sf

Script to fetch, install, update together with search wordlist archives from websites offering wordlists amongst to a greater extent than than 1800 wordlists available. In the latest version of the Blackarch Linux it has been added to /usr/share/wordlists/ directory. Installation pacman -S wordlistctl Usage [ sepehrdad@blackarch-dev /blackarch/repos/wordlistctl ]$ wordlistctl -H --==[ wordlistctl past times blackarch.org ]==-- usage: wordlistctl -f <arg> [options] | -s <arg> [options] | -S <arg> | <misc> options: -f <num> - download chosen wordlist - ? to listing wordlists amongst id -d <dir> - wordlists base of operations directory (default: /usr/share/wordlists) -c <num> - alter wordlists category - ? to listing wordlists categories -s <regex> - wordlist to search using <regex> inward base of operations directory -S <regex> - wordlist to search using <regex> inward sites -h ...

Synopsis bscan is a command-line utility to perform active information gathering together with service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output together with a well-defined directory structure. Installation bscan was written to last run on Kali Linux , but in that place is naught inherently preventing it from running on whatever OS amongst the appropriate tools installed. Download the latest packaged version from PyPI: pip install bscan Or teach the bleeding-edge version from version control: pip install https://github.com/welchbj/bscan/archive/master.tar.gz Basic Usage bscan has a broad multifariousness of configuration options which tin last used to melody scans to your needs. Here's a quick example: $ bscan \ > --max-concurrency iii \ > --patterns [Mm]icrosoft \ > --status-interval 10 \ > --verbose-status \ > scanme.nmap.or...

Simple Script For Generating Malformed QRCodes. These qrcodes are useful if y'all desire to examination roughly QRCode scanner's parser or how the application get QRCode data. Down side of this tool: y'all bespeak to manually scan codes amongst camera. Proof Installation What produce y'all need: python3 qrcode Pillow argparse Steps 1 git clone https://github.com/h0nus/QRGen two cd QRGen iii pip3 install -r requirements.txt OR python3 -m pip install -r requirements.txt four python3 qrcode.py v Enjoy attacking QRCodes :P Personalization You tin alter the default wordlists to what y'all desire yesteryear passing -w/--wordlist :) Order of default wordlists group: SQL Injection XSS Command Injection Format String XXE String Fuzzing SSI Injection LFI/Directory Traversal custom passed amongst -w/--wordlist Download QRGen

Trigmap is a wrapper for Nmap. You tin sack purpose it to easily start Nmap scan in addition to especially to collect informations into a good organized directory hierarchy. The purpose of Nmap makes the script portable (easy to run non entirely on Kali Linux) in addition to real efficient thank y'all to the optimized Nmap algorithms. Details Trigmap tin sack performs several tasks using Nmap scripting engine (NSE): Port Scan Service in addition to Version Detection Web Resources Enumeration Vulnerability Assessment Common Vulnerabilities Test Common Exploits Test Dictionary Attacks Against Active Services Default Credentials Test Usage Trigmap tin sack endure used inward 2 ways: Interactive mode: trigmap [ENTER], in addition to the script does the rest NON-interactive mode: trigmap -h|--host <target/s> [-tp|--tcp TCP ports] [-up|--udp UDP ports] [-f|--file file path] [-s|--speed fourth dimension profile] [-n|--nic NIC] [-p|--phase phase...

jwt_tool.py is a toolkit for validating, forging together with cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 world cardinal mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/key file Identifying weak keys via a High-speed Dictionary Attack Forging novel token header together with payload values together with creating a novel signature alongside the key or via or thence other ready on method Audience This tool is written for pentesters , who bespeak to cheque the forcefulness of the tokens inward use, together with their susceptibility to known attacks. It may also live on useful for developers who are using JWTs inward projects, but would similar to examine for stability together with for known vulnerabilities, when using forged tokens. Requirements This tool is written natively inward Python 2.x using the mutual librarie...

The OWASP Amass tool suite obtains subdomain names past times scraping information sources, recursive animate beingness forcing, crawling spider web archives, permuting/altering names as well as contrary DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to notice associated netblocks as well as ASNs. All the information is as well as hence used to range maps of the target networks. Information Gathering Techniques Used: DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain cite alterations/permutations, Zone transfers (upon request) Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDB, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ThreatCrowd, VirusTotal, Yahoo Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust APIs: BinaryEdge, BufferOver, CIRCL, HackerTarget, PassiveTotal, Robtex, SecurityTrails, Shodan...