22 matches found
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service DDoS attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime...
[SECURITY] Fedora 33 Update: medusa-2.2-14.20181216git292193b.fc33
Medusa is a speedy, massively parallel, modular, login brute-forcer for network services. Some of the key features of Medusa are: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible user input. Target information...
[SECURITY] Fedora 34 Update: medusa-2.2-17.20181216git292193b.fc34
Medusa is a speedy, massively parallel, modular, login brute-forcer for network services. Some of the key features of Medusa are: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible user input. Target information...
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed v...
Linux-Focused Cryptojacking Gang Tracked to Romania
A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...
DirDar - A Tool That Searches For (403-Forbidden) Directories To Break It And Get Dir Listing On It
bypass forbidden directories - find and identify dir listing - you can use it as directory brute-forcer as well Compatabily This tool is compatible with all kind of operating systems as long as you have GO compiler installed Install You can use this command if you have Go installed and configured...
XMLRPC Bruteforcer - An XMLRPC Brute Forcer Targeting Wordpress
An XMLRPC brute forcer targeting Wordpress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3...
Facebash - Facebook Brute Forcer In Shellscript Using TOR
Facebook Brute Forcer in shellscript using TOR IG: @thelinuxchoice Legal disclaimer: Usage of Facebash for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not...
tso-brute NSE Script
TSO account brute forcer. This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP. TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, , $. - it cannot be longer than 7 chars Script Arguments...
DNS Analysis Tool: Bluto
The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they a...
Medusa - Speedy, Parallel and Modular Login Brute-Forcer
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...
Dirs3arch v0.3.0 - HTTP(S) Directory/File Brute Forcer
dirs3arch is a simple command line tool designed to brute force hidden directories and files in websites. It's written in python3 3 and all thirdparty libraries are included. Operating Systems supported Windows XP/7/8 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for...
OpenSSL ASN.1<= 0.9.6j <= 0.9.7b - Brute Forcer for Parsing Bugs
No description provided by source. / Brute forcer for OpenSSL ASN.1 parsing bugs =0.9.6j =0.9.7b written by Bram Matthys Syzop on Oct 9 2003. This program sends corrupt client certificates to the SSL server which will 1 crash it 2 create lots of error messages, and/or 3 result in other interresti...
[jSQL Injection v0.5] Java tool for automatic database injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...
[Patator v0.5] Multi-purpose brute-forcer, with a modular design and a flexible usage
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: ftplogin : Brute-force FTP sshlogin : Brute-force SSH telnetlogin : Brute-force Telnet smtplogin : Brute-force SMTP smtpvrfy : Enumerate valid users using the SMTP VRF...
[jSQL Injection v0.4] Java tool for automatic database injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...
Mini PHP Shell 27.9 V2 Released
Mini PHP Shell 27.9 V2 Released According to Developer josalijoe and Devilzc0de "This is a continuation of PHP Shell Mini 27.9 V1 , Editing Shell c99 and new tools ". Features : Encoder , Processes , FTP-Brute-Forcer , Server-Information , SQL-Manager and etc. Download : Disclaimer : Use at your...
HP-UX FTPD <= 1.1.214.4 "REST" Remote Brute Force Exploit
No description provided by source. / Author: phased /str0ke / include sys/types.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include stdio.h include unistd.h int main int argc, char argv int sock, rc; long int i; struct sockaddrin saddr;...
OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs
/ Brute forcer for OpenSSL ASN.1 parsing bugs include include include include include include include include include include include include include include char buf8192; / This was simply sniffed from an stunnel session / const char dacrap =...