Villain 🦹♀️
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
GitHub
#Python #RedTeam #CyberSecurity
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
GitHub
#Python #RedTeam #CyberSecurity
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👍1
httpxis a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
⚪️ Simple and modular code base making it easy to contribute.
⚪️ Fast And fully configurable flags to probe multiple elements.
⚪️ Supports multiple HTTP based probings.
⚪️ Smart auto fallback from https to http as default.
⚪️ Supports hosts, URLs and CIDR as input.
⚪️ Handles edge cases doing retries, backoffs etc for handling WAFs.
GitHUb
#osint #ssl_certificate #bugbounty #cybersecurity
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
Attack Surface Management Platform
Discover hidden assets and vulnerabilities in your environment
Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities.
Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you can’t see—hidden assets and vulnerabilities in your environment.
Sn1per is a next-generation information gathering tool that provides automated, deep, and continuous security for organizations of all sizes.
cd Sn1per
bash install.sh
BugCod3#Cybersecurity #Pentesting #Sn1per
Please open Telegram to view this post
VIEW IN TELEGRAM
Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"#bugbountytips #bugbounty #CyberSecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3🔥2❤🔥1⚡1
JSON Smuggling: A far-fetched intrusion detection evasion technique
🔗 Medium
#infosec #cybersecurity #blueteam
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
#infosec #cybersecurity #blueteam
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡2❤1🔥1
Learn the basics of burpsuite. Start using Burp with web applications.
⬇️ Download
#Burpsuite #Kalilinux #Cybersecurity
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 t.iss.one/BugCod3
📣 t.iss.one/LearnExploit
#Burpsuite #Kalilinux #Cybersecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡3🔥2❤1
Version 1.0.0 is available now
#OSINT #CyberSecurity #password
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
pip3 install -U chiasmodon #OSINT #CyberSecurity #password
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5🔥3⚡2
Subzy
💬
Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz
Installation:
👩💻
📊 Options:
Only required flag for
⚪️
⚪️
⚪️
⚪️
⚪️
⚪️
⚪️
💻 Usage:
Target subdomain can have protocol defined, if not
⚪️ List of subdomains:
⚪️ Single or multiple targets:
😸 Github
⬇️ Download
🔒
#BugBounty #Cybersecurity #Subdomain #Takeover
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz
Installation:
go install -v github.com/LukaSikic/subzy@latest
Only required flag for
run subcommand(r short version) is either --target or --targets--target (string) - Set single or multiple (comma separated) target subdomain/s--targets (string) - File name/path to list of subdomains--concurrency (integer) - Number of concurrent checks (default 10)--hide_fails (boolean) - Hide failed checks and invulnerable subdomains (default false)--https (boolean) - Use HTTPS by default if protocol not defined on targeted subdomain (default false)--timeout (integer) - HTTP request timeout in seconds (default 10)--verify_ssl (boolean) - If set to true, it won't check site with invalid SSLTarget subdomain can have protocol defined, if not
https:// will be used by default if --https not specifically set to true../subzy run --targets list.txt
./subzy run --target test.google.com
./subzy run --target test.google.com,https://test.yahoo.com
BugCod3#BugBounty #Cybersecurity #Subdomain #Takeover
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3⚡2❤2🔥2