Apenas Isso

Encontrei um script em perl que faz todo o trabalho por nos. O script e capaz de fazer varias combinações inclusive de quebrar senha WPA, além de uma grande extensão de palavras. O nome do script em perl e Words Generator no português Gerador de Palavras, salve o script abaixo com a extensão .pl #!/usr/bin/perl =head1 NAME wg.pl =head1 AUTHOR Matteo Redaelli E-MAIL: matteo.redaelli@libero.it WEB: http://digilander.iol.it/reda =head1 DESCRIPTION This is a Word Generator: you can apply some useful options to filter the words =head1 USAGE type perl wg.pl -h =head1 HISTORY 2000-01-06: the first lines of this script 2000-01-11 added getopt 2000-01-21: adjusted default parameters 2002-03-05: new option -n 2002-03-06: new option -s 2002-03-07: reorganization of all source code, more documentation =head1 LICENSE This package is free software; you can redistribute it and/or modify it under the same terms as Perl itself,...

Corra enquanto ainda funciona segue versão com user agente em pt-br para melhor engenharia social github http://goo.gl/8cv6Lp #!/usr/bin/perl # use strict; use Net::SSLeay::Handle; if(!defined($ARGV[0] && $ARGV[1])) { system('clear'); print " Version 2.32 \n"; print "\033[1;32md88888b .d8b. .o88b. d88888b d8888b. .d88b. db dD d88888b d8888b. \n"; print "88' d8' `8b d8P Y8 88' 88 `8D .8P Y8. 88 ,8P' 88' 88 `8D \n"; print "88ooo 88ooo88 8P 88ooooo 88oooY' 88 88 88,8P 88ooooo 88oobY' \n"; print "88~~~ 88~~~88 8b 88~~~~~ 88~~~b. 88 88 88`8b 88~~~~~ 88`8b \n"; print "88 88 88 Y8b d8 88. 88 8D `8b d8' 88 `88. 88. 88 `88. \n"; print "YP YP YP `Y88P' Y88888P Y8888P' `Y88P' YP YD Y88888P 88 YD \n"; print "\033[1;31m ==================================================...

NMAP Scanning Tutorial : Bypassing the Firewalls and IDS/IPS This post is for penetration testers that face issues with scanning the Corporate networks with firewalls deployed and are unable to bypass the Firewall or an IDS/IPS . Firewall is generally a software or hardware to protect private network from public network.This is a trouble maker for the Penetration testers as they are not able to bypass this added layer of security . Well the good news here is that we can use Nmap options to bypass the firewalls , IDS/IPS . If a penetration tester can bypass firewall then half game is won for the penetration tester. In this tutorial you will learn how to bypass and test firewall using the NMAP options . NMAP options to Bypass the Firewall : • -f (fragment packets): This option is to make it harder to detect the packets. By specifying this option once, Nmap will split the packet into 8 bytes or less after the IP header. This makes the detection of Nmap sen...

https://github.com/eviltik/evilscan https://github.com/gabemarshall/Brosec https://github.com/allodoxaphobia/JenScan https://github.com/eoftedal/retire-site-scanner https://github.com/danielzzz/node-portchecker https://github.com/ncb000gt/node-portscan https://github.com/jeffflater/scannerjs https://github.com/krux/privacy_scanner https://github.com/baalexander/node-portscanner https://github.com/timonwang/scanner https://github.com/jpenalbae/chita https://github.com/hadynz/xss-keylogger https://github.com/fishnetsecurity/Lair https://github.com/skepticfx/subquest https://github.com/shaoshuai0102/sief https://github.com/SomeoneWeird/icanhazprotocol  (msfjs) https://github.com/OWASP/NodeGoat/

DDoS Tool that supports: DNS Amplification (Domain Name System) NTP Amplification (Network Time Protocol) SNMP Amplification (Simple Network Management Protocol) SSDP Amplification (Simple Service Discovery Protocol) Read more about DDoS Amplification Attacks  here Donation would be much appreciated: 1Gi5Rpz5RBEUpGknSwyRgqzk7b5bQ7Abp2 Requierments OS Supports raw sockets Python 2.7 Pinject Usage _____ __ __ / ___/____ _____/ /___/ /___ _____ ___ \__ \/ __ `/ __ / __ / __ `/ __ `__ \ ___/ / /_/ / /_/ / /_/ / /_/ / / / / / / /____/\__,_/\__,_/\__,_/\__,_/_/ /_/ /_/ https://github.com/OffensivePython/Saddam https://twitter.com/OffensivePython Usage: Saddam.py target.com [options] # DDoS Saddam.py benchmark [options] # Calculate AMPLIFICATION factor Options: -h, --help show this help message and exit -d FILE:FILE|DOMAIN, --dns=FILE:FILE|DOMAIN ...

ABOUT Tsunami is forked from Namescan .  It is an open source project by Samiux (GPLv3). It is designed for research and testing your firewalls as well as IDS/IPS.  Do NOT think of using this tool to attack.  It is very expensive due to its poor performance.  The effect may be differ due to the bandwidth, number of sessions and the size of feedback from the domain query as well as the power of the tool. All the features of Namescan are included in Tsunami.  That means, you can use Tsunami as a scanner too.  Please note that Namescan features/functions cannot be used with Tsunami functions. KNOW ISSUE The performance of this tool is very very poor. Tsunami only works on Kali Linux 1.0.9a or above.  Other linux  distributions may not working properly. The -p switch, do not set more than 1000 as it will consume a lot of memory. FEATURE Tsunami will spoof the MAC address on every session and it will be changed on the next session....

DNS Amplification [How to] + [Attack Script] My purpose of giving out daily scanned fresh DNS Lists is because this is a free world. People are selling "scripts, dns scanners, dns lists" when they are actually FREE !! I will be making this extremely NOOB friendly, to literally let everyone grasp and know what I'm talking about. What is an open DNS resolver? It's a name server that provides recursive replies for every system on the internet. How does this work ? What is an amplification attack? Do you see those lists below that I scan and give out, each line is an open dns resolver, basically this works by sending small packet with a spoofed (masked) source address (the dns lists) to a service/target. Let's take one line out of any DNS LIST: Quote: 213.85.133.4 azmx.ru 4081 My server IP (1.1.1.1) My target IP (2.2.2.2) "1.1.1.1" send a small packet to "213.85.133.4 (response size)4081" which is the open dns resolver ...

Everybody is worried about their social security on electronic media. Its possibly time to make some information on the secure environment. Mostly people make their website or blogs live over the internet to make some announcement about particular niche. They want specific groups of people to visit their blog but they don’t want their data to be stored on Google index for any reasons. So, in this blog we will be discussing how to create or optimize your robots.txt for SEO. Actually the defined file is responsible for everything Google indexes. It won’t be wrong to say that robots.txt is file is all about making your domain of data encrypted. Where is the Robots.txt file? How to Create a Robots.txt file? First of all lets talk about where it is placed in an individual’s website over the internet? Following is the command that is used to find out your robots.txt: For example, www.KamranMohsin.com/robots.txt Since the format for robots.txt file is quite simple to understand. The first li...

Command Injection attack is also known as  Arbitrary Code Execution . In Command Injection an attacker generally injects a malicious user input to the system functions which executes system shell commands based on the attacker’s input. The Command Injection vulnerability occurs when the web applications supplies vulnerable (unsafe) input fields to the malicious users to input harmful (malicious) data such as forms, cookies or HTTP header data. This attack differs from  Code Injection  as code injection allows the attacker to add his own code that is then executed by the application. In  Code Injection , the attacker extends the default functionality of the application without the necessity of executing system commands. Crafting the attack parameters This attack is similar to  SQL Injection  where user could craft the attack by passing defined commands into the user input fields. Shell commands are generally delimited with a semi-colon, that could m...

Before hacking with Cross Site Scripting (XSS), lets first learn about what is XSS? What is XSS? Inserting malicious client side script into the web applications, and retrieving the scripts appearing to be coming from a trusted source (server) is termed as cross site scripting. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk. Cross site scripting (XSS) is a type of computer security vulnerability which is typically found in Web applications, such as web browsers through breaches found in browser security, that enables attackers to inject client-side script into Web pages viewed by other users. Types of XSS Reflected XSS (Non-Persistent) Stored XSS (Persistent) DOM XSS Let’s get the meaning of shown XSS types one by one in brief description. 1- Reflected XSS (Non-Persistent) The non-persistent XSS are actually the most common vu...