OffSec Blog

SECURITY EDUCATION, PRIVACY GUIDANCE, THREAT AWARENESS, OPEN SOURCE TOOLS, RESEARCH NOTES, AND RESPONSIBLE TECHNOLOGY CONTENT

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...

  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...

  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...

  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...

  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...

  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...

Friday, June 22, 2018

XBruteForcer - CMS Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento)

      , , , , , , , , , ,       No comments    

Brute Force Tool: WP , Joomla , DruPal , OpenCart , Magento

Simple brute force script
[1] WordPress (Auto Detect Username)
[2] Joomla
[3] DruPal
[4] OpenCart
[5] Magento
[6] All (Auto Detect CMS)

 Usage
Short Form Long Form Description
-l --list websites list
-p --passwords Passwords list

Example
perl XBruteForcer.pl -l list.txt -p passwords.txt

for coloring in windows Add This Line
use Win32::Console::ANSI;


BUG ?

 Installation Linux
git clone https://github.com/Moham3dRiahi/XBruteForcer.git
cd XBruteForcer
perl XBruteForcer.pl -l list.txt -p passwords.txt

Installation Android
Download Termux
cpan install LWP::UserAgent
cpan install HTTP::Request
git clone https://github.com/Moham3dRiahi/XBruteForcer.git
cd XBruteForcer
perl XBruteForcer.pl -l list.txt -p passwords.txt

Installation Windows
Download Perl
Download XBruteForcer
Extract XBruteForcer into Desktop
Open CMD and type the following commands:
cd Desktop/XBruteForcer-master/
perl XBruteForcer.pl -l list.txt -p passwords.txt

Version
Current version is 1.2 What's New
• speed up
• Bug fixes
version 1.1
• Bug fixes
Share:

CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs

      , , , ,       No comments    

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds.
How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
For more information about CT logs, check www.certificate-transparency.org.

 Getting Started
Please, follow the instructions below for installing and run CTFR.

 Pre-requisites
Make sure you have installed the following tools:
Python 3.0 or later.
pip3 (sudo apt-get install python3-pip).

 Installing
git clone https://github.com/UnaPibaGeek/ctfr.git
cd ctfr
pip3 install -r requirements.txt

 Running
python3 ctfr.py --help

 Usage
Parameters and examples of use.

 Parameters
-d --domain [target_domain] (required)
-o --output [output_file] (optional)

 Examples
python3 ctfr.py -d starbucks.com
python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt

 Screenshot
Author


Share:
Established in 2015. Offensive Sec Blog has been sharing security research, hacking tools, threat intelligence, and offensive security content since 2015.
Copyright © OffSec Blog | Powered by OffensiveSec
Design by OffSec | Built for the security community