Saturday, August 29, 2020

JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan


A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

Features
  • Scanning the Joomla CMS sites in search of components/extensions (database of more than 600 components);
  • Locate the browsable folders of component (Index of ...);
  • Locate the components disabled or protected
  • Locate each file useful to identify the version of a components (Readme, Manifest, License, Changelog)
  • Locate the robots.txt file or error_log file
  • Supports HTTP or HTTPS connections
  • Connection timeout

Next Features
  • Locate the version of Joomla CMS
  • Find Module
  • Customized User Agent and Random Agent
  • The user can change the connection timeout
  • A database of vulnerable components

Usage
usage: python joomlascan.py [-h] [-u URL] [-t THREADS] [-v]
optional arguments:
-h, --help              show this help message and exit

-u URL, --url URL       The Joomla URL/domain to scan.
-t THREADS, --threads   THREADS
                        The number of threads to use when multi-threading
                        requests (default: 10).
-v, --version           show program's version number and exit

Requirements
  • Python
  • beautifulsoup4 (To install this library from terminal type: $ sudo easy_install beautifulsoup4 or $ sudo pip install beautifulsoup4)

Changelog
  • 2016.12.12 0.5beta > Implementation of the Multi Thread, Updated database from 656 to 686 components, Fix Cosmetics and Minor Fix.
  • 2016.05.20 0.4beta > Find README.md, Find Manifes.xml, Find Index file of Components (Only if descriptive), User Agent and TimeOut on Python Request, Updated database from 587 to 656 components, Fix Cosmetics and Minor Fix.
  • 2016.03.18 0.3beta > Find index file on components directory
  • 2016.03.14 0.2beta > Find administrator components and file Readme, Changelog, License.
  • 2016.02.12 0.1beta > Initial release




Continue reading
Posted by at No comments:

RFCrack Release - A Software Defined Radio Attack Tool

RFCrack uses the following hardware with RFCat libraries:
YardStick One: 
https://goo.gl/wd88sr

I decided to cleanup my RF testing harness and release it as a tool named RFCrack
Mostly because it has been pain to set up use-case scenarios from scratch for every device I am testing. Rather then release a tool no one knows how to use. The below video will be a quick but comprehensive tutorial to get you started If you've been following the blogs, this will greatly simplify your testing, in the following ways:
  • RFCrack handles all of your data conversions. 
  • It allows you to capture, replay and save payloads for use anytime 
  • It will handle rolling code bypass attacks on your devices. 
  • You can jam frequencies and fuzz specific values 
  • It will also allow you to scan specific frequencies in discovery mode or incrementally probe them 
  • RFCrack will hopefully have keyless entry & engine bypass support in the near future

This is the first release, everything works as intended but there will be plenty of updates as I continue to do research and find reasons to add features needed for testing. I am still making changes and making it more flexible with modifiable values and restructuring code.  If you have any legitimate use case scenarios or need a specific value to be modifiable, hit me up and I will do my best to update between research, if its a legitimate use case.

You can reach me at:
Twitter: @Ficti0n
http://cclabs.io , http://consolecowboys.com

GitHub Code for RFCrack:

https://github.com/cclabsInc/RFCrack

Full RF Hacking Course in Development:

Not all of the attacks in the tool have been covered in the RF hacking blog series and a few more are in research mode, as such, not yet added to the tool but will probably be covered in a full length online class on Hacking with RF which includes all targets and equipment.  Send an email to info(at)cclabs.io if your interested.



Walkthrough Training Video:




Until Next time: 

Cheers, and enjoy the tool for your personal use testing devices, feedback and bug reports are appreciated.  I have another RF blog coming out shortly based on my friends research into hacking garages/gates and creating keyfobs.  I will post when its ready. 
Related posts
  1. Underground Hacker Sites
  2. Hackrf Tools
  3. Hack Tools Download
  4. Pentest Tools Review
  5. Hack Tools Github
  6. Hacker Tools Apk Download
  7. Free Pentest Tools For Windows
  8. Pentest Automation Tools
  9. Hacking Tools For Beginners
  10. Pentest Tools Subdomain
  11. Pentest Tools For Windows
  12. Pentest Tools Find Subdomains
  13. Pentest Tools Url Fuzzer
  14. Hacker Tools Free Download
  15. Hacking Tools Kit
  16. Hacking Apps
  17. How To Make Hacking Tools
  18. Pentest Tools Alternative
  19. Hacker Tools Online
  20. Hacking Tools And Software
  21. Hacking Tools For Kali Linux
  22. Github Hacking Tools
  23. How To Install Pentest Tools In Ubuntu
  24. Pentest Tools Android
  25. Hacking Tools 2020
  26. Usb Pentest Tools
  27. Hacking Tools And Software
  28. Pentest Tools For Android
  29. Hacking Apps
  30. Game Hacking
  31. Hacking Tools Software
  32. Hacking Tools 2019
  33. Hack Tools Pc
  34. Kik Hack Tools
  35. Tools For Hacker
  36. How To Install Pentest Tools In Ubuntu
  37. Hacking Tools Github
  38. Hacking Tools For Kali Linux
  39. Hacking Tools For Kali Linux
  40. Pentest Tools Website Vulnerability
  41. Pentest Tools Website
  42. Hacker Hardware Tools
  43. Hack Tools Mac
  44. Hacking Tools Github
  45. Hacker Tools 2020
  46. Bluetooth Hacking Tools Kali
  47. Hacker Tool Kit
  48. Termux Hacking Tools 2019
  49. Pentest Tools Apk
  50. Hacker Tools Apk Download
  51. Pentest Tools Free
  52. Hacker Tools For Pc
  53. Blackhat Hacker Tools
  54. Hacker Hardware Tools
  55. Hack Tools For Windows
  56. Hacking Tools For Windows Free Download
  57. Wifi Hacker Tools For Windows
  58. Hacking Tools Pc
  59. Pentest Tools Open Source
  60. Hacker Tools 2020
  61. Hacker Tools Apk Download
  62. Hacking Tools Kit
  63. Hacking Tools Usb
  64. Pentest Box Tools Download
  65. Pentest Tools Review
  66. Pentest Tools Linux
  67. Hacking Tools Kit
  68. Pentest Tools Nmap
  69. Pentest Tools Kali Linux
  70. Pentest Tools Nmap
  71. Best Hacking Tools 2020
  72. Hacking Tools Online
  73. Pentest Tools Bluekeep
  74. Hacker Tools For Ios
  75. Hacking Tools For Kali Linux
  76. Hacker Tools Free Download
  77. Pentest Tools For Windows
  78. Hacking Apps
  79. Hacker Tools For Pc
  80. Hack And Tools
  81. Pentest Tools Apk
  82. Hacker Tools Free Download
Posted by at No comments:

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

More articles


Posted by at No comments:

Friday, August 28, 2020

Files Download Information




After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.

It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and Mediafire.

Mediafire suspended public access to Contagio account.

The file hosting will be moved.

If you need any files now, email me the posted Mediafire links (address in profile) and I will pull out the files and share via other methods.

P.S. I have not been able to resolve "yet" because it just happened today, not because they refuse to help.  I don't want to affect Mediafire safety reputation and most likely will have to move out this time.

The main challenge is not to find hosting, it is not difficult and I can pay for it, but the effort move all files and fix the existing links on the Blogpost, and there are many. I planned to move out long time ago but did not have time for it. If anyone can suggest how to change all Blogspot links in bulk, I will be happy.


P.P.S. Feb. 24 - The files will be moved to a Dropbox Business account and shared from there (Dropbox team confirmed they can host it )  

The transition will take some time, so email me links to what you need. 

Thank you all
M
Related news

Posted by at No comments:
Subscribe to: Posts (Atom)