JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan

A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

Features

• Scanning the Joomla CMS sites in search of components/extensions (database of more than 600 components);
• Locate the browsable folders of component (Index of ...);
• Locate the components disabled or protected
• Locate each file useful to identify the version of a components (Readme, Manifest, License, Changelog)
• Locate the robots.txt file or error_log file
• Supports HTTP or HTTPS connections
• Connection timeout

Next Features

• Locate the version of Joomla CMS
• Find Module
• Customized User Agent and Random Agent
• The user can change the connection timeout
• A database of vulnerable components

Usage
usage: python joomlascan.py [-h] [-u URL] [-t THREADS] [-v]
optional arguments:

-h, --help              show this help message and exit

-u URL, --url URL       The Joomla URL/domain to scan.
-t THREADS, --threads   THREADS
                        The number of threads to use when multi-threading
                        requests (default: 10).
-v, --version           show program's version number and exit

Requirements

• Python
• beautifulsoup4 (To install this library from terminal type: $ sudo easy_install beautifulsoup4 or $ sudo pip install beautifulsoup4)

Changelog

• 2016.12.12 0.5beta > Implementation of the Multi Thread, Updated database from 656 to 686 components, Fix Cosmetics and Minor Fix.
• 2016.05.20 0.4beta > Find README.md, Find Manifes.xml, Find Index file of Components (Only if descriptive), User Agent and TimeOut on Python Request, Updated database from 587 to 656 components, Fix Cosmetics and Minor Fix.
• 2016.03.18 0.3beta > Find index file on components directory
• 2016.03.14 0.2beta > Find administrator components and file Readme, Changelog, License.
• 2016.02.12 0.1beta > Initial release

Download JoomlaScan

Read More

Security Onion - Linux Distro For IDS, NSM, And Log Management

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Security-onion project

This repo contains the ISO image, Wiki, and Roadmap for Security Onion.

Looking for documentation?

Please proceed to the Wiki.

Screenshots

Download Security-Onion

Read More

Diggy - Extract Enpoints From APK Files

Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing.


Dependencies

• apktool

Usage

./diggy.sh /path/to/apk/file.apk

You can also install it for easier access by running install.sh
After that, you will be able to run Diggy as follows:

diggy /path/to/apk/file.apk

Download Diggy

Read More

SubOver - A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.

Installing
You need to have Python 2.7 installed on your machine. The following additional requirements are required -

• dnspython
• colorama

git clone https://github.com/Ice3man543/SubOver.git .
cd SubOver
# consider installing virtualenv
pip install -r requirements.txt
python subover.py -h

Usage
python subover.py -l subdomains.txt -o output_takeovers.txt

• -l subdomains.txt is the list of target subdomains. These can be discovered using various tool such as sublist3r or others.
• -o output_takeovers.txtis the name of the output file. (Optional & Currently not very well formatted)
• -t 20 is the default number of threads that SubOver will use. (Optional)
• -V is the switch for showing verbose output. (Optional, Default=False)

Currently Checked Services

• Github
• Heroku
• Unbounce
• Tumblr
• Shopify
• Instapage
• Desk
• Tictail
• Campaignmonitor
• Cargocollective
• Statuspage
• Amazonaws
• Cloudfront
• Bitbucket
• Squarespace
• Smartling
• Acquia
• Fastly
• Pantheon
• Zendesk
• Uservoice
• WPEngine
• Ghost
• Freshdesk
• Pingdom
• Tilda
• Wordpress
• Teamwork
• Helpjuice
• Helpscout
• Cargo
• Feedpress
• Freshdesk
• Surge
• Surveygizmo
• Mashery

Count : 36

FAQ
Q: What should my wordlist look like?
A: Your wordlist should include a list of subdomains you're checking and should look something like:

backend.example.com
something.someone.com
apo-setup.fxc.something.com

Your tool sucks!
Yes, you're probably correct. Feel free to:

• Not use it.
• Show me how to do it better.

Contact
Twitter: @Ice3man543

Credits

• Subdomain Takeover Scanner by 0x94
• subjack : Hostile Subdomain Takeover Tool Written In GO
• Anshumanbh : tko-subs

Download SubOver

Read More

iCloudBrutter - AppleID Bruteforce

iCloudBrutter is a simple python (3.x) script to perform basic bruteforce attack againts AppleID.

Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter.

Installation

$ git clone https://github.com/m4ll0k/iCloudBrutter.git
$ cd iCloudBrutter
$ pip3 install requests,urllib3,socks
$ python3 icloud.py

Download iCloudBrutter

Read More

CLOUDKiLL3R - Bypasses Cloudflare Protection Service Via TOR Browser

CLOUDKiLL3R bypasses Cloudflare protection service via TOR Browser !

CLOUDKiLL3R Requirements :

• TOR Browser to scan as many sites as you want :)
• Python Compiler

CLOUDKiLL3R Installation ?
Make sure that TOR Browser is up and running while working with CLOUDKiLL3R .
Make sure that the IP AND PORT are the same in TOR Browser preferences > advanced > Networks
Include the files below in one folder :

• FILTER.txt
• CK.pl

Make Sure The Modules Below Are Installed If NOT > use this command to install one : pip install [module name]

• argparse
• socks
• socket
• requests
• sys

Contact :
Twitter.com/moh_security

Download CLOUDKiLL3R

Read More