Brave Browser
The new Brave browser blocks ads and trackers that slow you down and invade your privacy. Discover a new way of thinking about how the web can work.
Download
GitHub
#Brave #Browser
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
The new Brave browser blocks ads and trackers that slow you down and invade your privacy. Discover a new way of thinking about how the web can work.
Download
GitHub
#Brave #Browser
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
🫡5
Kubernetes Goat
✨ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🚀
🏆 Scenarios
Sensitive keys in codebases
DIND (docker-in-docker) exploitation
SSRF in the Kubernetes (K8S) world
Container escape to the host system
Docker CIS benchmarks analysis
Kubernetes CIS benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster - [Deprecated]
Analyzing crypto miner container
MORE+++
GitHub
#RedTeam #Security #Vuln_App
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
✨ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🚀
🏆 Scenarios
Sensitive keys in codebases
DIND (docker-in-docker) exploitation
SSRF in the Kubernetes (K8S) world
Container escape to the host system
Docker CIS benchmarks analysis
Kubernetes CIS benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster - [Deprecated]
Analyzing crypto miner container
MORE+++
GitHub
#RedTeam #Security #Vuln_App
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
🔥1
Malicious PDF Generator ☠️
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Usage
Purpose
⚪️ Test web pages/services accepting PDF-files
⚪️ Test security products
⚪️ Test PDF readers
⚪️ Test PDF converters
GitHub
#RedTeam #PDF #Pentesting
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Usage
┌──(BugCod3㉿kali)-[~]
└─$ python3 malicious-pdf.py burp-collaborator-url
Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.Purpose
⚪️ Test web pages/services accepting PDF-files
⚪️ Test security products
⚪️ Test PDF readers
⚪️ Test PDF converters
GitHub
#RedTeam #PDF #Pentesting
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
🔥4
VIPER
⚪️ Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
⚪️ Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
⚪️ Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories
⚪️ Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold
⚪️ Viper supports running native msfconsole in browser and multi - person collaboration
Site
Installation manual
GitHub
#RedTeam #Viper #Post_Exploitation
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚪️ Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
⚪️ Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
⚪️ Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories
⚪️ Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold
⚪️ Viper supports running native msfconsole in browser and multi - person collaboration
Site
Installation manual
GitHub
#RedTeam #Viper #Post_Exploitation
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
❤1🫡1
WinPwn
To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) and for the proxy reason I wrote my own noscript with automatic proxy recognition and integration.
The noscript is mostly based on well-known large other offensive security Powershell projects.
GitHub
#RedTeam #PowerShell #Pentesting
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) and for the proxy reason I wrote my own noscript with automatic proxy recognition and integration.
The noscript is mostly based on well-known large other offensive security Powershell projects.
GitHub
#RedTeam #PowerShell #Pentesting
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
🔥1
Full-featured C2 framework which silently persists on
webserver via polymorphic PHP oneliner
Overview
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
Efficient: More than 20 plugins to automate privilege-escalation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
Supported platforms (as attacker):
#RedTeam #Web_Hacking #HackTool
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
webserver via polymorphic PHP oneliner
Overview
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>Features
Efficient: More than 20 plugins to automate privilege-escalation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
Supported platforms (as attacker):
GNU/LinuxSupported platforms (as target):
Mac OS X
GNU/LinuxGitHub
BSD-like
Mac OS X
Windows NT
#RedTeam #Web_Hacking #HackTool
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
🤯1
Snoop Project
Snoop Project One of the most promising OSINT tools to search for nicknames
This is the most powerful software taking into account the CIS location.
Is your life slideshow? Ask Snoop.
Snoop project is developed without taking into account the opinions of the NSA and their friends,
that is, it is available to the average user
GNU/Linux ✅
Windows 7/10 (32/64) ✅
Android (Termux) ✅
macOS ❗️
IOS 🚫
WSL 🚫
GitHub
Download
#RedTeam #Scanner #Osint #Username_Search
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
Snoop Project One of the most promising OSINT tools to search for nicknames
This is the most powerful software taking into account the CIS location.
Is your life slideshow? Ask Snoop.
Snoop project is developed without taking into account the opinions of the NSA and their friends,
that is, it is available to the average user
GNU/Linux ✅
Windows 7/10 (32/64) ✅
Android (Termux) ✅
macOS ❗️
IOS 🚫
WSL 🚫
GitHub
Download
#RedTeam #Scanner #Osint #Username_Search
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
❤1👍1🔥1😢1
CobaltStrike support
Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development support of Unix post-penetration module
GitHub
#RedTeam #Cobalt_Strike #Cross_Platform
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development support of Unix post-penetration module
GitHub
#RedTeam #Cobalt_Strike #Cross_Platform
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚡2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
pwndrop
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!
GitHub
#RedTeam #Self_Hosted #file_sharing
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!
GitHub
#RedTeam #Self_Hosted #file_sharing
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚡1👍1
Awesome-Bugbounty-Writeups
A list of writeups in the field of Bug Bunty
GitHub
#Writeup
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
A list of writeups in the field of Bug Bunty
GitHub
#Writeup
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
👍2⚡1
Penetration-Testing-Tools
A collection of my Penetration Testing Tools, Scripts, Cheatsheets
This is a collection of more than a 160+ tools, noscripts, cheatsheets and other loots that I've been developing over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements.
Notice: In order to clone this repository properly - use
#RedTeam #Pentesting #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
A collection of my Penetration Testing Tools, Scripts, Cheatsheets
This is a collection of more than a 160+ tools, noscripts, cheatsheets and other loots that I've been developing over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements.
Notice: In order to clone this repository properly - use
--recurse-submodulesswitch:
git clone --recurse https://github.com/mgeeky/Penetration-Testing-Tools.git
GitHub#RedTeam #Pentesting #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚡1
ffuf - Fuzz Faster U Fool
A fast web fuzzer written in Go.
Installation
Download a prebuilt binary from releases page, unpack and run!
or
If you are on macOS with homebrew, ffuf can be installed with:
If you have recent go compiler installed:
or
GitHub
#Web #InfoSec #Fuzzer
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
A fast web fuzzer written in Go.
Installation
Download a prebuilt binary from releases page, unpack and run!
or
If you are on macOS with homebrew, ffuf can be installed with:
brew install ffufor
If you have recent go compiler installed:
go install github.com/ffuf/ffuf/v2@latest(the same command works for updating)
or
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go buildFfuf depends on Go 1.16 or greater.
GitHub
#Web #InfoSec #Fuzzer
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚡2
Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.
Installation
You can download commix on any platform by cloning the official Git repository :
Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.
Usage
To get a list of all options and switches use:
GitHub
#RedTeam #BugBounty #Command_Injection #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
Installation
You can download commix on any platform by cloning the official Git repository :
$ git clone https://github.com/commixproject/commix.git commixAlternatively, you can download the latest tarball or zipball.
Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.
Usage
To get a list of all options and switches use:
$ python commix.py -hTo get an overview of commix available options, switches and/or basic ideas on how to use commix, check usage, usage examples and filters bypasses wiki pages.
GitHub
#RedTeam #BugBounty #Command_Injection #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚡1
Dork Scraper
Scrape website URLs using Google Dorks.
GitHub
#RedTeam #Dork #Scraper #Google
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
Scrape website URLs using Google Dorks.
GitHub
#RedTeam #Dork #Scraper #Google
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
👏3
Gobuster
Gobuster is a tool used to brute-force:
⚪️ URIs (directories and files) in web sites.
⚪️ DNS subdomains (with wildcard support).
⚪️ Virtual Host names on target web servers.
⚪️ Open Amazon S3 buckets
⚪️ Open Google Cloud buckets
⚪️ TFTP servers
GitHub
⬇️ Download
🔒
#Go #Dns #Web #Pentesting #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
Gobuster is a tool used to brute-force:
⚪️ URIs (directories and files) in web sites.
⚪️ DNS subdomains (with wildcard support).
⚪️ Virtual Host names on target web servers.
⚪️ Open Amazon S3 buckets
⚪️ Open Google Cloud buckets
⚪️ TFTP servers
GitHub
⬇️ Download
🔒
BugCod3#Go #Dns #Web #Pentesting #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
👍3
Subfinder
We have made it to comply with all the used passive source licenses and usage restrictions. The passive model guarantees speed and stealthiness that can be leveraged by both penetration testers and bug bounty hunters alike.
⚪️ Fast and powerful resolution and wildcard elimination modules
⚪️ Curated passive sources to maximize results
⚪️ Multiple output formats supported (JSON, file, stdout)
⚪️ Optimized for speed and lightweight on resources
⚪️ STDIN/OUT support enables easy integration into workflows
GitHub
#Osint #BugBounty #SubDomains
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
subfinder is a subdomain discovery tool that returns valid subdomains for websites, using passive online sources. It has a simple, modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.We have made it to comply with all the used passive source licenses and usage restrictions. The passive model guarantees speed and stealthiness that can be leveraged by both penetration testers and bug bounty hunters alike.
⚪️ Fast and powerful resolution and wildcard elimination modules
⚪️ Curated passive sources to maximize results
⚪️ Multiple output formats supported (JSON, file, stdout)
⚪️ Optimized for speed and lightweight on resources
⚪️ STDIN/OUT support enables easy integration into workflows
GitHub
#Osint #BugBounty #SubDomains
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
httpxis a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
⚪️ Simple and modular code base making it easy to contribute.
⚪️ Fast And fully configurable flags to probe multiple elements.
⚪️ Supports multiple HTTP based probings.
⚪️ Smart auto fallback from https to http as default.
⚪️ Supports hosts, URLs and CIDR as input.
⚪️ Handles edge cases doing retries, backoffs etc for handling WAFs.
GitHUb
#osint #ssl_certificate #bugbounty #cybersecurity
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple.
FinalRecon provides detailed information such as :
⚪️ Header Information
⚪️ Whois
⚪️ SSL Certificate Information
⚪️ Crawler
...
⚪️ DNS Enumeration
...
⚪️ Subdomain Enumeration
...
⚪️ Directory Searching
...
⚪️ Wayback Machine
...
⚪️ Port Scan
...
⚪️ Export
...
Github
#pentesting #web #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
FinalRecon provides detailed information such as :
⚪️ Header Information
⚪️ Whois
⚪️ SSL Certificate Information
⚪️ Crawler
...
⚪️ DNS Enumeration
...
⚪️ Subdomain Enumeration
...
⚪️ Directory Searching
...
⚪️ Wayback Machine
...
⚪️ Port Scan
...
⚪️ Export
...
Github
#pentesting #web #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3
⚡3