus-It is a proprietary vulnerability scanner developed by tennable Network Security. Nessus is the world's most popular vulnerability scanner according to the surveys taking first place in 2000,2003,2006 in security tools survey.

10-Ettercap- It is a network sniffing tool. Network sniffing is a computer tool that monitors,analyse and defend malicious attacks with packet sniffing  enterprise can keep track of network flow. 

11-John the Ripper-It is a free famous password cracking pen testing tool that is used to execute dictionary attacks. It is initially developed for Unix OS. The Ripper has been awarded for having a good name.This tools can also be used to carry out different modifications to dictionary attacks.

12-Burp Suite- It is a network vulnerability scanner,with some advance features.It is important tool if you are working on cyber security.

13-Owasp Zed Attack Proxy Project-ZAP and is abbreviated as Zed  Attack Proxy is among popular OWASP project.It is use to find vulnerabilities in Web Applications.This hacking and penetesting tool is very easy to use  as well as very efficient.OWASP community is superb resource for those people that work with Cyber Security.

14-Cain & Abel-It is a password recovery tool for Microsoft Operating System. It allow easy recovery of various kinds of passwords by sniffing the networks using dictonary attacks.

15-Maltego- It is a platform that was designed to deliver an overall cyber threat pictures to the enterprise or local environment in which an organisation operates. It is used for open source intelligence and forensics developed by Paterva.It is an interactive data mining tool.

These are the Best Hacking Tools and Application Which are very useful for penetration testing to gain unauthorized access for steal crucial data, wi-fi hacking , Website hacking ,Vulnerability Scanning and finding loopholes,Computer hacking, Malware Scanning etc.

This post is only for educational purpose to know about top hacking tools which are very important for a hacker to gain unauthorized access. I am not responsible for any type of crime.

More information

• Que Significa Hat
• Significado De Hacker
• Bluetooth Hacking
• Que Hay Que Estudiar Para Ser Hacker
• Hacker Pelicula
• Hacking Etico Que Es
• Ethical Hacking Curso
• Hacking Udemy

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

When it comes to email providers, there's no competitor to Google's awesome features. It is efficient which connects seamlessly with the rest of your Google products such as YouTube, Drive, has a major application called Gmail Inbox, and is overall an extremely powerful email service. However, to use it with a custom domain, you need to purchase Google Apps for either $5 or $10/month, which for casual users is a bit unnecessary. On top of that, you don't even get all of the features a personal account gets, e.g. Inbox. So, here's a free way to use your Gmail account with a custom domain. I am just going to show you hacking Gmail for free custom domain email.

SO, HOW HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

PASSWORD: EHT

STEPS:

• First, register with Mailgun using your Gmail address. Use your Gmail only. Once you have clicked the confirm link, log in to the Mailgun website. Now you're in the dashboard, move on the right under "Custom Domains", click "Add Domain".
• Follow the setup instructions and set DNS records with whoever manages your DNS. Once you've done this, click on the "Routes" link on the top to set up email forwarding.
• Now move to the Route tab and click on Create New Route.
• As you click the button, you will see a page like below. Just enter the information as entered in the following screenshot.
• Just replace the quoted email with your desired email in the above-given screenshot.
• Next, we'll setup SMTP configuration so we would be able to send emails from an actual server. Go to "Domains" tab, click on your domain name.
• On this page, click "Manage your SMTP credentials" then "New SMTP Credential" on the next page.
• Type in the desired SMTP credentials. And, go to Gmail settings and click "Add another email address you own". Once you open, enter the email address you wish to send from.
• In the next step, set the SMTP settings as follows.
• After clicking "Add Account" button, now you're done.
• The final step, make sure to set it to default email in the Gmail settings > Accounts.

That's all. Now you got free Gmail custom domain with 10,000 emails per month. Hope it will work for you. If you find any issue, just comment below.

---

Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.

Related word

1. Curso De Ciberseguridad Y Hacking Ético
2. Que Significa Hat
3. Que Es Hacking Etico
4. Hacker Etico
5. Hacking Code
6. Marketing Growth Hacking
7. Wargames Hacking
8. Hacker Definicion
9. Curso De Hacking Etico Gratis
10. Nfc Hacking
11. Curso De Hacking Etico Gratis

RainbowCrack

"RainbowCrack is a general purpose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables." read more...

Website: http://www.antsight.com/zsl/rainbowcrack

Related links

1. Best Hacking Books
2. Hacking Books
3. Hacking Con Python
4. Sean Ellis Hacking Growth

Remot3d - An Easy Way To Exploiting

Related posts

• Hacking 2019
• Google Hacking Search
• Ingeniería Social. El Arte Del Hacking Personal Pdf
• Hacking Games Online
• Hacking Y Seguridad
• Curso De Ciberseguridad Y Hacking Ético
• Cracker Informatico
• Elhacker Ip
• Nivel Basico
• Hacking Madrid

Hacking Windows 95, Part 2

In the Hacking Windows 95, part 1 blog post, we covered that through a nasty bug affecting Windows 95/98/ME, the share password can be guessed in no time. In this article, I'm going to try to use this vulnerability to achieve remote code execution (with the help of publicly available tools only).

The first thing we can do when we have read access to the Windows directory through the share, is to locate all the *.pwl files on the c:\windows directory, copy them to your machine where Cain is installed, switch to Cracker tab, pwl files, load the pwl file, add username based on the filename, and try to crack it. If you can't crack it you might still try to add a .pwl file where you already know the password in the remote windows directory. Although this is a fun post-exploitation task, but still, no remote code execution. These passwords are useless without physical access.

One might think that after having a share password and user password, it is easy to achieve remote code execution. The problem is:

• there is no "at" command (available since Windows 95 plus!)
• there is no admin share
• there is no RPC
• there is no named pipes
• there is no remote registry
• there is no remote service management

If you think about security best practices, disabling unnecessary services is always the first task you should do. Because Windows 95 lacks all of these services, it is pretty much secure!

During my quest for a tool to hack Windows 95, I came across some pretty cool stuff:

Internet periscope

Winfingerprint

LanSpy

But the best of the best is Fluxay, which has been written by chinese hackers. It is the metasploit from the year 2000. A screenshot is worth more than a 1000 words. 4 screenshot > 4 thousand words :)

It is pretty hard to find the installer, but it is still out there!

But at the end, no remote code execution for me.

My idea here was that if I can find a file which executes regularly (on a scheduled basis), I can change that executable to my backdoor and I'm done. Although there is no scheduler in the default Windows 95, I gave it a try. 

Let's fire up taskman.exe to get an idea what processes are running:

Looks like we need a more powerful tool here, namely Process Explorer. Let's try to download this from oldapps.com:

LOL, IE3 hangs, can't render the page. Copying files to the Win95 VM is not that simple, because there are no shared folders in Win95 VM. And you can't use pendrives either, Win95 can't handle USB (at least the retail version). After downloading the application with a newer browser from oldapps, let's start Process Explorer on the test Windows 95.

Don't try to download the Winsocks 2 patch from the official MS site, it is not there anymore, but you can download it from other sites. 

Now let's look at the processes running:

After staring it for minutes, turned out it is constant, no new processes appeared.
Looking at the next screenshot, one can notice this OS was not running a lot of background processes ...

My current Win7 has 1181 threads and 84 processes running, no wonder it is slow as hell :)

We have at least the following options:

1. You are lucky and not the plain Windows 95 is installed, but Windows 95 Plus! The main difference here is that Windows 95 Plus! has built-in scheduler, especially the "at" command. Just overwrite a file which is scheduled to execution, and wait. Mission accomplished!
2. Ping of death - you can crash the machine (no BSOD, just crash) with long (over 65535 bytes) ICMP ping commands, and wait for someone to reboot it. Just don't forget to put your backdoor on the share and add it to autoexec.bat before crashing it. 
3. If your target is a plain Windows 95, I believe you are out of luck. No at command, no named pipes, no admin share, nothing. Meybe you can try to fuzz port 137 138 139, and write an exploit for those. Might be even Ping of Death is exploitable?

Let's do the first option, and hack Windows 95 plus!

Look at the cool features we have by installing Win95 Plus!

Cool new boot splash screen!

But our main interest is the new, scheduled tasks!

Now we can replace diskalm.exe with our backdoor executable, and wait maximum one hour to be scheduled.

Instead of a boring text based tutorial, I created a YouTube video for you. Based on the feedbacks on my previous tutorialz, it turned out I'm way too old, and can't do interesting tutorials. That's why I analyzed the cool skiddie videoz, and found that I have to do the followings so my vidz won't suck anymore:

• use cool black windows theme
• put meaningless performance monitor gadgets on the sidebar
• use a cool background, something related with hacking and skullz
• do as many opsec fails as possible
• instead of captions, use notepad with spelling errorz
• there is only one rule of metal: Play it fuckin' loud!!!!

Related news

• Hacking For Dummies
• Fake Hacking
• Hackers Informaticos Contactar
• Hacking Academy
• Hacking Videos