Pentesting Tools, Tutorial, and Information Technology

Senin, 23 Oktober 2017

PenBox: Penetration Testing Framework




  • nmap
  • Setoolkit
  • Port Scanning
  • Host To IP
  • WordPress user enumeration
  • CMS scanner
  • XSStracer - memeriksa server web dari jarak jauh untuk Clickjacking, Cross-Frame Scripting, Cross-Site Tracing dan Host Header Injection
  • Doork – Google Dorks Passive Vulnerability Auditor
  • Scan A server’s Users
Password Attack:
  • Ncrack
  • Cupp
  • AutoBrowser Screenshot
Wireless Testing:
  • pixiewps
  • reaver
  • Bluetooth Honeypot GUI Framework
Exploitation Tools:
  • SQLmap
  • Shellnoob
  • Venom
  • Commix
  • FTP Auto Bypass
  • Jboss-autopwn
  • Blind SQL Automatic Injection & Exploit
  • Bruteforce the Android Passcode given the hash and salt
  • Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner
  • CMS Few
  • BlackBox
  • Liffy
Sniffing & Spoofing:
  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer
Web Hacking:
  • Drupal Hacking
  • WordPress & Joomla Scanner
  • WordPress Scanning
  • WordPress Username Enumeration
  • WordPress Backup Grabbing
  • Inurlbr
  • Gravity Form Scanner
  • File Upload Checker
  • WordPress Exploit Scanner
  • WordPress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 – 3.4.5 Remote Code Execution
  • Vbulletin 5.X Remote Code Execution
  • BruteX – Automatically brute force all services running on a target
  • Arachni – Web Application Security Scanner Framework
  • Sub-domain Scanning
  • Sensitive File Detection
  • Same-Site Scripting Scanning
  • Click Jacking Detection
  • Powerful XSS vulnerability scanning
  • SQL Injection vulnerability scanning
#Private Tools
  • Get all websites
  • Get Joomla websites
  • Get WordPress websites
  • Find control panel
  • Find zip files
  • Find upload files
  • Get server users
  • Scan from SQL injection
  • Scan ports (range of ports)
  • Scan ports (common ports)
  • Get server banner
  • Bypass Cloudflare
#Post Exploitation
  • Shell Checker
  • POET
  • Weeman – Phishing Framework
  • Insecure Web Interface
  • Insufficient Authentication/Authorization
  • Insecure Network Services
  • Lack of Transport Encryption
  • Privacy Concerns
  • Insecure Cloud Interface
  • Insecure Mobile Interface
  • Insufficient Security Configurability
  • Insecure Software/Firmware
  • Poor Physical Security
  • Radium-Keylogger – Python keylogger with multiple features
#Recon
  • Sniper
#Others
  • QrlJacking-Framework
  • Sniffles – Packet Capture Generator for IDS and Regular Expression

Download:
# git clone https://github.com/x3omdax/PenBox.git
Source:  https://github.com/x3omdax/PenBox

Tidak ada komentar:

Posting Komentar