Ninja Shell – Port Knocking technique with AES 128 XTS – alpha

ninja-shell

Raw socket shell with AES 128 XTS and Port Knocking technique( https://en.wikipedia.org/wiki/Port_knocking ) using specific tcp flags ,FIN,URG,PSH and use AES 128 XTS cipher at communication. #raw socket ? Raw mode is basically there to allow you to bypass some of the way that your computer handles TCP/IP. Rather than going through the normal layers … Read more

SSLyze – Fast and powerful SSL/TLS server scanning library

sslyze-ssl

Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.3+. Description SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers. … Read more

D-Link DSL-2640B – Unauthenticated Remote DNS Change

d-link-dsl-2640B

[php] #!/bin/bash # # D-Link ADSL DSL-2640B GE_1.07 # Unauthenticated Remote DNS Change Exploit # # Copyright 2017 (c) Todor Donev <todor.donev at gmail.com> # https://www.ethical-hacker.org/ # https://www.facebook.com/ethicalhackerorg # # Description: # The vulnerability exist in the web interface, which is # accessible without authentication. # # Once modified, systems use foreign DNS servers, which … Read more

WordPress Plugin WatuPRO 5.5.1 – SQL Injection

watupro

[php]##################################### Exploit Title: SQL Injection In WatuPRO (WordPress Plugin to Create Exams, Tests and Quizzes) Exploit Author: Manich Koomsusi Date: 03-07-2017 Software: WatuPRO Version: 5.5.1 Website: http://calendarscripts.info/watupro/ Tested on: WordPress 4.7.5 Software Link: https://1drv.ms/u/s!AhfkvGaDTn1bmgHSj9u_jQX8iME0 CVE: CVE-2017-9834 ##################################### Description ================================== SQL Injection in WatuPRO WordPress Plugin for create exams, Tests and Quizzes allow the attacker dump … Read more

Repulsive Grizzly – Application Layer DoS Testing Framework

grizzly

Application Layer DoS Testing Framework What is Repulsive Grizzly? Repulsive Grizzly is an application layer load testing framework specifically designed to support high throughput and sophisticated request types. Repulsive Grizzly can help you confirm application layer Denial of Service (DoS) by running your test at a higher concurrency with other features such as session round … Read more

KatanaFramework – The New Hacking Framework

ABOUT. katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, is recommended … Read more

Arachni – Web Application Security Scanner Framework

arachni

Synopsis Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application’s behavior during the scan process and is able to perform meta-analysis using a number of factors in order to … Read more

BrowserGather – Fileless web browser information extraction

browser

BrowserGather Fileless Extraction of Sensitive Browser Information with PowerShell This project will include various cmdlets for extracting credential, history, and cookie/session data from the top 3 most popular web browsers (Chrome, Firefox, and IE). The goal is to perform this extraction entirely in-memory, without touching the disk of the victim. Currently Chrome credential and cookie … Read more

KICKthemOUT3 – KICK devices off your NETW0RK

Kick devices off network

KICKthemOUT3 – KICK devices off your NETW0RK Kick devices off your network K1CK devices off your N3TW0RK by performing an ARP Spoof attack with Python3+ Compatability A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them … Read more

Androguard – Python tool to play with Android files

androguard

Androguard Features Androguard is a full python tool to play with Android files. DEX, ODEX APK Android’s binary xml Android resources Disassemble DEX/ODEX bytecodes Decompiler for DEX/ODEX files 1. Authors: Androguard Team Androguard + tools: Anthony Desnos (desnos at t0t0.fr). DAD (DAD is A Decompiler): Geoffroy Gueguen (geoffroy dot gueguen at gmail dot com) 2. … Read more

KnockMail – Verify if email exists

knockmail

KnockMail Verify if email exists Copyright 2017 KnockMail Written by: * Alisson Moretto – 4w4k3 Twitter: @4w4k3Official Cloning: git clone https://github.com/4w4k3/KnockMail.git Running: cd KnockMail sudo su pip install -r requeriments.txt python knock.py If you have another version of Python: python2.7 knock.py Screen DISCLAIMER: “DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE … Read more

BeeLogger – Generate Gmail Emailing Keyloggers to Windows

beelogger

BeeLogger Generate Gmail Emailing Keyloggers to Windows. Copyright 2017 BeeLogger Written by: * Alisson Moretto – 4w4k3 Twitter: @4w4k3Official TOOL DESIGNED TO GOOD PURPOSES, PENTESTS, DON’T BE A CRIMINAL ! Only download it here, do not trust in other places. NOTE: BeeLogger just have official support for latin languages in this moment. HOW TO INSTALL: … Read more

Umbrella – A Phishing Dropper designed to Pentest

Phishing Dropper

Umbrella Dropper Phishing Dropper Phishing Dropper Copyright 2017 Umbrella Written by * Alisson Moretto – 4w4k3 Umbrella is a file dropper dedicated to pentest, its download files on the target system execute them without a double execution of exe, only of the embed. To compromise the same target again, you need to delete this folder … Read more

WiFi Frequency Hacker – Regulatory Domain Configuration That Doesn’t Limit You

wifi

wifi-frequency-hacker A modified frequency regulatory domain configuration that doesn’t limit you. Overview Different countries enforce different frequency restrictions on the various wifi channels. This can be a pain if your card/OS is forcing you into a different configuration than the one you need. There are numerous reasons why this may be happening. From drivers favouring … Read more

SCUTUM – Linux ARP (TCP / UDP / ICMP) Firewall Automatic Controller

scutum-firewall

SCUTUM Firewall Linux ARP (TCP / UDP / ICMP) Firewall Automatic Controller Current Version: 2.4.3 Current Version Change log: Added option to choose whether to delete the installer file after installation Fixed arptables detection errors on some Linux distributions Fixed some bugs that is unnoticeable 😀 TODO: Use a class to control network interfaces individually … Read more

Google Dorks Find Vulnerable WordPress Sites

Google Dorks Find Vulnerable Wordpress Sites

Google Dorks Find Vulnerable WordPress Sites Welcome to HackingVision, in this article we will learn how to use Google Dorks to find information about a WordPress website. Google Dorks  Find Vulnerable WordPress Sites WordPress is one of the most popular blogging applications in the world and its easy to install. This can make WordPress a … Read more

WordSteal – Steal NTML Hashes From Remote Computer

WordSteal

WordSteal – Steal NTML Hashes From Remote Computer WordSteal This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes. The author does not keep responsibility for any illegal action you do. WordSteal This script will create a POC that will steal NTML hashes … Read more

SSL Kill – Forced Man-In-The-Middle HTTPs-Avoiding Transparent Proxy

Avoiding Transparent Proxy

SSL Kill – Forced Man-In-The-Middle HTTPs-Avoiding Transparent Proxy Avoiding Transparent Proxy SSL Kill is a forced man-in-the-middle transparent proxy that modifies HTTP requests and responses in order to avoid SSL and HSTS, to achieve that, it uses a two-way ARP spoofing plus a forced DNS resolver that redirects all name server queries to the attacker … Read more

GonnaCry – Linux Ransomware That Encrypts All User Files

linux-pad-lock

Read our disclaimer before you continue. This tool is only provided as a convince any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors of hackingvision.com will … Read more

Windows crypto-ransomware POC

Ransomware

Windows crypto-ransomware POC Credits: mauri870 Note: This project is purely academic, use at your own risk. I do not encourage in any way the use of this software illegally or to attack targets without their previous authorization The intent here is to disseminate and teach more about security in the actual world. Remember, security is … Read more