Search Results for "payloads" - Page 2

TheFatRat is an exploiting tool that compiles malware with a famous payload, and then the compiled malware can be executed on Linux, Windows, Mac, and Android. TheFatRat provides an easy way to create backdoors and payload which can bypass most anti-virus. This tool is for educational purposes only, usage of TheFatRat for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this program. This tool...

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler. Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. Please follow the instructions to get a copy of Kage running on your local machine without any problems. electron-vue officially recommends the yarn package manager as it handles dependencies much better and can help reduce final build size with yarn clean. For now it only...

APIthet is an application to security test RESTful web APIs. Assessing APIs help in detecting security vulnerabilities at an early stage of the SDLC. Compare this with assessing an Android application that uses APIs on a backend server. This kind of assessment happens at a much later phase of the SDLC. Even worse, it does not necessarily touch all the APIs. That's not all. You specify one of the JSON parameters as random. This helps set a unique value for a specific JSON parameter in...

Andspoilt is a command line user interface designed to easily exploit android devices. Run interactive android exploits in linux by giving the users easy interface to exploit android devices Uses an intergration with Metaspoilt Framework by giving the user an easy interface to create payloads and launch android exploits. Current Additional feature is a simple web server for file distribution.

... remote connection and holding Ducky Script payloads. Although the ESP8266 is awesome, it doesn't have a native USB, which means it can't act as a keyboard. The ESP will open up a Wi-Fi access point and host a web interface from which you can upload and manage your scripts. When you hit run, it will send the script to the ATmega, which then will execute it on the target machine.

The USB Rubber Ducky is a Human Interface Device programmable with a simple scripting language allowing penetration testers to quickly and easily craft and deploy security auditing payloads that mimic human keyboard input. The source is written in C and requires the AVR Studio 5 IDE from atmel.com/avrstudio. Hardware is commercially available. Imagine plugging in a seemingly innocent USB drive into a computer and installing backdoors, exfiltrating documents, or capturing credentials. With a few...

Mpge is a wrapper of meterpreter (msfconsole, msfpayload and msfencode) of Metasploit Framework directly integrated with Mac OS X Snow Leopard 10.6.8 and with OS X Mavericks 10.9. With Mpge is possible make trojan horse files for Microsoft Windows, Linux and Mac OS X 10.3 Panther, OS X 10.4 Tiger, OS X 10.5 Leopard and OS X Montain Lion 10.8.1 for all Mac OS X is possible make a trojan horse files contains a reverse shell into files .pkg and files .app. I used three real Mac OS X: Attacker:...

Optimise JSON by removing duplicate strings and arrays containing repeated object keys. Here you will find binary downloads and discussion (https://sourceforge.net/p/ojson/discussion/) . The actual development and issue tracking can be found here: https://bitbucket.org/cryanfuse/ojson

... you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address. Rootsector module allows you to automate some attacks over DNS_SPOOF + MitM (phishing - social engineering) using metasploit, apache2 and ettercap frameworks. Like the generation of payloads, shellcode, backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage. recent as introducted the scanner inurlbr (by cleiton)

WAFEP is designed to assess the attack vector support of web application firewalls and application IDS/IPS modules. It operates through an "attacker website" with links, forms, browser controls and other request initiators which send a collection of malicious payloads through the WAF to a target application, which in turn, checks which payloads were blocked and which passed successfully. The WAFEP application serves as both the "attacker" website and the "target" website, and thus, should...

BTFF Features O(log n) time with First-Fit behavior, as n is the number of allocated & free blocks. No boundary tag. Separation between payload and bookkeeping meta data. It does not use any free payload area. As of v1.0, payloads are located in data segment area which is acquired by brk(), and bookkeeping meta data are located in separated area which is acquired by mmap(). Small bookkeeping meta data overhead. Applicable to any kind...

A collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger port).

Plinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase...

Similar to XSS warning addon. Look for URL string for XSS payloads. Detect and stop XSS attacks from evil bad guys to you in addition to detection of Malicious JavaScript embedded in malicious sites.

nSIP is an RFC 3261 compliant implementation of SIP (Session Initiation Protocol) for .NET, written in C#. nSDP is an RFC 4566 compliant SDP parser also in C#, and can be used to make payloads to nSIP messages or to parse any SDP message.

BruteXSS is a python based GUI tool, to find XSS vulnerabilities in web application a lot easier through bruteforcing different payloads.