Jump to content

dannybest

Members
  • Content Count

    19
  • Joined

  • Last visited

  • Days Won

    3

dannybest last won the day on August 24

dannybest had the most liked content!

Community Reputation

23 Excellent

About dannybest

  • Rank
    Registered user

Recent Profile Visitors

90 profile views
  1. EntynetHackerTools ™ (Ehtools Framework) - Official Link ███████╗██╗ ██╗████████╗ ██╔════╝██║ ██║╚══██╔══╝ █████╗ ███████║ ██║ ██╔══╝ ██╔══██║ ██║ ███████╗██║ ██║ ██║ ╚══════╝╚═╝ ╚═╝ ╚═╝ The Ehtools Framework By Ehtools Team entynetproject.simplesite.com ehtools.pro Details About ehtools framework INFO: Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
  2. Powershell-RAT - Official Link Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This piece of code is Fully UnDetectable (FUD) by Anti-Virus (AV) software. This project must not be used for illegal purposes or for hacking into system where you do not have permission, it is strictly for educational purposes and for people to experiment with. Any suggestions or ideas for this tool are welcome - just tweet me on @ManiarViral RAT Architecture Diagram Screenshot On the first run of the Powershell-RAT user will get options as below: Using Hail Mary option to backdoor a Windows machine: Successfully taking screenshots of the user activity: Data exfiltrated as an email attachment using Gmail:
  3. PyRDP - Official Link PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you can look at them later Run console commands or PowerShell payloads automatically on new connections RDP Player: See live RDP connections coming from the MITM View replays of RDP connections Take control of active RDP sessions while hiding your actions List the client's mapped drives and download files from them during active sessions RDP Certificate Cloner: Create a self-signed X509 certificate with the same fields as an RDP server's certificate We have used this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine. PyRDP was first introduced in a blogpost in which we demonstrated that we can catch a real threat actor in action. In May 2019 a presentation by its authors was given at NorthSec and two demos were performed. The first one covered credential logging, clipboard stealing, client-side file browsing and a session take-over. The second one covered the execution of cmd or powershell payloads when a client successfully authenticates. In August 2019, PyRDP was demo'ed at BlackHat Arsenal (slides).
  4. AsyncRAT - Official Link AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection Included projects This project includes the following Access terminal for controlling clients Configurable client manageable via Terminal Log server recording all significant events Features Include: Client screen viewer & recorder Client Antivirus & Integrity manager Client SFTP access including upload & download Client & Server chat window Client Dynamic DNS & Multi-Server support (Configurable) Client Password Recovery Client JIT compiler Client Keylogger Client Anti Analysis (Configurable) Server Controlled updates Client Antimalware Start-up Server Config Editor Server multiport receiver (Configurable) Server thumbnails Server binary builder (Configurable) Server obfuscator (Configurable) And much more!
  5. Deep Exploit - Official Link Fully automatic penetration test tool using Deep Reinforcement Learning. Presentation February 17th,2018: SECCON YOROZU 2018 August 9th,2018: Black Hat USA 2018 Arsenal August 10th,2018: DEF CON 26! AI Village October 24th,2018: CSS2018 November 3rd,2018: AV TOKYO 2018 Hive December 6th,2018: Black Hat EURO 2018 Arsenal Cooperation HITB+ AI Challenge Demonstration See the demo page. Documentation (Installation, Usage) See the project's wiki for installation, usage and changelog. Overview DeepExploit is fully automated penetration test tool linked with Metasploit. DeepExploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. It's key features are following. Efficiently execute exploit. DeepExploit can execute exploits at pinpoint (minimum 1 attempt) using Machine Learning. Deep penetration. If DeepExploit succeeds the exploit to the target server, it further executes the exploit to other internal servers. Self-learning. DeepExploit can learn how to exploitation by itself (uses Reinforcement Learning). It is not necessary for humans to prepare learning data. Learning time is very fast. Generally, reinforcement learning takes a lot of time. So, DeepExploit uses distributed learning by multi agents. We adopted an advanced machine learning model called A3C. Powerful intelligence gathering To gather the information of software operated on the target server is very important for successful the exploitation. DeepExploit can identify product name and version using following methods. Port scanning Machine Learning (Analyze HTTP responses gathered by Web crawling) Contents exploration Abilities of "Deep Exploit". Current DeepExploit's version is a beta. But, it can fully automatically execute following actions: Intelligence gathering. Threat modeling. Vulnerability analysis. Exploitation. Post-Exploitation. Reporting. Your benefits. By using our DeepExploit, you will benefit from the following. For pentester: (a) They can greatly improve the test efficiency. (b) The more pentester uses DeepExploit, DeepExploit learns how to method of exploitation using machine learning. As a result, accuracy of test can be improve. For Information Security Officer: (c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach. Since attack methods to servers are evolving day by day, there is no guarantee that yesterday's security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. Our DeepExploit will contribute greatly to keep your safety.
  6. Official Link Introduction Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. hXXp://109.162.38.120/harsh02.exefor known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).
  7. ManaTI Project - Official Link Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and inferences. The project will include the development of a web interface for the analyst to interact with the data and the machine learning output. This project is partially supported by Cisco Systems. For more information about the project please go to Stratosphere Lab page
  8. Official Link Emagnet is a very powerful tool for it's purpose wich is to capture email addresses and passwords from leaked databases uploaded on pastebin. It's almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin's techs or the uploads is just one in the crowd. To be honest it's easier to find a needle in a haystack then find outdated uploads on pastebin with the data we want to collect. Demo - How it works Left side is how you see it - Right side is what actually happening in the background Of course everything getting stored to log dir (Filtered email addresses)
  9. DOWNLOAD (ATENTIE, POATE FI VAZUT CA SI VIRUS) Saefko (SAS) is the first known multi-protocol remote administration tool that targets multiple operating systems. In this example the author created a modular-style botnet that connects with the remote system initially via HTTP. Using this HTTP connection the client can send commands, or establish an IRC connection with the remote machine. The IRC servers will switch every 21 minutes for extra-security, on top of the messages being encrypted. You can use IRC or HTTP to establish a TCP connection in which you can call on much more features.
  10. AVETI GRIJA, PE VIRUSTOTAL ESTE GASIT CA SI VIRUS (redirect catre VirusTotal) !!! de testat pe virtual machine. Download Spy Note is a free advanced Remote Administration Tool targeted for Android systems. It’s server is written in Java, and the client controller is written in Visual Basic .NET. After installation on an Android device, Spy Note will automatically remove it’s on-screen icon from the victim’s device. Spy Note’s essence is a kind of Trojan generator with some quite attractive features. It was popular in the deep web when first released, since being leaked it has become more popular. As a tool designed for remotely monitoring and controlling Android system/device. When comparing to competitor software (such as: OmniRAT, DroidJack, Dendroid), SpyNote will always come out on top. While there are simply a lot options and better stability across all Android versions.. As the version upgrades, the features of Spy Note become increasingly powerful, and bring more serious harm to victims. Although Spy Note now seems to have no large-scale use by hackers around the world, today anyone can download it for free.
  11. REBEL-FRAMEWORK - Official Link automate the automation MODULES SCREENSHOTS DEMOS
  12. Invisi-Shell - Official Link Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API. Work In Progress This is still a preliminary version intended as a POC. The code works only on x64 processes and tested against Powershell V5.1. Usage Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the two batch files from the root directory (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the same folder. Run either of the batch files (depends if you have local admin privelledges or not) Powershell console will run. Exit the powershell using the exit command (DON'T CLOSE THE WINDOW) to allow the batch file to perform proper cleanup.
×
×
  • Create New...