Collaborate Disseminate
CapTipper is a Python tool to explore malicious HTTP traffic, it can also help analyse and revive captured sessions from PCAP files. It sets up a web server that acts exactly as the server in the PCAP file and contains internal tools with a powerful interactive console for analysis and inspection of the hosts, objects […]
The post CapTipper…
Read the full post at darknet.org.uk
SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain brute-forcing tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity, as SubBrute does not send traffic directly […]
The…
Read the full post at darknet.org.uk
Hacking into computer, networks and websites could easily land you in jail. But what if you could freely test and practice your hacking skills in a legally safe environment?
Facebook just open-sourced its Capture The Flag (CTF) platform to encourage s… Continue reading Facebook Open Sources its Capture the Flag (CTF) Platform
WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary. You can override or include your own headers, it has SOCKS and […]
The post WAFW00F…
Read the full post at darknet.org.uk
Continue reading WAFW00F – Fingerprint & Identify Web Application Firewall (WAF) Products
IPGeoLocation is a Python based tool designed to retrieve IP geolocation information from the ip-api service, useful for building into your security tools. Do be aware that as this tool is leveraging a 3rd party API, you will be limited to 150 requests a minute. Whilst that is quite a lot, just be wary of […]
The post IPGeoLocation –…
Read the full post at darknet.org.uk
Continue reading IPGeoLocation – Retrieve IP Geolocation Information
DNSRecon is a Python based DNS enumeration script designed to help you audit your DNS security and configuration as part of information gathering stage of a pen-test. DNS reconnaissance is an important step when mapping out domain resources, sub-domains, e-mail servers and so on and can often lead to you finding an old DNS entry […]
The…
Read the full post at darknet.org.uk
Responder is an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: NetBIOS Suffixes). By default, the tool will only answer to File Server Service request, which is for SMB. The concept behind this is to target our answers, and be stealthier on […]
The post…
Read the full post at darknet.org.uk
Continue reading Responder – LLMNR, MDNS and NBT-NS Poisoner
BetterCAP is a powerful, modular, portable MiTM framework that allows you to perform various types of Man-In-The-Middle attacks against the network. It can also help to manipulate HTTP and HTTPS traffic in real-time and much more. BetterCap has some pr… Continue reading BetterCap – Modular, Portable MiTM Framework
DIRB is a Web Content Scanner AKA a domain brute-forcing tool. It looks for existing (and/or hidden) Web Objects, it works by launching a dictionary based attack against a web server and analysing the responses. DIRB comes with a set of preconfigured attack word-lists for easy usage but you can use your custom word-lists. Also […]
The post…
Read the full post at darknet.org.uk
Linset is an Evil Twin Attack Bash script with everything built in (multi-lingual web page, DHCP, DNS server with redirect fake AP etc) so it has a bunch of dependencies, and it’s in Spanish. But other than that, it’s pretty cool. It’s also a recursive acronym – Linset Is Not a Social Enginering Tool. There […]
The post Linset – Evil…
Read the full post at darknet.org.uk