Like OSXcollector, but for Windows. Collects information on a host for later analyzation. https://www.fireeye.com/services/freeware/redline.html
osxcollector http://yelp.github.io/osxcollector/ Stand alone python script. Execute it on a Mac which should be analysed. It creates an archive with “everything” interessting which the victim can hand over an expert. See redline for Windows
See also the Wireshark post PSnuffle Metasploit module; analyse the live traffic for credentials of various protocols. msf > use auxiliary/sniffer/psnuffle PCredz PCredz uses a PCAP file and extracts hashes and other credentials. pcredz -f dump.pcap Zeek GitHub — zeek/zeek: Zeek is a powerful network analysis framework that is much different from the typical IDS you…
Sniffing and live content filtering. Operation modes: Unified: sniffs all packets from one interface. Packets for an attack host are ending here, but are directly forwarded after receiving Bridget: Forwards traffic from one interface to another. Absolutely secret because there is really no one “between the cable” Usage ettercap OPTIONS TARGET1 TARGET2 Targets are defined as MAC/IPv4s/IPv6s/PORT…
Passive OS fingerprinting http://tools.kali.org/information-gathering/p0f
Distributed port scanning. Install dnmap_client on many machines and install one dnsmap_server. The server controls the clients to split port scans. http://tools.kali.org/information-gathering/dnmap
Active Information Gathering tool. See http://tools.kali.org/information-gathering/dmitry
Analyses SSL https://github.com/nabla-c0d3/sslyze python ‑m sslyze –regular URL
=> https://www.exploit-db.com/google-hacking-database => https://ahrefs.com/blog/google-advanced-search-operators/ => https://searchdns.netcraft.com/ Github Search for file names within repos of users: user:megacorpone filename:users Tools Google Looking for directory listings: site:URL intitle:index.of Looking for configuration files: site:URL ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini Looking for datebase files: site:URL ext:sql | ext:dbf |…
Enumeration Github wpscan --url $target Maybe an API token could be useful — then, the WordPress Vulnerability Database is used. Login brute force hydra -l thinc -P best110.txt 10.11.1.234 -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' Check users: http://spectra.htb/main/?author=1 http://spectra.htb/main/?author=2 … Most beautiful wordpress plugin XSS injection If there is a way to inject code somewhere (e.g. via a plugin)…
Web server scanner ./nikto.pl ‑host <IP> scans a host and creates a report with details and possible vulnerabilities. Interesting parameters: -evasion [12345678AB] (see options) -mutate (see options) -Pause -Save -T (see options)
Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.
Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.
python -c 'import pty;pty.spawn("/bin/bash")';
python3 -c 'import pty;pty.spawn("/bin/bash")';