https://blogs.law.harvard.edu/tech/rss https://root4loot.com/pentools/ Recent content in Penetration testing tools on root4loot https://root4loot.com/pentools/ /img/opengraph.png 1440 After Dark 7.2.1 (Hugo 0.55.1) en-US https://root4loot.com/pentools/av-evasion/ root4loot https://root4loot.com/pentools/av-evasion/ Veil Python script designed to generate metasploit payloads that bypass common anti-virus solutions. Usage: python Veil-Evasion.py peCloak Python script that takes an automated approach to AV evasion. Usage: peCloak.py [[options]] [path_to_pe_file] Example: python peCloak.py plink.exe .. New file saved [plink_1540964122_cloaked.exe] OWASP ZSC Open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. Usage: ./zsc zsc> help [+] shellcode generate shellcode [+] shellcode>generate to generate shellcode [+] shellcode>search search for shellcode in shellstorm [+] shellcode>download download shellcodes from shellstorm [+] shellcode>shell_storm_list list all shellcodes in shellstorm [+] obfuscate generate obfuscate code [+] back Go back one step [+] clear clears the screen [+] help show help menu [+] update check for update [+] about about owasp zsc [+] restart restart the software [+] version software version [+] exit/quit to exit the software [+] # insert comment [+] zsc -h, --help basic interface help https://root4loot.com/pentools/brute-force/ root4loot https://root4loot.com/pentools/brute-force/ Ncrack High-speed network authentication cracking tool. Examples: SSH: ncrack -u testuser -P wordlist.txt <host> -p 22 RDP: ncrack -u testuser -P wordlist.txt <host> -p 3389 FTP: ncrack -u testuser -P wordlist.txt <host> -p 21 Medusa Login brute-forcer tool designed to be speedy, parallel and modular. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few. Syntax: Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT] Examples: SSH: medusa -u testuser -P wordlist. https://root4loot.com/pentools/command-control/ root4loot https://root4loot.com/pentools/command-control/ dnscat2 Tool designed to create an encrypted command-and-control (C&C) channel over the DNS protocol, which is an effective tunnel out of almost every network. Usage: ./dnscat DropboxC2C Post-exploitation agent which uses Dropbox Infrastructure for command and control operations. Structure: main.py - The "server" part which manages all the agents. agent.py - The "client" part which does what the server tells. 1. Modify the API Key on agent.py and main.py (the api key must be created from the dropbox web interface) 2. https://root4loot.com/pentools/databases/ root4loot https://root4loot.com/pentools/databases/ NoSQLMap Open source Python-based automated NoSQL MongoDB exploitation tool. Usage: python NoSQLMap SQLmap Open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. Usage: python sqlmap [options] Examples: python sqlmap.py -u "http://targetsite.com/vuln.php" python sqlmap.py -u "http://targetsite.com/login.aspx" --method POST --data "username=foo&password=bar&submit=login" --dbms=mssql --tables https://root4loot.com/pentools/miscellaneous/ root4loot https://root4loot.com/pentools/miscellaneous/ httprobe Take a list of domains and probe for working HTTP and HTTPS servers. Example usage: cat domains.txt | httprobe | tee alive.txt cat domains.txt | httprobe -p http:8080 -p https:4443 | tee alive.txt RTFM RTFM (Red Team Field Manual) is a great and useful book, BUT a bit pointless when you have to transcribe it, so this little program will aim to be the spiritual successor to it. https://root4loot.com/pentools/network-related/ root4loot https://root4loot.com/pentools/network-related/ Airgeddon A multi-use bash script for Linux systems to audit wireless networks. Usage: sudo bash airgeddon.sh SPARTA Python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. Usage: ./sparta SSH Pivoting with SSH. Port forwarding: Local: ssh <gateway> -L <local port to listen>:<remote host>:<remote port> Remote: ssh <gateway> -R <remote port to bind>:<local host>:<local port> Dynamic: ssh <gateway> -D <port to bind> Plink https://root4loot.com/pentools/printers/ root4loot https://root4loot.com/pentools/printers/ Praedasploit Contains a number of commonly found printer exploits. Usage: See https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules PRET Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. Usage: ./pret.py [-h] [-s] [-q] [-d] [-i file] [-o file] target {ps,pjl,pcl} Example usage: ./pret.py laserjet.lan ps ./pret.py /dev/usb/lp0 pjl https://root4loot.com/pentools/samba/ root4loot https://root4loot.com/pentools/samba/ CrackMapExec A post-exploitation tool that helps automate assessing the security of large Active Directory networks. CME makes heavy use of the Impacket library. Examples usage: crackmapexec <protocol> 192.168.1.0/24 crackmapexec <protocol> ~/targets.txt Pass-the-hash: crackmapexec smb <target(s)> -u username -H LMHASH:NTHASH crackmapexec smb <target(s)> -u username -H NTHASH Null sessions: crackmapexec smb <target(s)> -u '' -p '' enum4linux A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. https://root4loot.com/pentools/web/ root4loot https://root4loot.com/pentools/web/ Arjun Arjun is a HTTP parameter discovery suite. Example usage: Find GET parameters: python3 arjun.py -u https://api.example.com/endpoint --get Find POST parameters python3 arjun.py -u https://api.example.com/endpoint --post Multi-threading: python3 arjun.py -u https://api.example.com/endpoint --get -t 22 Delay between requests: python3 arjun.py -u https://api.example.com/endpoint --get -d 2 Add HTTP headers: python3 arjun.py -u https://api.example.com/endpoint --get --headers BeEF Exploitation Framework A cross-site scripting (XSS) attack framework. Usage: ./beef Burp An awesome graphical tool for testing Web application security. https://root4loot.com/pentools/wordlist-generators/ root4loot https://root4loot.com/pentools/wordlist-generators/ CeWl A ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. Usage: cewl [OPTIONS] ... <url> Example: cewl http://example.com --depth=4 --write=output.txt Crunch Wordlist generator based on criteria you specify. The output from crunch can be sent to the screen, file, or to another program.