INURLBR is a PHP based advanced search engine tool for security professionals, it supports 24 search engines and 6 deep web or special options. Very useful for the information gathering phase of a penetration test or vulnerability assessment.
This tool functions in many ways enabling you to harness the power of what’s already indexed by the search engines and analyse your target for potential exploits, capture E-mails and URLs with internal custom validation for each target/URL found.
Also supports external commands for exploitation, so if your scan/search finds a potential validated SQL Injection vulnerability, you could have INURLBR directly launch
sqlmap or your tool of choice.
Features
- Generate IP ranges or random_ip and analyse the targets.
- Customization of HTTP-HEADER, USER-AGET, URL-REFERENCE.
- Execute external commands to exploit certain targets.
- Generate random dorks or set dorks file.
- Option to set proxy manually or from a file list.
- Supports both SOCKS and HTTP proxies
- Set time for proxy change when using random.
- Supports TOR to randomise IP.
- Debug processed URLs & HTTP requests.
- Can send vulnerable URLs to an IRC chat room.
- Support for GET / POST => SQLI, LFI, LFD injection exploits.
- Filter and validate based on regexp.
- Extraction of e-mail addresses and URLs.
- Validation using HTTP response codes.
- Search pages based on strings file.
- Exploits commands manager.
- Paging limiter on search engines.
- Beep sound when a vulnerability is found.
- Use text file as a data source for URLs to test.
- Find personalized strings in return values of the tests.
- Checks and validates for Shellshock.
- File validation for the WordPress config file – wp-config.php.
- Can execute a sub-process for validation.
- Validate syntax errors for databases and programming.
- Data encryption as native parameter.
- Random Google host.
- Scan port.
Search Engines/Methods Supported
- Google / (CSE) generic random / API
- Bing
- Yahoo! BR
- Ask
- HAO123 Br
- Google (API)
- Lycos
- UOL Br
- Yahoo! US
- Sapo
- Dmoz
- Gigablast
- Never
- Baidu BR
- Andex
- Zoo
- Hotbot
- Zhongsou
- Hksearch
- Ezilion
- Sogou
- DuckDuckGo
- Boorow
- Google (CSE) generic random
Special
- Tor Find
- Elephant
- Torsearch
- Wikileaks
- OTN
- Shodan
Errors Checked For
- Java Infinitydb
- LFI
- Zimbra mail
- Zend framework
- MariaDB
- MySQL
- Jbossweb
- Microsoft
- ODBC
- PostgreSQL
- PHP
- WordPress
- Web Shell
- JDBC
- ASP
- Oracle
- DB2
- CFM
- LUA
You can download INURLBR by cloning the Github repo:
|
|
git clone https://github.com/googleinurl/SCANNER-INURLBR.git inurlbr
|
Or read more here.
April 9, 2016 | 1,498 views
DNSRecon is a Python based DNS enumeration script designed to help you audit your DNS security and configuration as part of information gathering stage of a pen-test. DNS reconnaissance is an important step when mapping out domain resources, sub-domains, e-mail servers and so on and can often lead to you finding an old DNS entry pointing to an unmaintained, insecure server.
It’s also considered passive information gathering, as it’s a way to gather a map of company/target resources without alerting IDS/IPS systems by doing active probes/scans.
Features
DNSRecon provides the ability to perform:
- Check all NS Records for Zone Transfers
- Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
- Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
- Check for Wildcard Resolution
- Brute Force subdomain and host A and AAAA records given a domain and a wordlist
- Perform a PTR Record lookup for a given IP Range or CIDR
- Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
- Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google
Usage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
root@box:~# dnsrecon -h
Usage: dnsrecon.py
Options:
-h, --help Show this help message and exit
-d, --domain Domain to Target for enumeration.
-r, --range IP Range for reverse look-up brute force in formats (first-last)
or in (range/bitmask).
-n, --name_server Domain server to use, if none is given the SOA of the
target will be used
-D, --dictionary Dictionary file of sub-domain and hostnames to use for
brute force.
-f Filter out of Brute Force Domain lookup records that resolve to
the wildcard defined IP Address when saving records.
-t, --type Specify the type of enumeration to perform:
std To Enumerate general record types, enumerates.
SOA, NS, A, AAAA, MX and SRV if AXRF on the
NS Servers fail.
rvl To Reverse Look Up a given CIDR IP range.
brt To Brute force Domains and Hosts using a given
dictionary.
srv To Enumerate common SRV Records for a given
domain.
axfr Test all NS Servers in a domain for misconfigured
zone transfers.
goo Perform Google search for sub-domains and hosts.
snoop To Perform a Cache Snooping against all NS
servers for a given domain, testing all with
file containing the domains, file given with -D
option.
tld Will remove the TLD of given domain and test against
all TLD's registered in IANA
zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.
-a Perform AXFR with the standard enumeration.
-s Perform Reverse Look-up of ipv4 ranges in the SPF Record of the
targeted domain with the standard enumeration.
-g Perform Google enumeration with the standard enumeration.
-w Do deep whois record analysis and reverse look-up of IP
ranges found thru whois when doing standard query.
-z Performs a DNSSEC Zone Walk with the standard enumeration.
--threads Number of threads to use in Range Reverse Look-up, Forward
Look-up Brute force and SRV Record Enumeration
--lifetime Time to wait for a server to response to a query.
--db SQLite 3 file to save found records.
--xml XML File to save found records.
--iw Continua bruteforcing a domain even if a wildcard record resolution is discovered.
-c, --csv Comma separated value file.
-v Show attempts in the bruteforce modes.
|
You can download DNSRecon here:
April 7, 2016 | 1,946 views
The HUGE news this week is the Panama Papers leak, a massive cache of 11.5 million documents leaked to a German Newspaper (Süddeutsche Zeitung) in August 2015. It’s one of the most significant data leaks of all time and Edward Snowden has labelled it as “the biggest leak in the history of data journalism”. It’s also pretty huge at about 2.6TB of data, was leaked anonymously without any payment and goes all the way back to the 1970s.
The Panama Papers are a leaked set of 11.5 million confidential documents that provide detailed information about more than 214,000 offshore companies listed by the Panamanian corporate service provider Mossack Fonseca, including the identities of shareholders and directors of the companies.
The documents show how wealthy public officials hide their money and identify current government leaders from five countries – Argentina, Iceland, Saudi Arabia, Ukraine, and the United Arab Emirates – as well as government officials, close relatives, and close associates of various heads of government of more than forty other countries, including Brazil, the People’s Republic of China, Peru, France, India, Malaysia, Mexico, Pakistan, Romania, Russia, South Africa, Spain, Syria, and the United Kingdom.
The firm involved, Mossack Fonseca is obviously back-pedalling hard and has registered a domain and designed a website just for their press statement:
http://mossfonmedia.com/
But the ripples are already kicking in, with the PM of Iceland resigning and a lot of others countries, organisations (including FIFA) and political families finding themselves in hot water.
Iceland’s prime minister has stepped down – the first major casualty of the leaked Panama Papers that have shone a spotlight on offshore finance.
The leaks, from Panama-based law firm Mossack Fonseca, showed Sigmundur Gunnlaugsson owned an offshore company with his wife but had not declared it when he entered parliament.
He is accused of concealing millions of dollars’ worth of family assets. Mr Gunnlaugsson says he sold his shares to his wife and denies any wrongdoing.
Yah sold to his wife for $1, convenient right?
There’s all kinds of other reactions too with France adding Panama back to the list of countries that doesn’t comply with tax, China completely censoring all mentions of the Panama Papers country-wide and the head of the anti-corruption watchdog in Chile also stepping down after being implicated (ironic much?).
Plenty of other scandals are dropping out of the docs too as they get investigated further and linked together, tracing links between complex multi-layer, multi-country financial transactions.
Thirty three of its clients have been blacklisted by the US government for allegedly doing business with Mexican drug lords, terrorist organisations and “rogue nations” like North Korea and Iran. Its files have unearthed a secret, shady $2 billion (£1.3 billion) trail of money that leads to Vladimir Putin. One of its clients played a crucial role in the Watergate scandal. Another was convicted for the torture and murder of a US drug enforcement agent.
Mossack Fonseca appears to have claimed that the hack happened on their e-mail server, which makes me wonder – what kind of e-mail server do they have that stores 11.5 million documents? And documents going all the way back to the 1970s?
That’s one hell of an e-mail server.
There’s definitely going to be a lot of articles written about this, a lot of discussions on this and much more to come as the ICIJ haven’t even gone through ALL the documents yet. There may be further implications coming soon.
For now, it’s an interesting drama to watch unfold.
April 5, 2016 | 1,470 views
Phishing Frenzy is an Open Source Ruby on Rails e-mail phishing framework designed to help penetration testers manage multiple, complex phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. This goal is obtainable through campaign management, template reuse, statistical generation, and other features the Frenzy has to offer.
Leveraging the Twitter Bootstrap CSS library Phishing Frenzy is presented with an elegant front end that feels comfortable. Manage your phishing campaign with ease while looking good.
There are of course other frameworks and tools available too such as:
How It Works
Email Phishing in it’s simplest form consists of three (3) primary components.
- Sending Emails
- Hosting Websites
- Tracking Analytics
There obviously are more complex forms of email phishing that include additional components, but for the sake of our conversation we are going to break it up to this simple structure.
Features
- Website Cloning
- E-mail Harvesting
- Credential Harvesting
- UID tracking for users
- Reporting and Analytics
- Action Mailer
- Dynamic E-mails
- Preview E-mails
- Sharing Templates
- DataTables
- Export XML
- PDF Reports
You can download Phishing Frenzy by cloning the Github repo:
|
|
sudo git clone https://github.com/pentestgeek/phishing-frenzy.git /var/www/phishing-frenzy
|
0 Comment:
Đăng nhận xét
Thank you for your comments!