Termux ID: Python -->

    Social Items

Home / Python

Fsociety Contains All Tools Used In Mr Robot Series


A Penetration Testing Framework, you will have every script that a hacker needs

Menu

  • Information Gathering
  • Password Attacks
  • Wireless Testing
  • Exploitation Tools
  • Sniffing & Spoofing
  • Web Hacking
  • Private Web Hacking
  • Post Exploitation
  • INSTALL & UPDATE

Information Gathering:

  • Nmap
  • Setoolkit
  • Port Scanning
  • Host To IP
  • wordpress user
  • CMS scanner
  • XSStrike
  • Dork - Google Dorks Passive Vulnerability Auditor
  • Scan A server's Users
  • Crips

Password Attacks:

  • Cupp
  • Ncrack

Wireless Testing:

  • reaver
  • pixiewps

Exploitation Tools:

  • ATSCAN
  • sqlmap
  • Shellnoob
  • commix
  • FTP Auto Bypass
  • jboss-autopwn

Sniffing & Spoofing:

  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer

Web Hacking:

  • Drupal Hacking
  • Inurlbr
  • Wordpress & Joomla Scanner
  • Gravity Form Scanner
  • File Upload Checker
  • Wordpress Exploit Scanner
  • Wordpress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 - 3.4.5 remote code execution
  • Vbulletin 5.X remote code execution
  • BruteX - Automatically brute force all services running on a target
  • Arachni - Web Application Security Scanner Framework

Private Web Hacking:

  • Get all websites
  • Get joomla websites
  • Get wordpress websites
  • Control Panel Finder
  • Zip Files Finder
  • Upload File Finder
  • Get server users
  • SQli Scanner
  • Ports Scan (range of ports)
  • ports Scan (common ports)
  • Get server Info
  • Bypass Cloudflare

Post Exploitation:

  • Shell Checker
  • POET
  • Weeman

Installation

$ bash <(curl -s https://raw.githubusercontent.com/Manisso/fsociety/master/install.sh)

Running Tools

$ fsociety
DOWNLOAD FSOCIETY

Fsociety Hacking Tools Pack – A Penetration Testing Framework In Termux


Cloak backdoor python di Termux

Cloak adalah kerangka backdoor python cerdas.
Apa tepatnya?
Cloak menghasilkan muatan python melalui msfvenom dan kemudian dengan cerdas menyuntikkannya ke dalam skrip python yang Anda tentukan.
Untuk menghindari deteksi dasar, Cloak memecahkan muatan menjadi beberapa bagian dan menempatkannya di tempat yang berbeda dalam kode. Jika Anda ingin korban menjalankan skrip yang disuntikkan sebagai root, Jubah juga bisa mengatasinya. Cloak akan ditingkatkan lebih lanjut di masa depan untuk mendukung berbagai macam muatan, platform dan teknik penghindaran.
Persyaratan
msfvenom
python2
Penginstallan

$ apt-update && apt upgrade -y
$ apt install python2
$ apt install git
$ git clone  https://github.com/UltimateHackers/Cloak.git
$ cd Cloak
$ python2 cloak.py
DOWNLOAD CLOAK

Cloak Backdoor Dalam Semua Python Script


Tools It's Supported By Terminal Command Prompt For Windows, We Publish At 01 - 12 -2017, Thanks To Friends Who Supported This Project

Supported With Command Features:

- Admin Panel Finder 

Admin Panel is a place where Administrators can manage and manage site content.

Command Usage : 01

- Dork

dork is really lazy, but here is dork itself is GOOGLE DORK (s). I can guess, surely if when you search on google with keyword "Tutorial Carding" while reading the tutorial you will find the words "Dork". Yes, actually dork itself is a weapon / tools heking * gubraakk: v that can be created by everyone with only creative brain mind, if you already know a little about dork, surely you assume dork itself point is to find targets for SQLi, Deface, etc. As inurl bla..bla..bla, intext bla..bla..bla, allinurl bla..bla..bla, + site: .bla..bla..bla .

Command Usage : 02

- Whois Lookup

Whois or voiced "who is" is used to get domain specific information such as domain name, ip address, name server and age domain. Whois lookup is a command line based application used to query against whois database.

Command Usage : 03

- Port Scanner

In the TCP / IP network protocol, a port is a mechanism that allows a computer to support multiple connection sessions with other computers and programs on the network. Ports can identify applications and services that use connections within the TCP / IP network.

Command Usage : 04

- Robots.txt Finder 

Robots.txt is a file at the root of your site that shows the inside of a site you are not allowed to be accessed by search engine crawlers. Files use the Robot Exclusion Standard, which is a protocol with a small set of commands that can be used to indicate access to sites by section and based on certain types of web crawlers (such as mobile crawlers vs. desktop crawlers).

Command Usage : 05

- Proxy Checker

The definition of proxy is a server that provides a service to forward any user requests to other servers contained on the internet. Or another proxy server definition is a server or computer program that has a role as a liaison between a computer with the internet.

Download HaxorScan 1.0 Multi Tools For Scan Website Informations With Python


Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online.
What does the tool to? Look, a list!
  • Search
  • Brute force
  • SSID and WPAPSK Password Disclosure
  • E-mail, FTP, DNS, MSN Password Disclosure
  • Exploit

This is an example of shodan wave running, the password was not found through raw force so the tool tries to leak the camera's memory. If the tool finds the password it does not try to leak the memory.
asciicast

How to use?
To use shodanwave you need an api key which you can get for free at https://www.shodan.io/, then you need to follow the next steps.

Installation
$ cd /opt/
$ git clone https://github.com/fbctf/shodanwave.git
$ cd shodanwave
$ pip install -r requirements.txt

Usage
Usage: python shodanwave.py -u usernames.txt -w passwords.txt  -k Shodan API key --t OUTPUT
       python shodanwave.py --help 
         __              __                                   
   _____/ /_  ____  ____/ /___ _____ _      ______ __   _____ 
  / ___/ __ \/ __ \/ __  / __ `/ __ \ | /| / / __ `/ | / / _ \
 (__  ) / / / /_/ / /_/ / /_/ / / / / |/ |/ / /_/ /| |/ /  __/
/____/_/ /_/\____/\__,_/\__,_/_/ /_/|__/|__/\__,_/ |___/\___/ 
                                                              

This tool is successfully connected to shodan service
Information the use of this tool is illegal, not bad.

usage: shodanwave.py [-h] [-s SEARCH] [-u USERNAME] [-w PASSWORD] [-k ADDRESS]

optional arguments:
  -h, --help            show this help message and exit
  -s SEARCH, --search SEARCH
                        Default Netwave IP Camera
  -u USERNAME, --username USERNAME
                        Select your usernames wordlist
  -w PASSWORD, --wordlist PASSWORD
                        Select your passwords wordlist
  -k ADDRESS, --shodan ADDRESS
                        Shodan API key
  -l LIMIT, --limit LIMIT
                        Limit the number of registers responsed by Shodan
  -o OFFSET, --offset OFFSET
                        Shodan skips this number of registers from response
  -t OUTPUT, --output OUTPUT
                        Save the results


Attention
Use this tool wisely and not for evil. To get the best performece of this tool you need to pay for shodan to get full API access Options --limit and --offset may need a paying API key and consume query credits from your Shodan account.

Disclaimer
Code samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages from misuse of this information or code.

References:


Shodanwave - Exploring and Obtaining Information from Netwave IP Camera


Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

Capabilities

ps
  • View full process list
  • Inspect process memory map & fetch memory strings easly
  • Dump process memory in one click
  • Automaticly search hash in public services

users
  • users list

find
  • Search for suspicious files by name/regex

netstat
  • Whois

logs
  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

anti-rootkit
  • chkrootkit

yara
  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

Requirements
  • Python 2.7
  • YARA
  • chkrootkit

Installation
  1. Clone repository
git clone https://github.com/intezer/linux_expl0rer
  1. Install required packages
pip install -r requirements.txt
  1. Setup VT/OTX api keys
nano config.py
Edit following lines:
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
  1. Install YARA
sudo apt-get install yara
  1. Install chkrootkit
sudo apt-get install chkrootkit

Start Linux Expl0rer server
sudo python linux_explorer.py

Usage
  1. Start your browser
firefox http://127.0.0.1:8080
  1. do stuff

Notes


    Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints


    Take back your privacy. Lose yourself in the haystack.
    Your ISP is most likely tracking your browsing habits and selling them to marketing agencies (albeit anonymised). Or worse, making your browsing history available to law enforcement at the hint of a Subpoena. Needl will generate random Internet traffic in an attempt to conceal your legitimate traffic, essentially making your data the Needle in the haystack and thus harder to find. The goal is to make it harder for your ISP, government, etc to track your browsing history and habits.
    It's not perfect. But it's a start. Have an idea? Get involved!

    Implemented modules:
    • Google: generates a random search string, searches Google and clicks on a random result.
    • Alexa: visits a website from the Alexa Top 1 Million list. (warning: contains a lot of porn websites)
    • Twitter: generates a popular English name and visits their profile; performs random keyword searches
    • DNS: produces random DNS queries from the Alexa Top 1 Million list.
    • Spotify: random searches for Spotify artists
    Module ideas:
    • WhatsApp
    • Facebook Messenger

    Installation
    Needl should work pretty much any Linux system with Python 3.0+ installed.
    1. cd /opt
    2. git clone https://github.com/eth0izzle/needl.git
    3. pip3 install -r requirements.txt
    4. Download ChromeDriver for your platform (requires Chrome) and place in ./data.
    5. python3 needl.py

    Usage
    Needl runs as a daemon and will happily sit in the background chomping away 24/7, 365. Each module (task) has scheduled actions, for example random DNS queries will happen every 1 to 3 minutes. You can configure the intervals within ./data/settings.yaml.
    usage: needl.py [-h] [--datadir DATADIR] [-d] [-v] [--logfile LOGFILE]
                    [--pidfile PIDFILE]

    Take back your privacy. Lose yourself in the haystack.

    optional arguments:
      -h, --help         show this help message and exit
      --datadir DATADIR  Data directory
      -d, --daemon       Run as a deamon
      -v, --verbose      Increase logging
      --logfile LOGFILE  Log to this file. Default is stdout.
      --pidfile PIDFILE  Save process PID to this file. Default is /tmp/needl.pid.
                         Only valid when running as a daemon.

    F.A.Qs
    1. Why not just use a VPN/Tor? And you should! Needl does not protect your legitimate traffic in any way. It simply generates more.
    2. By using Needl will my legitimate traffic be hidden/protected/safe? No. This isn't the goal of Needl. It's purpose is to generate more traffic to make it harder to identify your legitimate traffic. There's no evidence to suggest this actually works - it's a proof of concept.
    3. Can [insert service here] differentiate between Needl and my legitimate requests? In theory, yes. [insert service here] can track you with Cookies, Session data or algorithms. Needl will tackle this in the future.
    4. Where are your tests?!? Submit a pull request. Please.


    Needl - Take Back Your Privacy. Lose Yourself In The Haystack.


    V3n0M is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software.
    This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.

    Very useful for executing:
    • Cloudflare Resolver[Cloudbuster]
    • LFI->RCE and XSS Scanning[LFI->RCE & XSS]
    • SQL Injection Vuln Scanner[SQLi]
    • Extremely Large D0rk Target Lists
    • AdminPage Finding
    • Toxin [Vulnerable FTPs Scanner] [To Be Released Soon]
    • DNS BruteForcer
    • Python 3.6 Asyncio based scanning

    What You Hold:
    The official adoption of darkd0rker heavily recoded, updated, expanded and improved upon
    • Brand new, just outta the box!
    • Most efficient cloudflare resolver around with easy to use interface.
    • Extremely quick "Toxin" Vulnerable IP scanner to scan potentially millions of ips for known vulnerable services.
    • Largest and most powerful d0rker online, 14k+d0rks searched over ~ Engines at once.
    • Free and Open /src/
    • CrossPlatform Python based toolkit
    • Release 422 Released on 10th November 2017
    • Licensed under GPLv3
    • Tested on: ArchLinux 4.9.61, Ubuntu, Debian, Kali, Windows, MacOS, BlackArch, Manjaro/ArchLinux ARM Ed. Android-Termux
    Note for Ubuntu users: Please make sure you have installed --> sudo apt-get install python3-bs4 Otherwise you may get Syntax Error stopping the program from running.
    Note for Kali users: Please make sure you have installed --> apt-get install python3-dev apt-get install python-dev

    Install note
    Clone the repository:
    $ git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner.git
    Then go inside:
    $ cd V3n0M-Scanner/
    Then install it:
    $ python3 setup.py install --user

    Credits to:
    -SageHack for allowing Cloudbuster to be adapted for use within V3n0M
    -D35m0nd142 for allowing Collaboration and the use of LFI Suite within V3n0M
    -b4ltazar & all members of darkc0de.com for inspiring the project with darkd0rk3r
    ====================================
    ##Make Love and Smoke Trees...


    V3n0M-Scanner - Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns


    InSpy is a python based LinkedIn enumeration tool. Inspy has two functionalities: TechSpy and EmpSpy.
    • TechSpy - Crawls LinkedIn job listings for technlogoies used by the provided company. InSpy attempts to identify technologies by matching job descriptions to keywords from a new line delimited file.
    • EmpSpy - Crawls LinkedIn for employees working at the provided company. InSpy searches for employees by title and/or departments from a new line delimited file. InSpy may also create emails for the identified employees if the user specifies an email format.

    Installation
    Run 
    pip install -r requirements.txt
    within the cloned InSpy directory.

    Help
    InSpy - A LinkedIn enumeration tool by Jonathan Broche (@jonathanbroche)

    positional arguments:
      company               Company name to use for tasks.

    optional arguments:
      -h, --help            show this help message and exit
      -v, --version         show program's version number and exit

    Technology Search:
      --techspy [file]      Crawl LinkedIn job listings for technologies used by
                            the company. Technologies imported from a new line
                            delimited file. [Default: tech-list-small.txt]
      --limit int           Limit the number of job listings to crawl. [Default:
                            50]

    Employee Harvesting:
      --empspy [file]       Discover employees by title and/or department. Titles
                            and departments are imported from a new line delimited
                            file. [Default: title-list-small.txt]
      --emailformat string  Create email addresses for discovered employees using
                            a known format. [Accepted Formats: first.last@xyz.com,
                            last.first@xyz.com, first_last@xyz.com, last_first@xyz.com, 
                            firstl@xyz.com, lfirst@xyz.com,
                            flast@xyz.com, lastf@xyz.com, first@xyz.com,
                            last@xyz.com]

    Output Options:
      --html file           Print results in HTML file.
      --csv file            Print results in CSV format.
      --json file           Print results in JSON.


    InSpy - A Linkedin Enumeration Tool

    Subscribe to: Posts (Atom)