Intro
Written in Python, sends deauth packets to a wifi network which results network outage for connected devices. Uses scapy module to send deauth packets and sniffs wifi. Know more about Deauthentication Attack

wifi-deauth-attack

Required Tools
+ python 2.7.x
+ aircrack-ng (apt-get install aircrack-ng)
+ scapy (Python Module:apt-get install python-scapy)

How to run?We can actually run in 3 ways:
1. sudo python deauth.py. It will automatically creates mon0 with airmon-ng start wlan0(it wont create, if already exists) and sniffs the wifi singal on that interface. After few seconds, it will displays the SSID and its MAC to choose
2. sudo python deauth.py XX:YY:AA:XX:YY:AA. MAC address as command line argument. In this case, there is no need to sniff wifi.
3. export DEAUTH=XX:YY:AA:XX:YY:AA && sudo python deauth.py. MAC address as environmental variables.

Use and Download:

git clone https://github.com/veerendra2/wifi-deauth-attack && wifi-deauth-attack
python deauth.py

Source: https://github.com/veerendra2

[!]Remember: this tool is NOT for educational purpose.
Usage of UFONet for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws.
Developers and Seclist author assume no liability and are not responsible for any misuse or damage caused by this program.

Latest Change ufonet v0.8 7/12/2016:
+ fixing xml-rpc + adding packaging support.

UFONet – is a free software tool designed to test DDoS attacks against a target using ‘Open Redirect’ vectors on third party web applications like botnet.

ufonet console

UFONet abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Installing:

UFONet runs on many platforms. It requires Python (2.x.y) and the following libraries:
python-pycurl - Python bindings to libcurl
python-geoip - Python bindings for the GeoIP IP-to-country resolver library

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
pip install geoip 
pip install requests
pip install pycrypto


On Debian-based systems (ex: Ubuntu), run:
sudo apt-get install python-pycurl python-geoip python-crypto
git clone https://github.com/epsylon/ufonet
cd ufonet/ufonet
./ufonet -h or --gui(for GUI)

Upgrade

Examples:
+ with verbose: ./ufonet -t zombies.txt -v
+ with proxy TOR: ./ufonet -t zombies.txt –proxy=”http://127.0.0.1:8118″
+ with threads: ./ufonet -t zombies.txt –threads 50

Usage:

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet

Source : https://github.com/epsylon/ufonet | Our Post Before Download stable version: ufonet-v0.8.zip (443.9 kB)

LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remmember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

Changelog backdoorme 8/12/2016:
+ backdoors; python 3.5 for travis, fixed mixed tabs/spaces.
+ target.py, requirements.txt, start.py, modules; python3 support, howto install using virtualenv.
+ compatible with python 2.7
+ python3 support, howto install using virtualenv.

Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.
Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and deploy any backdoors. In the future, this reliance will be removed as the tool is expanded.

backdoorme

Backdoors are organized by category:
+ Auxiliary
*** keylogger – Adds a keylogger to the system and gives the option to email results back to you.
*** simplehttp – installs python’s SimpleHTTP server on the client.
+ user – adds a new user to the target.
*** web – installs an Apache Server on the client.
+ Escalation
*** setuid – the SetUID backdoor works by setting the setuid bit on a binary while the user has root acccess, so that when that binary is later run by a user without root access, the binary is executed with root access. By default, this backdoor flips the setuid bit on nano, so that if root access is ever lost, the attacker can SSH back in as an unpriviledged user and still be able to run nano (or any chosen binary) as root. (‘nano /etc/shadow’). Note that root access is initially required to deploy this escalation backdoor.
*** shell – the shell backdoor is a priviledge escalation backdoor, similar to (but more specific than) it’s SetUID escalation brother. It duplicates the bash shell to a hidden binary, and sets the SUID bit. Note that root access is initially required to deploy this escalation backdoor. To use, while SSHed in as an unpriviledged user, simply run “.bash -p”, and you will have root access.
+ Shell
*** bash – uses a simple bash script to connect to a specific ip and port combination and pipe the output into bash.
*** bash2 – a slightly different (and more reliable) version of the above bash backdoor which does not prompt for the password on the client-side.
*** metasploit – employs msfvenom to create a reverse_tcp binary on the target, then runs the binary to connect to a meterpreter shell.
*** netcat – uses netcat to pipe standard input and output to /bin/sh, giving the user an interactive shell.
*** netcat_traditional – utilizes netcat-traditional’s -e option to create a reverse shell.
*** perl – a script written in perl which redirects output to bash, and renames the process to look less conspicuous.
*** php – runs a php backdoor which sends output to bash. It does not automatically install a web server, but instead uses the web module
*** pupy – uses n1nj4sec’s Pupy backdoor, found at https://github.com/n1nj4sec/pupy.
*** python – uses a short python script to perform commands and send output back to the user.
*** web – ships a web server to the target, then uploads msfvenom’s php reverse_tcp backdoor and connects to the host. Although this is also a php backdoor, it is not the same backdoor as the above php backdoor.
+ Access
*** remove_ssh – removes the ssh server on the client. Often good to use at the end of a backdoorme session to remove all traces.
*** ssh_key – creates RSA key and copies to target for a passwordless ssh connection.
*** ssh_port – Adds a new port for ssh.
+ Windows
*** windows – Uses msfvenom to create a windows backdoor.

Modules include:
* Poison
+-+ Performs bin poisoning on the target computer – it compiles an executable to call a system utility and an existing backdoor.
+-+ For example, if the bin poisoning module is triggered with “ls”, it would would compile and move a binary called “ls” that would run both an existing backdoor and the original “ls”, thereby tripping a user to run an existing backdoor more frequently.
* Cron
+-+ Adds an existing backdoor to the root user’s crontab to run with a given frequency.
* Web
+-+ Sets up a web server and places a web page which triggers the backdoor.
+-+ Simply visit the site with your listener open and the backdoor will begin.
* User
+-+ Adds a new user to the target.
* Startup
+-+ Allows for backdoors to be spawned with the bashrc and init files.
* Whitelist
+-+ Whitelists an IP so that only that IP can connect to the backdoor.

Requirement:
+ All Linux Support
+ Metasploit Framework

Usage and Download from source:

howto install using virtualenv:
sudo apt-get install python3 python3-pip python3-tk nmap
cd backdoorme/
pip3 install virtualenv
virtualenv --python=python3.5 env
source env/bin/activate

git clone https://github.com/Kkevsterrr/backdoorme && cd backdoorme
(env) $ pip install -r requirements.txt
python master.py

Upgrade: git pull

Source: https://github.com/Kkevsterrr | Our Post Before

Changelog Mara Framework version: 0.2.2 beta 8/12/2016:
* Requirement at setup.sh update
* Feature Update:
+ Domain Analysis
+-+ Domain SSL scan via pyssltest and testssl
+-+ Website fingerprinting via whatweb
+ APK Reverse Engineering
+-+ Disassembling Dalvik bytecode to java bytecode via enjarify
+-+ Decompiling APK to Java source code via jadx
+ APK Analysis
+-+Analyze apk for potential malicious behaviour via androwarn
+-+ Identify compilers, packers and obfuscators via APKiD
+ Security Analysis
+-+ Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist.

Mara v0.2.2

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.

Features supported:
* APK Reverse Engineering
+ Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
+ Disassembling Dalvik bytecode to java bytecode via enjarify
+ Decompiling APK to Java source code via jadx

* APK Deobfuscation
+ APK deobfuscation via apk-deguard.com

* APK Analysis
+ Parsing smali files for analysis via smalisca
+ Dump apk assets,libraries and resources
+ Extracting certificate data via openssl
+ Extract strings and app permissions via aapt
+ Identify methods and classes via ClassyShark
+ Scan for apk vulnerabilities via androbugs
+ Analyze apk for potential malicious behaviour via androwarn
+ Identify compilers, packers and obfuscators via APKiD
+ Extract execution paths, IP addresses, URL, URI, emails via regex

* APK Manifest Analysis
+ Extract Intents
+ Extract exported activities
+ Extract receivers
+ Extract exported receivers
+ Extract Services
+ Extract exported services
+ Check if apk is debuggable
+ Check if apk allows sending of secret codes
+ Check if apk can receive binary SMS

* Domain Analysis
+ Domain SSL scan via pyssltest and testssl
+ Website fingerprinting via whatweb

* Security Analysis
+ Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist

Use and Download from source:

git clone --recursive https://github.com/xtiankisutsa/MARA_Framework && cd Mara_Framework
sudo ./setup.sh
sudo ./mara.sh

Update
sudo ./update.sh

Source: https://github.com/xtiankisutsa | Our Post Before

jammer is A Bash script to automate the continuous circular deauthentication of all the wifi networks in your reach. Keep in mind that it is generally illegal to use the script at your neihborhood, It is designed for pen-testing purposes.

jammer v0.4

Dependencies and platform :
+ airmon-ng/aircrack-ng
+ all linux platform support.

Usage:

git clone https://github.com/billpcs/jammer && cd jammer
sudo ./jammer -y -s -d 20 -f whitelist.txt
please edit whitelist.txt before run

Source: https://github.com/billpcs

CloakifyFactory is a menu-driven tool that leverages Cloakify Toolset scripts. When you choose to Cloakify a file, the scripts first Base64-encode the payload, then apply a cipher to generate a list of strings that encodes the Base64 payload. You then transfer the file however you wish to its desired destination. Once exfiltrated, choose Decloakify with the same cipher to decode the payload.

NOTE: Cloakify is not a secure encryption scheme. It’s vulnerable to frequency analysis attacks. Use the ‘Add Noise’ option to add entropy when cloaking a payload to help degrade frequency analysis attacks. Be sure to encrypt the file prior to cloaking if secrecy is needed.
The supporting scripts (cloakify.py and decloakify.py) can be use as standalone scripts. Very small, simple, clean, portable. For scenarios where infiltrating the full toolset is impractical, you can quickly type the standalone into a target’s local shell, generate a cipher in place, and cloakify -> exfiltrate.

cloakify

Use py2exe if Windows target lacks Python. (http://www.py2exe.org/)

Prepackaged ciphers include lists of:
+ Amphibians (scientific names)
+ Belgian Beers
+ Desserts in English, Arabic, Thai, Russian, Hindi, Chinese, Persian, and Muppet (Swedish Chef)
+ Emoji
+ evadeAV (smallest cipher space, x3 payload size)
+ GeoCoords World Capitals (Lat/Lon)
+ GeoCaching Coordinates (w/ Site Names)
+ IPv4 Addresses of Popular Websites
+ MD5 Password Hashes
+ PokemonGo Monsters
+ Ski Resorts
+ Status Codes (generic)
+ Star Trek characters
+ Top 100 Websites
+ World Beaches
+ World Cup Teams

Prepackaged scripts for adding noise / entropy to your cloaked payloads:
+ prependEmoji.py: Adds a randomize emoji to each line
+ prependID.py: Adds a randomized ID tag to each line
+ prependLatLonCoords.py: Adds randomized LatLong coordinates to each line
+ prependTimestamps.py: Adds timestamps (log file style) to each line

Create Your Own Cipers
Cloakify Factory is at its best when you’re using your own customized ciphers. The default ciphers may work for most needs, but in a unique exfiltration scenario you may need to build your own. At the very least, you can copy a prepackaged cipher and randomize the order.
Creating a Cipher:
– Generate a list of at least 66 unique words / phrases / symbols (Unicode accepted)
– Remove all duplicate entries and all blank lines
– Randomize the list order
– Place in the “ciphers/” subdirectory
– Re-run CloakifyFactory and it will automatically load your new cipher as an option
– Test cloaking / decloaking with new cipher before using operationally

Requirements:
+ Python 2.7.x

Usage:

git clone https://github.com/TryCatchHCF/Cloakify && cd Cloakify
./cloakifyFactory.py

Source: https://github.com/TryCatchHCF

Introduction
Metasploit is a great suite for penetration testing. However, I tend to find it a hassle to create a payload utilizing Metasploit’s msfvenom, and created this project in order to automate that process.

Dependencies
+ Metasploit
+ Python 2.7.x
+ Git

Note: All Operating System Support

pypayload

Payload Options:
(1) windows/meterpreter/reverse_tcp
(2) windows/meterpreter/bind_tcp
(3) windows/meterpreter/reverse_http
(4) windows/meterpreter/reverse_https
(5) windows/shell/reverse_tcp
(6) windows/shell/bind_tcp
(7) windows/shell/reverse_http
(8) windows/shell/reverse_https
(9) windows/vncinject/reverse_tcp
(10) windows/vncinject/bind_tcp
(11) windows/vncinject/reverse_http
(12) windows/vncinject/reverse_https
(13) windows/dllinject/reverse_tcp
(14) windows/dllinject/bind_tcp
(15) windows/dllinject/reverse_http
(16) windows/dllinject/reverse_https

Usage:

git clone https://github.com/ex0dus-0x/pypayload && cd pypayload
python pypayload.py

Source: https://github.com/ex0dus-0x

Changelog wifiphisher v1.2:
* -aI and –nojamming can be used in conjuction.
* Web server now starts after DHCP [@sophron]
* Support logging of multiple POST values [@sophron]
* Include some ASCII art [@sophron]
* Introduced ‘phishinghttp’ module and fixed bugs on HTTP server [@sophron]
* Users may now interactively choose the scenario they wish [@blackHatMonkey]
* Included an impoved algorithm for detecting and using two of the available network interfaces. [@blackHatMonkey]
* Introduced –presharedkey option. Users may now create Evil Twin against password-protected networks. [@sophron]
* Introduced “Browser Plugin Update” scenario. [@V1V1]
* Packaged the project. Dependencies can now be automatically installed with setup.py. [@sophron]
* Added the feature to detect AP vendor based on BSSID. [@lvrach]
* Included template engine. [@lvrach]
* Fixed issues on Ubuntu. [@lvrach]
* Fixed issues on Arch Linux. [@gtklocker]
* Included PyRIC project. [@blackhatMonkey]
* Introduced –essid option. This will skip the AP selection phase. [@sophron]
* Introduced –nojamming option. This will turn off deauthentication. [@sophron]
* Introduced new OAuth template. [@sophron]
* Introduced new “Wi-Fi Connect” template. [@dionyziz]

wifiphisher v1.2

Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.

Fast automated phishing attacks against WPA networks

From the victim’s perspective, the attack makes use in three phases:
– Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
– Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
– Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.
Requirements :
– Kali Linux.
– Two network interfaces, one wireless.
– A wireless card capable of injection.

USAGE : 

git clone https://github.com/sophron/wifiphisher
cd wifiphisher
python wifiphisher.py -h (for helper)

update:
cd wifiphisher
git pull

Download:   v1.2.zip  | v1.2.tar.gz | or clone url

Source : https://github.com/sophron/wifiphisher | Our Post before

iOSSecAudit is python script for iOS App security auditing tools and iOS reverse engineering.

With Function:
+ abr: application binary cookie reader.
+ ab: analyze binary and print result.
+ aca: import cert to device.
+ br: binary cookie reader.
+ cipa: crack ipas in path and save decrypted ipa in path.
+ clche: clear local cache files.
+ clzdp: class dump an application.
+ cycript: run a cycript file in an application.
+ fus: fuzz url schema.
+ gdb: grep pattern in a db file.
+ ssh: connect to device with ssh.
+ usb: ssh device over usb(Max OS X support only).
+ sd: show application detail.
+ etc…

iOSSecAudit

Requirement:
+ Mac OS X, Debian 8, Ubuntu 14.04.5

Dependencies:
+ python2.7.x
+ Paramiko, Prettytable, Numpy Python Module.

device env prepare
– jailbreak iOS device
– install cycript in Cydia
Usage and download from source:

sudo easy_install pip
sudo pip install paramiko
easy_install prettytable or easy_install -U prettytable
xcode-select --install, select install, then "agre..."
"brew install libimobiledevice", if don't have homebrew ,install it first: "ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null"
git clone https://github.com/alibaba/iOSSecAudit.git && cd iOSSecAudit
cd /path/to/iOSSecAudit, "python main.py"

Source: https://github.com/alibaba

Changelog ruler v2.0 12/12/2016:
+ Fix a bug that was causing rpc with –encrypt to fail for some mailboxes. Issue was with padding on the AUTH3 packet
+ Fix conflict
Binaries version changelog
+ New interface
+ Support for both RPC/HTTP and MAPI/HTTP
+ Pass-the-hash support

ruler v2.0

Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules.
Ruler has multiple functions and more are planned. These include
* Enumerate valid users
* View currently configured mail rules
* Create new malicious mail rules
* Delete mail rules
Ruler attempts to be semi-smart when it comes to interacting with Exchange and uses the Autodiscover service (just as your Outlook client would) to discover the relevant information.

Features:
+ Brute-force for credentials
+ The autodiscover service
+ PtH – Passing the hash
+ Display existing rules / verify account
+ Delete existing rules (clean up after yourself)
+ Popping a shell
+ Semi-Autopwn
Use, download and build from source:

git clone https://github.com/sensepost/ruler && cd ruler
go get github.com/sensepost/ruler
go get github.com/urfave/cli
go get github.com/staaldraad/go-ntlm/ntlm
go build
./ruler

Upgrade: git pull

Download: ruler-linux32  | ruler-linux64  | ruler-osx64
Source: https://github.com/sensepost

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs, such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more.

The available object/class are the following:
+ PJFServer – User to start and stop built-in HTTP and HTTPS servers
+ PJFProcessMonitor – Used to monitor process crash, it will automatically restart proccess each time it crash
+ PJFTestcaseServer – The testcase server is used in conjunction with PJFProcessMonitor, whenever a process crash the testcase server will register and store the JSON which cause the crash
+ PJFFactory – It’s the main object used to do the real fuzz of JSON objects
+ PJFConfiguration – It’s the configuration file for each of the available objects
+ PJFExternalFuzzer – Used by PJFactory is a auxiliary class which provide an interface to other command line fuzzer such as radamsa
+ PJFMutation – Used by PJFFactory provide all the mutation used during fuzzing session
+ PJFExecutor – Provides an interface to interact with external process

PyJFuzz – Python JSON Fuzzer

Features:
* JSON object to fuzz
* Fuzzing level in the range 0-6
* Set whenever to use binary from “command” as an externale fuzzer
* Command to execute each paramester is a list element, you could use shlex.split from python
* Techniques “CHPTRSX”
C – Command Execution
H – Header Injection
P – Path Traversal
T – Template Injection
R – Random Characters
S – SQL Injection
X – XSS
* automatic browser fuzzing session.
* automatic web fuzzing session.

Usage and install:

git clone https://github.com/mseclab/PyJFuzz.git && cd PyJFuzz && sudo python setup.py install

Source: https://github.com/mseclab

LEGAL DISCLAMER:
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent its illegal and punished by law.

morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host…

workflow:
1º – attacker -> arp poison local lan (mitm)
2º – target -> requests webpage from network (wan)
3º – attacker -> modifies webpage response (contents)
4º – attacker -> modified packet its forward back to target host

morpheus ships with some pre-configurated filters but it will allow users to improve them when lunching the attack (morpheus scripting console). In the end of the attack morpheus will revert the filter back to is default stage, this will allow users to improve filters at running time without the fear of messing with filter command syntax and spoil the filter.

morpheus

Framework limitations:
1º – morpheus will fail if target system its protected againt arp poison atacks
2º – downgrade attacks will fail if browser target as installed only-https addon’s
3º – target system sometimes needs to clear netcache for arp poison to be effective
4º – many attacks described in morpheus may be droped by target HSTS detection sys.

Dependencies:
+ Nmap
+ Zenity
+ Ettercap
+ Apache2

Use and Download:

git clone https://github.com/r00t-3xp10it/morpheus && morpheus
./morpheus.sh

Source: https://github.com/r00t-3xp10it/morpheus

Changelog ExploitPack RoadHog v7.0:
* New Exploit:
+ XM Easy Personal FTP Server <= v5.30 Remote Format String Write4 Exploit
+ JS payload: Localhost-mZb7zr6L5z5T8xF.js
* All Class Changes
* Fixed infinite loop and preferences (nmap bug).
* GUI Fixes.

RoadHog v0.7

ExploitPack has been designed by an experienced team of software developers and exploit writers to automate processes so that penetration testers can focus on what’s really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining technical know-how with true insight into the problem set, resulting in more efficient solutions for cyber security surveillance.

Latest change 9/1/2016: Check for interpreter path

========================
Installation notes:
========================

Windows:
Download and install Java 8 from Oracle:
Windows Java SE Java 8 for 32 bits or Java 8 for 64 bits
After you have installed Java 8 in your machine, double click ExplotPack.jar or from a console run this command: “java -jar ExploitPack.jar”

Linux:
Under any Linux distribution that supports DEB packages like Ubuntu, Debian, Kali, etc. you can run the following commands to install Java 8 from an official repository
Copy and paste the following in a terminal window:

echo “deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main” >> /etc/apt/sources.list
echo “deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main” >> /etc/apt/sources.list
sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys EEA14886
sudo apt-get update
sudo apt-get install oracle-java8-installer

OSX:
Download and install Java 8 for OSX 32/64 bits from Oracle: OSX Java 8 32/64 bits
After you have Java 8 installed in your Mac, double click ExploitPack.jar to run it or from a console: “java -jar ExploitPack.jar”

========================
BUILD OUTPUT DESCRIPTION
========================

When you build an Java application project that has a main class, the IDE automatically copies all of the JAR
files on the projects classpath to your projects dist/lib folder. The IDE also adds each of the JAR files to the Class-Path element in the application JAR files manifest file (MANIFEST.MF).

To run the project from the command line, go to the dist folder and type the following:

java -jar “ExploitPack.jar”

To distribute this project, zip up the dist folder (including the lib folder) and distribute the ZIP file.

Notes:
* If two JAR files on the project classpath have the same name, only the first JAR file is copied to the lib folder.
* Only JAR files are copied to the lib folder. If the classpath contains other types of files or folders, these files (folders)
are not copied.
* If a library on the projects classpath also has a Class-Path element specified in the manifest,the content of the Class-Path element has to be on the projects runtime path.
* To set a main class in a standard Java project, right-click the project node in the Projects window and choose Properties. Then click Run and enter the class name in the Main Class field. Alternatively, you can manually type theclass name in the manifest Main-Class element.

Usage Debian/Kali 2.0/Ubuntu:

echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" >> /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" >> /etc/apt/sources.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
sudo apt-get update
sudo apt-get install oracle-java8-installer

git clone https://github.com/juansacco/exploitpack && cd exploitpack
java -jar ExploitPack.jar

Upgrade:
git pull origin master

Source: http://exploitpack.com | https://github.com/juansacco | Our Post Before

Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.
This application requires an android device with a wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Nexus 5 and any other device that uses the BCM4339 (and BCM4358 (although injection is not yet supported so no aireplay or mdk)) chipset will work with Nexmon. Also, devices that use BCM4330 can use bcmon. An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.

The required tools are included in the app. To install them go to Settings and click “Install Tools”. This will install everything in the directory you select. If you have already installed them, you don’t have to do anything. You can also have them at any directory you want and set the directories in Settings, though this might cause the wireless tools not being found by the aircrack-ng suite. The Nexmon driver and management utility is also included.
Root is also necessary, as these tools need root to work. If you don’t grant root permissions to it, it hangs… for some reason… don’t know why…

Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android

Features:
* View a list of access points and stations (clients) around you (even hidden ones)
* View the activity of a network (by measuring beacons and data packets) and its clients
* Deauthenticate all the clients of a network
* Deauthenticate a specific client from the network it’s connected
* MDK3 Beacon Flooding with custom SSID list
* MDK3 Authentication DoS for a specific network or to everyone
* Try to get a WPA handshake or gather IVs to crack a WEP network
* Statistics about access points (only encryption for now)
* See the manufacturer of a device (AP or station) from a OUI database (pulled from IEEE)
* See the signal power of devices and filter the ones that are closer to you
* Leave the app running in the background, optionally with a notification
* Copy commands or MAC addresses to clipboard, so you can run them in a terminal if something goes wrong
* Include the tools
* Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)
* .cap files cracking with custom wordlist
* Save captured packets in .cap file
* Create custom commands to be ran on an access point or a client with one click

Installation:
Make sure:
– you are on Android 5+
– you are rooted. SuperSU is required. If you are on CM, install SuperSU
– have installed busybox (opened and installed the tools)
– have a firmware to support Monitor Mode on your wireless interface

APK Download: Hijacker-release-v1-RC.1.apk(6.24 MB)
Source: https://github.com/chrisk44

Changelog EyeWitness v2.2.1:
+ Debian Install Updated: The Debian setup process has been updated to install the geckodriver.
+ Added in ability to specify max retries.
+ New XML, and bug fixes.

EyeWitness v2.2.1

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.
Protocols Support:
–web HTTP Screenshot using Selenium
–headless HTTP Screenshot using PhantomJS Headless
–rdp Screenshot RDP Services
–vnc Screenshot Authless VNC services
–all-protocols Screenshot all supported protocols, using Selenium for HTTP
Supported Linux Distros:
+ Kali Linux
+ Debian 7+

Usage and download from source:

git clone https://github.com/ChrisTruncer/EyeWitness && EyeWitness
cd setup && ./setup.sh

./EyeWitness.py -h

Update; git pull

Download: 2.2.1.zip  | 2.2.1.tar.gz
Source: https://github.com/ChrisTruncer

A task:
* Select the executable file and the necessary tools.
* To study the structure of the executable file.
* Write implemented by the executable code in machine language.

The structure of the executable file.
1. Portable Executable (PE) – executable file format, object code and dynamic libraries used in 32-bit and 64-bit versions of Microsoft Windows operating system. PE format is a data structure that contains all the information necessary PE-loader to display the file in memory. The executable code includes references to bind dynamic link libraries, export and import of the table API functions, data management and data thread local storage (TLS). The family of operating systems Windows NT format is used for PE EXE, DLL, SYS (device driver) and other types of executable files.

PE Header Putty

******* thirty Figure 7 is a point entry can be found in the PE file header.
2. PE files contain position-independent code. Instead they are compiled for the preferred base address, and all of the addresses generated by the compiler / linker, fixed in advance. If PE-file can not be loaded at its preferred address (because he was busy with something else), the operating system will be to relocate it. For the process of this fact is unknown, because in such a situation it operates in the space of virtual addresses (VA), wherein the location coincides with ImageBase. By default, ImageBase value for executable files – 0x00400000. There is also a relative virtual address (RVA), which simplifies the process of transferring the executable code in the address space. Address section of the RVA is calculated by counting ImageBase executable file, or, in rare cases, by “magic” constants.

Message Box

3. PE file consists of several titles and sections which indicate the dynamic linker how to map the file into memory. The executable image is composed of several different areas (sections), each of which requires a different memory access rights; thus, the beginning of each section must be aligned on a page boundary. For example, typically section .text, which contains program code, executed and displayed as a read-only, and .data section that contains global variables, shown as non-executable and is available for reading and writing.

Debugging Message Box

conclusions
The work has been studied the structure of the format of a Windows executable file – PE. skills were received with the tools for debugging and editing of executable files.

Usage and download from source:

git clone https://github.com/MaximillianMS/Inject-shellcode && cd Inject-shellcode
cd putty_injected
putty_injected.exe

Source: https://github.com/MaximillianMS

Changelog KatanaFramework Core:0.0.0.1 Build:0067 21/12/16:
+ Added New Banner : Chapecoense commemoration
+ Added New Function : isPortLive, check port services.
+ Upgrading to Core:0.0.1.0 Build:0067

KatanaFramework Core:0.0.0.1 Build:0067

ktf.gui (Graphical User Interface for Katana Framework)

KTF Console

Katana is a framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others).

Katana Module:

Katana Module

The Katana source code is organized as follows:
-KatanaGUI/ > Source code for graphical user interface
-KatanaLAB/ > Source code for katana laboratory
-core/ > Source code core
–core/db/ > Dictionaries and tables
–core/logs/ > Registers of modules
-files/ > Files necessary for some modules
-tmp/ > Temp files
-lib/ > Libraries
-doc/ > Documentation
-scripts/ > Scripts(modules)

Requirement : OS requirement: Kali Linux. Ubuntu, Debian
Installation:

git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework
sudo sh dependencies
sudo python install

Update:
git pull origin master

ktf.update -f

Usage Command :

sudo ./ktf.console x::ls -a

Gui:
java -jar ktf.gui.jar

Example Usage:

Update :

Updating Katana

Download : katana.zip | Our Post Before
Source :http://sourceforge.net/projects/katanas/

Changelog WiFi-Pumpkin v0.8.4:
+ Features
– added new plugin Pumpkin-Proxy (mitmproxy API)
– added new notifications for donations

+ Fixes
– fixed theme default QtableView Color hover

WiFi-Pumpkin v0.8.4

WiFi-Pumpkin v0.8.3

wifi-pumpkin v0.8.1

Wifi-Pumpkin Updater Click Help Menu then Update

WiFi-Pumpkin is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snooping on the traffic. can be used to capture of credentials of unsuspecting users by either snooping the communication by phishing.
Features
+ Rouge Wi-Fi Access Point
+ Deauth Clients AP
+ Probe Request Monitor
+ DHCP Starvation Attack
+ Crendentials Monitor
+ Windows Update Attack
+ Templates phishing
+ Partial bypass HSTS
+ Dump credentials phishing
+ Support airodump scan
+ Support mkd3 deauth
+ beef hook support
+ Report Logs html
+ Mac Changer
+ ARP Posion
+ DNS Spoof

Ubuntu/Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5:

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
chmod +x installer.sh
./installer.sh --install


Update
cd WiFi-Pumpkin
git pull origin master

then run
wifipumpkin (ubuntu)
wifi-pumpkin (kali 2.0)

Debian/Ubuntu Binary;
wget https://github.com/P0cL4bs/WiFi-Pumpkin/releases/download/v0.8.4/wifi-pumpkin-0.8.4-all.deb
sudo dpkg -i wifi-pumpkin-0.8.4-all.deb

Source : https://github.com/P0cL4bs | Download: 0.8.4.zip | 0.8.4.tar.gz | Our post before

Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior. Sniffles works very simply. It takes a set of regular expressions or rules and randomly chooses one regular expression or rule. It then generates content based on that rule or regular expression. For fixed strings, this means adding the string directly to the data (possibly with offsets or other options as per Snort rules).
For regular expressions the process is somewhat more complex. The regular expression is converted to an NFA and a random path is chosen through the NFA (from start to end). The resulting data will match to the regular expression. Finally, Sniffles can be set to full match or partial match.

With a full match, the packet data will absolutely match to at least one rule or regular expression (Some Snort options are not fully considered though). A partial match will erase the last character from a matching character sequence to a sequence that should not match (may match to another rule though). Matching rules should cause the most burden on an IDS. Thus, it is possible to determine how well the IDS handles worst case traffic.
Partial matching traffic will cause almost as much burden as matching traffic. Finally, Sniffles can also generate traffic that has completely random data. Such random data offers a best case scenario as random data is very unlikely to match with any rules. Thus, it can be processed at maximum speed. Thus, Sniffles allows the creation of packet captures for best and worst case operation of IDS deep packet inspection.

sniffles helper

Latest change v3.2.0 22/12/2016:
+ Fixed bugs on BackgroundTraffic class.
+ Fixed speeling

REQUIRES: Python 3.3+ and the SortedContainers module

Sniffles consists of the following files:
– rulereader.py: The parser for rules.
– ruletrafficgenerator.py: The tool for generating content streams.
– sniffles.py: The main program managing the process.
– sniffles_config.py: handles command line input and options for Sniffles.
– traffic_writer.py: Writes a packet into a pcap compatible file. Does not require libpcap.
– vendor_mac_list.py: Contains MAC Organisationally Unique Identifiers used for generating semi-realistic MAC addresses rather than just randomly mashed together octets.
– examples/vendor_mac_definition.txt: Optional file for defining the distribution of partial or full MAC addresses.
– pcre files for pcre (pcre_chartables.c pcre_compile.c pcre_globals.c pcre_internal.h pcre_newline.c pcre_tables.c pcre.h pcrecomp.c pcreconf.py ucp.h).
– nfa.py: for traversing NFA.
– regex_generator.py: The code for generating random regular expressions.
– rand_rule_gen.py, feature.py, and rule_formats.py: modules for generating random rule sets.

Usage and download from source:

git clone https://github.com/petabi/sniffles && cd sniffles
pip3 install -r requirements.txt
python3 setup.py install

sniffles

Source: https://github.com/petabi

Changelog Brosec v1.3.0 (Dec , 2016):
* Enhancement
– Added a new section (bros 6) for Brosec auxiliary modules (bros http, ftp, encode)
– Added a command line interface for bros encode
– Added MSF Venom one liners to a sub-section under bros 5

* Bug Fixes
– Fixed an issue in bros encoder (long strings were getting chopped)
– include bros encode standard mode.

Brosec v1.3.0

brosec v1.2.3

bros encoding

Brosec – An interactive reference tool to help security professionals utilize useful payloads and commands.

Brosec – Console

Overview :
– Brosec is a RTFM-like utility to help Security Bros remember complex but useful payloads and commands
– Brosec utilizes saved variables (set by you) to create custom payloads on the fly. This config info is stored in a local db for your convenience
– Brosec outputs payloads and copies it to your clipboard in order to make your pentesting even more magical
– Your current config can be accessed by the config command at any time, or by entering the variable name
– Config values can be changed at any time by entering set <variable> <value>
– You can navigate to frequently used payloads by entering the menu sequence from the command line: bros <sequence>
Ex: bros 412 – This would automate entering 4 for the Web Menu, 1 for the XXE sub menu, and 3 for the XXE local file read payload

Installation
Mac
+ brew install node netcat – Install Nodejs and netcat (or nc, ncat, etc)
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
+ cd Brosec && npm install – cd into the directory and install npm depdendencies

Linux
+ <package manager> install node build-essential g++ xsel netcat Install Nodejs and other dependencies
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
+ cd Brosec && npm install – cd into the directory and install npm depdendencies

Windows (Unsupported)
+ Install nodejs
+ Install ncat
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
Payloads that utilize netcat will not work due to the kexec library not being supported in Windows

Configuration:
Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Brosec also uses netcat for several payloads. If needed, the path to netcat can be altered via the settings.netcat variable.
Payload Variables;
+ LHOST : Local IP or name
+ LPORT : Local IP or name
+ RHOST : Remote IP or name
+ RPORT : Remote IP or name
+ USER : Username (only used in a few payloads)
+ PROMPT : User Prompt (This isn’t a stored value. Instead, payloads with this variable will prompt for input.)

Download Using Git for Ubuntu/Debian/Kali:

git clone https://github.com/gabemarshall/Brosec && cd Brosec
apt-get install npm build-essential g++ xsel
npm install -g n
npm install -g Brosec

Download stable version:
bros-1.1-darwin-x86_64.tar.gz
bros-1.1-linux-x86.tar.gz
bros-1.1-linux-x86_64.tar.gz
bros-1.1-Win-x86_64.zip
Source: https://github.com/gabemarshall | Our Post Before