店長ブログ

釣りエサ専門店SABANIZM店長のブログです。

2020年4月27日月曜日

Snmpcheck


"snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD, Windows systems and Cygwin. snmpcheck is distributed under GPL license and based on Athena-2k script by jshaw. " read more...

Website: http://www.nothink.org/perl/snmpcheck


Related articles

2020年4月26日日曜日

Attacking Financial Malware Botnet Panels - SpyEye

This is the second blog post in the "Attacking financial malware botnet panels" series. After playing with Zeus, my attention turned to another old (and dead) botnet, SpyEye. From an ITSEC perspective, SpyEye shares a lot of vulnerabilities with Zeus. 

The following report is based on SpyEye 1.3.45, which is old, and if we are lucky, the whole SpyEye branch will be dead soon. 

Google dorks to find SpyEye C&C server panel related stuff:

  • if the img directory gets indexed, it is rather easy, search for e.g. inurl:b-ftpbackconnect.png
  • if the install directory gets indexed, again, easy, search for e.g. inurl:spylogo.png
  • also, if you find a login screen, check the css file (style.css), and you see #frm_viewlogs, #frm_stat, #frm_botsmon_country, #frm_botstat, #frm_gtaskloader and stuff like that, you can be sure you found it
  • otherwise, it is the best not to Google for it, but get a SpyEye sample and analyze it
And this is how the control panel login looks like, nothing sophisticated:


The best part is that you don't have to guess the admin's username ;)

This is how an average control panel looks like:


Hack the Planet! :)

Boring vulns found (warning, an almost exact copy from the Zeus blog post)


  • Clear text HTTP login - you can sniff the login password via MiTM, or steal the session cookies
  • No password policy - admins can set up really weak passwords
  • No anti brute-force - you can try to guess the admin's password. There is no default username, as there is no username handling!
  • Password autocomplete enabled - boring
  • Missing HttpOnly flag on session cookie - interesting when combining with XSS
  • No CSRF protection - e.g. you can upload new exe, bin files, turn plugins on/off :-( boring. Also the file extension check can be bypassed, but the files are stored in the database, so no PHP shell this time. If you check the following code, you can see that even the file extension and type is checked, and an error is shown, but the upload process continues. And even if the error would stop the upload process, the check can be fooled by setting an invalid $uptype. Well done ...
        if ($_FILES['file']['tmp_name'] && ($_FILES['file']['size'] > 0))
        {
                $outstr = "<br>";
                set_time_limit(0);
                $filename = str_replace(" ","_",$_FILES['file']['name']);
                $ext = substr($filename, strrpos($filename, '.')+1);
                if( $ext==='bin' && $uptype!=='config' ) $outstr .= "<font class='error'>Bad CONFIG extension!</font><br>";
                if( $ext==='exe' && $uptype!=='body' && $uptype!=='exe' ) $outstr .= "<font class='error'>Bad extension!</font><br>";

                switch( $uptype )
                {
                case 'body': $ext = 'b'; break;
                case 'config': $ext = 'c'; break;
                case 'exe': $ext = 'e'; break;
                default: $ext = 'e';
                }
                $_SESSION['file_ext'] = $ext;
                if( isset($_POST['bots']) && trim($_POST['bots']) !== '')
              {
                        $bots = explode(' ', trim($_POST['bots']));
                        //writelog("debug.log", trim($_POST['bots']));
                      $filename .= "_".(LastFileId()+1);
                }
                if( FileExist($filename) ) $filename .= LastFileId();
                $tmpName  = $_FILES['file']['tmp_name'];
                $fileSize = $_FILES['file']['size'];
                $fileType = $_FILES['file']['type'];
                ## reading all file for calculating hash
                $fp = fopen($tmpName, 'r');
  • Clear text password storage - the MySQL passwords are stored in php files, in clear text. Also, the login password to the form panel is stored in clear text.
  • MD5 password - the passwords stored in MySQL are MD5 passwords. No PBKDF2, bcrypt, scrypt, salt, whatever. MD5. Just look at the pure simplicity of the login check, great work!
$query = "SELECT * FROM users_t WHERE uPswd='".md5($pswd)."'";
  • ClickJacking - really boring stuff

    SQL injection


    SpyEye has a fancy history of SQL injections. See details here, here, here, video here and video here.

    It is important to highlight the fact that most of the vulnerable functions are reachable without any authentication, because these PHP files lack user authentication at the beginning of the files.

    But if a C&C server owner gets pwned through this vuln, it is not a good idea to complain to the developer, because after careful reading of the install guide, one can see:

    "For searching info in the collector database there is a PHP interface as formgrabber admin panel. The admin panel is not intended to be found on the server. This is a client application."

    And there are plenty of reasons not to install the formgrabber admin panel on any internet reachable server. But this fact leads to another possible vulnerability. The user for this control panel is allowed to remotely login to the MySQL database, and the install guide has pretty good passwords to be reused. I mean it looks pretty secure, there is no reason not to use that.

    CREATE USER 'frmcpviewer' IDENTIFIED BY 'SgFGSADGFJSDGKFy2763272qffffHDSJ';

    Next time you find a SpyEye panel, and you can connect to the MySQL database, it is worth a shot to try this password.

    Unfortunately the default permissions for this user is not enough to write files (select into outfile):

    Access denied for user 'frmcpviewer' (using password: YES)

    I also made a little experiment with this SQL injection vulnerability. I did set up a live SpyEye botnet panel, created the malware install binaries (droppers), and sent the droppers to the AV companies. And after more and more sandboxes connected to my box, someone started to exploit the SQL injection vulnerability on my server!

    63.217.168.90 - - [16/Jun/2014:04:43:00 -0500] "GET /form/frm_boa-grabber_sub.php?bot_guid=&lm=3&dt=%20where%201=2%20union%20select%20@a:=1%20from%20rep1%20where%20@a%20is%20null%20union%20select%20@a:=%20@a%20%2b1%20union%20select%20concat(id,char(1,3,3,7),bot_guid,char(1,3,3,7),process_name,char(1,3,3,7),hooked_func,char(1,3,3,7),url,char(1,3,3,7),func_data)%20from%20rep2_20140610%20where%20@a=3%23 HTTP/1.1" 200 508 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"

    Although the query did not return any meaningful data to the attacker (only data collected from sandboxes), it raises some legal questions.

    Which company/organization has the right to attack my server? 
    • police (having a warrant)
    • military (if we are at war)
    • spy agencies (always/never, choose your favorite answer)
    • CERT organisations?

    But, does an AV company or security research company has the legal right to attack my server? I don't think so... The most problematic part is when they hack a server (without authorization), and sell the stolen information in the name of "intelligence service". What is it, the wild wild west?

    The SQLi clearly targets the content of the stolen login credentials. If this is not an AV company, but an attacker, how did they got the SpyEye dropper? If this is an AV company, why are they stealing the stolen credentials? Will they notify the internet banking owners about the stolen credentials for free? Or will they do this for money?

    And don't get me wrong, I don't want to protect the criminals, but this is clearly a grey area in the law. From an ethical point of view, I agree with hacking the criminal's servers. As you can see, the whole post is about disclosing vulns in these botnet panels. But from a legal point of view, this is something tricky ... I'm really interested in the opinion of others, so comments are warmly welcome.

    On a side note, I was interested how did the "attackers" found the SpyEye form directory? Easy, they brute-forced it, with a wordlist having ~43.000 entries.

    (Useless) Cross site scripting


    Although parts of the SpyEye panel are vulnerable to XSS, it is unlikely that you will to find these components on the server, as these codes are part of the install process, and the installer fails to run if a valid install is found. And in this case, you also need the DB password to trigger the vuln...



    Session handling


    This is a fun part. The logout button invalidates the session only on the server side, but not on the client side. But if you take into consideration that the login process never regenerates the session cookies (a.k.a session fixation), you can see that no matter how many times the admin logs into the application, the session cookie remains the same (until the admin does not close the browser). So if you find a session cookie which was valid in the past, but is not working at the moment, it is possible that this cookie will be valid in the future ...

    Binary server


    Some parts of the SpyEye server involve running a binary server component on the server, to collect the form data. It would be interesting to fuzz this component (called sec) for vulns.

    Log files revealed


    If the form panel mentioned in the SQLi part is installed on the server, it is worth visiting the <form_dir>/logs/error.log file, you might see the path of the webroot folder, IP addresses of the admins, etc.

    Reading the code


    Sometimes reading the code you can find code snippets, which is hard to understand with a clear mind:

    $content = fread($fp, filesize($tmpName));
    if ( $uptype === 'config' )
        $md5 = GetCRC32($content);
    else $md5 = md5($content);
    ....
    <script>
    if (navigator.userAgent.indexOf("Mozilla/4.0") != -1) {
    alert("Your browser is not support yet. Please, use another (FireFox, Opera, Safari)");
    document.getElementById("div_main").innerHTML = "<font class=\'error\'>ChAnGE YOuR BRoWsEr! Dont use BUGGED Microsoft products!</font>";
    }
    </script>

    Decrypting SpyEye communication

    It turned out that the communication between the malware and C&C server is not very sophisticated (Zeus does a better job at it, because the RC4 key stream is generated from the botnet password).

    function DeCode($content)
    {
    $res = '';
    for($i = 0; $i < strlen($content); $i++)
    {
    $num = ord($content[$i]);
    if( $num != 219) $res .= chr($num^219);
    }
    return $res;
    }
    Fixed XOR key, again, well done ...
    This means that it is easy to create a script, which can communicate with the SpyEye server. For example this can be used to fill in the SpyEye database with crap data.


    import binascii
    import requests
    import httplib, urllib

    def xor_str(a, b):
    i = 0
    xorred = ''
    for i in range(len(a)):
    xorred += chr(ord(a[i])^b)
    return xorred

    b64_data= "vK6yv+bt9er17O3r6vqPnoiPjZb2i5j6muvo6+rjmJ/9rb6p5urr6O/j/bK+5uP16/Xs7evq9ers7urv/bSo5u316vXs7evq/a6v5pq/trK1/bi4qbjm453j6uPv7Or9tr/u5um+uuvpve3p7eq/4+vsveLi7Lnqvrjr6ujs7rjt7rns/au3vOa5sre3srW8s7q2tr6p4Lm3tLiw4LmuvKm+q7Spr+C4uPu8qbq5ub6p4Li4vKm6ubm+qeC4qb6/sq+8qbq54LiuqK+0tri0tbW+uK+0qeC/v7So4L+1qLqrsuC+trqyt7ypurm5vqngvb24vqmvvKm6ubm+qeC9/aivuq/mtLW3srW+"
    payload =xor_str (binascii.a2b_base64(b64_data), 219)
    print ("the decrypted payload is: " + payload)
    params = (binascii.b2a_base64(xor_str(payload,219)))
    payload = {'data': params}
    r = requests.post("http://spyeye.localhost/spyeye/_cg/gate.php", data=payload)

    Morale of the story?


    Criminals produce the same shitty code as the rest of the world, and thanks to this, some of the malware operators get caught and are behind bars now. And the law is behind the reality, as always.

    Related word


    1. Etica Hacker
    2. Como Hacker
    3. Growth Hacking Que Es
    4. Hacking Pdf
    5. Reddit Hacking
    6. Kali Linux Hacking
    7. Hacking Traduccion
    8. Growth Hacking Libro
    9. Wifi Hacking App
    10. Foro Hacking

    2020年4月24日金曜日

    Top Linux Commands Related To Hardware With Descriptive Definitions


    Commands in Linux are just the keys to explore and close the Linux. As you can do things manually by simple clicking over the programs just like windows to open an applications. But if you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well. In this blog you will exactly get the content about Linux hardware commands which are related to CPU and memory processes.

    dmesg

    The dmesg command is used in Linux distribution for the sake of detecting hardware and boot messages in the Linux system.

    cat /proc/cpuinfo

    The cat command is basically used to read something over the terminal like cat index.py will display all the content which exist in index.py over the terminal. So cat /proc/cpuinfo will display the model of the CPU over the terminal.

    cat /proc/meminfo

    This command is similar to the above command but the only difference is that this command shows the information of hardware memory over the terminal. Because it will open the memory info file over the terminal.

    cat /proc/interrupts

    This command is also similar to the above command but there is the difference of one thing that this command will display lists the number of interrupts per CPU per input output device.

    lshw

    This command is used in Linux operating system to displays information on hardware configuration of the system in Linux.

    lsblk

    The "lsblk" command is used in Linux operating system to displays block device related information in the Linux operating system.

    dmidecode

    The "dmidecode" command is used in Linux distributions to display the information about hardware from the BIOS.

    hdparm -i /dev/sda

    The hdparm command basically used to display the information about the disks available in the system. If you wanna know the information about the "sda" disk so just type "hdparm -i /dev/sda" and if you wanna know the information about "sdb" so just type "hdparm -i /dev/sdb".

    hdparm -tT

    The "hdparm" command is used for displaying the information about disks as we discussed in above command. If you wanna do a read speed test on the disk sda or sdb just type the command "hdparm -tT /dev/sda".

    badblocks -s /dev/sda

    This command is used in linux to display test operations for unreadable blocks on disk sda. If the command is like "badblocks -s /dev/sdb" it will display test operations for unreadable blocks on disk sdb.

    Related articles


    1. Wifi Hacking App
    2. Hacking Web
    3. Chema Alonso Libros
    4. Hacking Mac
    5. Hacking-Lab
    6. Hacking Wifi Android
    7. Curso Growth Hacking
    8. Viral Hacking
    9. Life Hacking

    2020年4月23日木曜日

    DeepEnd Research: Analysis Of Trump's Secret Server Story


     We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

    Analysis of Trump's secret server story...



    Related word


    BurpSuite Introduction & Installation



    What is BurpSuite?
    Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

    In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











    Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

    BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

    Requirements and assumptions:

    Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

    Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

    on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


    If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


    Video for setup and installation.




    You need to install compatible version of java , So that you can run BurpSuite.
    Continue reading

    FOOTPRITING AND INFORMATION GATHERING USED IN HACKING

    WHAT IS FOOTPRITING AND INFORMATION GATHERING IN HACKING?

    Footpriting is the technique used for gathering information about computer systems and the entities they belongs too. 
    To get this information, a hacker might use various tools and technologies.

    Basically it is the first step where hacker gather as much information as possible to find the way for cracking the whole system or target or atleast decide what types of attacks will be more suitable for the target.

    Footpriting can be both passive and active.

    Reviewing a company's website is an example of passive footprinting, 
    whereas attempting to gain access to sensititve information through social engineering is an example of active information gathering.

    During this phase hacking, a hacker can collect the following information>- Domain name
    -IP Addresses
    -Namespaces
    -Employee information 
    -Phone numbers
    -E-mails 
    Job information

    Tip-You can use http://www.whois.com/ website to get detailed information about a domain name information including its owner,its registrar, date of registration, expiry, name servers owner's contact information etc.

    Use of  Footprinting & Information Gathering in People Searching-
    Now a days its very easy to find anyone with his/her full name in social media sites like Facebook, Instragram,Twitter,Linkdedin to gather information about date of birth,birthplace, real photos, education detail, hobbies, relationship status etc.

    There are several sites like PIPL,PeekYou, Transport Sites such as mptransport,uptransport etc and Job placement Sites such as Shine.com,Naukari.com , Monster.com etc which are very useful for hacker to collect information about anyone.  
    Hacker collect the information about you from your Resume which you uploaded on job placement site for seeking a job as well as  hacker collect the information from your vehicle number also from transport sites to know about the owner of vehicle, adderess etc then after they make plan how to attack on victim to earn money after know about him/her from collecting information.




    INFORMATION GATHERING-It is the process of collecting the information from different places about any individual company,organization, server, ip address or person.
    Most of the hacker spend his time in this process.

    Information gathering plays a vital role for both investigating and attacking purposes.This is one of the best way to collect victim data and find the vulnerability and loopholes to get unauthorized modifications,deletion and unauthorized access.



    Related links
    1. Start Hacking
    2. Rom Hacking Pokemon
    3. Aprender Hacking Desde Cero
    4. Hacker Definicion
    5. Google Hacking Search
    6. Hacking Growth
    7. Wifi Hacking App
    8. Hacking Meaning
    9. Elladodelmal

    The OWASP Foundation Has Selected The Technical Writer For Google Season Of Docs

    The OWASP Foundation has selected the technical writer for Google Season of Docs by Fabio Cerullo


    The OWASP Foundation has been accepted as the organization for the Google Seasons of Docs, a project whose goals are to give technical writers an opportunity to gain experience in contributing to open source projects and to give open-source projects an opportunity to engage the technical writing community.

    During the program, technical writers spend a few months working closely with an open-source community. They bring their technical writing expertise to the project's documentation, and at the same time learn about open source and new technologies.

    The open-source projects work with the technical writers to improve the project's documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open-source community's contribution procedures and onboarding experience. Together, we raise public awareness of open source docs, of technical writing, and of how we can work together to the benefit of the global open source community.

    After a careful review and selection process, the OWASP Foundation has picked the primary technical writer who will work along the OWASP ZAP Team for the next 3 months to create the API documentation of this flagship project.

    Congratulations to Nirojan Selvanathan!

    Please refer to the linked document where you could look at the deliverables and work execution plan.



    Related articles


    1. Hacking Etico Curso Gratis
    2. Growth Hacking Madrid
    3. Hackers Informaticos Contactar
    4. Etica Definicion
    5. Cómo Se Escribe Hacker

    BurpSuite Introduction & Installation



    What is BurpSuite?
    Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

    In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











    Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

    BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

    Requirements and assumptions:

    Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

    Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

    on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


    If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


    Video for setup and installation.




    You need to install compatible version of java , So that you can run BurpSuite.
    Related posts

    2020年4月21日火曜日

    How To Create Fake Email Address Within Seconds

    How To Create Fake Email Address Within Seconds

    How To Create Fake Email Address Within Seconds

    Email address is a type of identification by which an email receiver identifies the person who sends mail to him/her. That's why while creating an email address you need to enter your personal details that must be valid. However, what if we tell you that you can create an email address that doesn't require any validation of personal details and that email address gets permanently deleted after your work is done. So here we have a method To Create Fake Email Address. By this, you can create a fake email address that will get auto-deleted after ten minutes. Just follow the below steps to proceed.

    Note:  The method we are discussing is just for a known purpose and should not be used for any illegal purposes, as we will be not responsible for any wrongdoing.

    How To Create Fake Email Address Within Seconds

    The method of creating a fake email address is very simple and easy as these are based on online websites that will provide you a free email address without taking any personal details from you.

    #1 10 Minute Mail

    10 Minute Mail
    10 Minute Mail
    10 Minute Mail will provide you a temporary e-mail address. Any e-mails sent to that address will show automatically on the web page. You can read them, click on links, and even reply to them. The email address will expire after 10 minutes.

    #2 GuerrillaMail

    Guerrillamail
    Guerrillamail
    It is one of the most user-friendly ones out there, with this, you can get disposable email ID easily. You need to enter the details, and the fake email ID will be generated. Moreover, this also lets you send emails with attachment up to 150MB. You will be provided with a temporary email address which you can use to verify some websites which require the email address.

    #3 Mailinator

    Mailinator
    Mailinator
    Mailinator is a free, Public, Email System where you can use any inbox you want. You will be given a Mailinator address which you can use anytime a website asks for an email address. The public emails you will receive will be auto-deleted after few hours of receiving.

    #4 MailDrop

    MailDrop
    MailDrop
    Maildrop is a great idea when you want to sign up for a website but you are concerned that they might share your address with advertisers. MailDrop is powered by some of the spam filters created by Heluna, used in order to block almost all spam attempts before they even get to your MailDrop inbox. This works the same way like Mailinator in which you will be given a temporary Email address which you can use to verify sites etc.

    #5 AirMail

    AirMail
    AirMail
    AirMail is a free temporary email service, you are given a random email address you can use when registering to new websites or test-driving untrusted services. All emails received by AirMail servers are displayed automatically in your online browser inbox.

    Read more


    1. Hackrf Tools
    2. Hackers Toolbox
    3. Hacker Tools Free Download
    4. Nsa Hacker Tools
    5. Pentest Tools Android
    6. Hacking Tools Online
    7. Tools For Hacker
    8. Hacker Tools Mac
    9. Hack Tools
    10. Pentest Tools Android
    11. World No 1 Hacker Software
    12. Nsa Hacker Tools
    13. Hacking App
    14. Hacks And Tools
    15. Underground Hacker Sites
    16. Hacker Tools 2019
    17. Tools For Hacker
    18. Hacking Tools 2019
    19. Hack Tool Apk
    20. Hacker Tools Online
    21. Hack Tools Pc
    22. Hacking Tools And Software
    23. Hack Tool Apk
    24. Pentest Tools Port Scanner
    25. Hacker
    26. Hacker Tools Windows
    27. Beginner Hacker Tools

    JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan


    A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

    Features
    • Scanning the Joomla CMS sites in search of components/extensions (database of more than 600 components);
    • Locate the browsable folders of component (Index of ...);
    • Locate the components disabled or protected
    • Locate each file useful to identify the version of a components (Readme, Manifest, License, Changelog)
    • Locate the robots.txt file or error_log file
    • Supports HTTP or HTTPS connections
    • Connection timeout

    Next Features
    • Locate the version of Joomla CMS
    • Find Module
    • Customized User Agent and Random Agent
    • The user can change the connection timeout
    • A database of vulnerable components

    Usage
    usage: python joomlascan.py [-h] [-u URL] [-t THREADS] [-v]
    optional arguments:
    -h, --help              show this help message and exit

    -u URL, --url URL The Joomla URL/domain to scan.
    -t THREADS, --threads THREADS
    The number of threads to use when multi-threading
    requests (default: 10).
    -v, --version show program's version number and exit

    Requirements
    • Python
    • beautifulsoup4 (To install this library from terminal type: $ sudo easy_install beautifulsoup4 or $ sudo pip install beautifulsoup4)

    Changelog
    • 2016.12.12 0.5beta > Implementation of the Multi Thread, Updated database from 656 to 686 components, Fix Cosmetics and Minor Fix.
    • 2016.05.20 0.4beta > Find README.md, Find Manifes.xml, Find Index file of Components (Only if descriptive), User Agent and TimeOut on Python Request, Updated database from 587 to 656 components, Fix Cosmetics and Minor Fix.
    • 2016.03.18 0.3beta > Find index file on components directory
    • 2016.03.14 0.2beta > Find administrator components and file Readme, Changelog, License.
    • 2016.02.12 0.1beta > Initial release




    Related articles

    Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources


    About Lockdoor-Framework
        Author: SofianeHamlaoui
       Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

       LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

    Lockdoor-Framework installation:
       For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

       Open your Terminal and enter these commands:

    You can watch detail here:

    Lockdoor Tools contents 🛠️:
     * Information Gathering 🔎:
    • dirsearch: A Web path scanner
    • brut3k1t: security-oriented bruteforce framework
    • gobuster: DNS and VHost busting tool written in Go
    • Enyx: an SNMP IPv6 Enumeration Tool
    • Goohak: Launchs Google Hacking Queries Against A Target Domain
    • Nasnum: The NAS Enumerator
    • Sublist3r: Fast subdomains enumeration tool for penetration testers
    • wafw00f: identify and fingerprint Web Application Firewall
    • Photon: ncredibly fast crawler designed for OSINT.
    • Raccoon: offensive security tool for reconnaissance and vulnerability scanning
    • DnsRecon: DNS Enumeration Script
    • Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
    • sherlock: Find usernames across social networks
    • snmpwn: An SNMPv3 User Enumerator and Attack tool
    • Striker: an offensive information and vulnerability scanner.
    • theHarvester: E-mails, subdomains and names Harvester
    • URLextractor: Information gathering & website reconnaissance
    • denumerator.py: Enumerates list of subdomains
    • other: other Information gathering,recon and Enumeration scripts I collected somewhere.
    • ReconDog: Reconnaissance Swiss Army Knife
    • RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
    • Dracnmap: Info Gathering Framework
     * Web Hacking 🌐:
    • Spaghetti: Spaghetti - Web Application Security Scanner
    • CMSmap: CMS scanner
    • BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
    • J-dorker: Website List grabber from Bing
    • droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
    • Optiva: Web Application Scanner
    • V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
    • AtScan: Advanced dork Search & Mass Exploit Scanner
    • WPSeku: Wordpress Security Scanner
    • WPScan: A simple Wordpress scanner written in python
    • XSStrike: Most advanced XSS scanner.
    • SQLMap: automatic SQL injection and database takeover tool
    • WhatWeb: the Next generation web scanner
    • joomscan: Joomla Vulnerability Scanner Project
    • Dzjecter: Server checking Tool
     * Privilege Escalation ⚠️:
    • Linux 🐧:linux_checksec.sh
         linux_enum.sh
         linux_gather_files.sh
         linux_kernel_exploiter.pl
         linux_privesc.py
         linux_privesc.sh
         linux_security_test
         Linux_exploits folder
    • Windows Windows:   windows-privesc-check.py
         windows-privesc-check.exe
    • MySql:raptor_udf.c
         raptor_udf2.c
     * Reverse Engineering ⚡:
    • Radare2: unix-like reverse engineering framework
    • VirtusTotal: VirusTotal tools
    • Miasm: Reverse engineering framework
    • Mirror: reverses the bytes of a file
    • DnSpy: .NET debugger and assembly
    • AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
    • DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
    • Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
    • yara: a tool aimed at helping malware researchers toidentify and classify malware samples
    • Spike: a protocol fuzzer creation kit + audits
    • other: other scripts collected somewhere
     * Exploitation ❗:
    • Findsploit: Find exploits in local and online databases instantly
    • Pompem: Exploit and Vulnerability Finder
    • rfix: Python tool that helps RFI exploitation.
    • InUrlBr: Advanced search in search engines
    • Burpsuite: Burp Suite for security testing & scanning.
    • linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
    • other: other scripts I collected somewhere.
     * Shells 🐚:
    • WebShells: BlackArch's Webshells Collection
    • ShellSum: A defense tool - detect web shells in local directories
    • Weevely: Weaponized web shell
    • python-pty-shells: Python PTY backdoors
     * Password Attacks ✳️:
    • crunch : a wordlist generator
    • CeWL : a Custom Word List Generator
    • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
     * Encryption - Decryption 🛡️:
    • Codetective: a tool to determine the crypto/encoding algorithm used
    • findmyhash: Python script to crack hashes using online services
     * Social Engineering 🎭:
    • scythe: an accounts enumerator

    Contributing:
    1. Fork Lockdoor-Framework:
      git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
    2. Create your feature branch
    3. Commit your changes
    4. Push to the branch
    5. Create a new Pull Request

    Features 📙:
    • Pentesting Tools Selection 📙:
       Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
       what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
       Easy customization: Easily add/remove tools. (Added value)
       Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]
    • Resources and cheatsheets 📙 (Added value):
       Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
       Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

    Check the Wiki Pages to know more about the tool 📙:
    Lockdoor-Framework's screenshots:
    First Step
    Lockdoor update
    ROOT Menu
    Information Gathering
    Web Hacking
    Exploitation
    Reverse Engineering
    Enc/Dec
    Password Attacks
    Shells
    PrivEsc
    Social Engineering
    PSAFRT
    Walkthroughs
    About
    Support the author:
       On Paypal: Sofiane Hamlaoui
       BTC Address: 

    Related posts
    1. Hacker Tools List
    2. Hack Apps
    3. Hack Tool Apk No Root
    4. Computer Hacker
    5. Pentest Box Tools Download
    6. Hacker Tools
    7. Hacker Tools Windows
    8. Pentest Tools Tcp Port Scanner
    9. Hack Rom Tools
    10. Pentest Tools Free
    11. Bluetooth Hacking Tools Kali
    12. Tools For Hacker
    13. Nsa Hacker Tools
    14. Hacker Tools For Mac
    15. Hacker Tools Mac
    16. Hacking Tools Windows 10
    17. Hacker Tools Mac
    18. New Hacker Tools
    19. Underground Hacker Sites
    20. Pentest Tools Open Source
    21. Hacking Tools Free Download
    22. Pentest Tools Kali Linux
    23. Hacking Tools Kit
    24. Hacking Tools For Windows
    25. Hacking Tools 2019
    26. Hack Tools For Windows
    27. How To Make Hacking Tools
    28. Hacking Tools Github
    29. Hack Tools Github