SubOver - A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect and report potential subdomain takeovers that exist. The list of potentially hijackable services is very comprehensive and it is what makes this tool so powerful.

Installing
You need to have Python 2.7 installed on your machine. The following additional requirements are required -

• dnspython
• colorama

git clone https://github.com/Ice3man543/SubOver.git .
cd SubOver
# consider installing virtualenv
pip install -r requirements.txt
python subover.py -h

Usage
python subover.py -l subdomains.txt -o output_takeovers.txt

• -l subdomains.txt is the list of target subdomains. These can be discovered using various tool such as sublist3r or others.
• -o output_takeovers.txtis the name of the output file. (Optional & Currently not very well formatted)
• -t 20 is the default number of threads that SubOver will use. (Optional)
• -V is the switch for showing verbose output. (Optional, Default=False)

Currently Checked Services

• Github
• Heroku
• Unbounce
• Tumblr
• Shopify
• Instapage
• Desk
• Tictail
• Campaignmonitor
• Cargocollective
• Statuspage
• Amazonaws
• Cloudfront
• Bitbucket
• Squarespace
• Smartling
• Acquia
• Fastly
• Pantheon
• Zendesk
• Uservoice
• WPEngine
• Ghost
• Freshdesk
• Pingdom
• Tilda
• Wordpress
• Teamwork
• Helpjuice
• Helpscout
• Cargo
• Feedpress
• Freshdesk
• Surge
• Surveygizmo
• Mashery

Count : 36

FAQ
Q: What should my wordlist look like?
A: Your wordlist should include a list of subdomains you're checking and should look something like:

backend.example.com
something.someone.com
apo-setup.fxc.something.com

Your tool sucks!
Yes, you're probably correct. Feel free to:

• Not use it.
• Show me how to do it better.

Contact
Twitter: @Ice3man543

Credits

• Subdomain Takeover Scanner by 0x94
• subjack : Hostile Subdomain Takeover Tool Written In GO
• Anshumanbh : tko-subs

Download SubOver

Related word

• Cómo Se Escribe Hacker
• Certificacion Hacking Etico
• Drupal Hacking
• Drupal Hacking
• Paginas Para Hackear
• Black Hacker
• Paginas De Hacking
• Definicion De Hacker
• Libros De Hacking Pdf

Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C

Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.

Usage

$ lulzbuster -H
    __      __      __               __
   / /_  __/ /___  / /_  __  _______/ /____  _____
  / / / / / /_  / / __ \/ / / / ___/ __/ _ \/ ___/
 / / /_/ / / / /_/ /_/ / /_/ (__  ) /_/  __/ /
/_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/

        --==[ by nullsecurity.net ] ==--

usage

  lulzbuster -s <arg> [opts] | <misc>

target options

  -s <url>       - start url to begin scan with

http options

  -h <type>      - http request type (default: GET) - ? to list types
  -x <code>      - exclude http status codes (default: 400,404,500,501,502,503
                   multi codes separated by ',')
  -f             - follow http redirects. hint: better try appending a '/'
                   with '-A' option first instead of using '-f'
  -F <num>       - num level to follow http redirects (default: 0)
  -u <str>       - use   r-agent string (default: built-in windows firefox)
  -U             - use random built-in user-agents
  -c <str>       - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz')
  -a <creds>     - http auth credentials (format: <user>:<pass>)
  -r             - turn on auto update referrer
  -j <num>       - define http version (default: curl's default) - ? to list

timeout options

  -D <num>       - num seconds for delay between requests (default: 0)
  -C <num>       - num seconds for connect timeout (default: 10)
  -R <num>       - num seconds for request timeout (default: 30)
  -T <num>       - num seconds to give up and exit lulzbuster completely
                   (default: none)

tuning options

  -t <num>       - num threads for concurrent scanning (default: 30)
  -g <num>       - num connection cache size for curl (default: 30)
                   note: this value should always equal to -t's value

other options

  -w <file>      - wordlist file
                   (default: /usr/local/share/lulzbuster/lists/medium.txt)
  -A <str>       - append any words separated by comma (e.g. '/,.php,~bak)
  -p <addr>      - proxy address (format: <scheme>://<host>:<port>) - ? to
                   list supported schemes
  -P <creds>     - proxy auth credentials (format: <user>:<pass>)
  -i             - insecure mode (skips ssl/tls cert verification)
  -S             - smart mode aka eliminate false-positives, more infos,
                   et   c. (use this if speed is not your 1st priority!)
  -n <str>       - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222'
                   multi separated by '.')
  -l <file>      - log found paths and valid urls to file

misc

  -X             - print built-in user-agents
  -V             - print version of lulzbuster and exit
  -H             - print this help and exit

Author
noptrix

Notes

• clean code; real project
• lulzbuster is already packaged and available for BlackArch Linux
• My master-branches are always stable; dev-branches are created for current work.
• All of my public stuff you find are officially announced and published via nullsecurity.net.

Disclaimer
We hereby emphasize, that the hacking related stuff found on nullsecurity.net are only for education purposes. We are not responsible for any damages. You are responsible for your own actions.

Download Lulzbuster

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Read more

• Hacker Definicion
• Hacking Growth
• Growth Hacking Que Es

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

More information

• Mind Hacking
• Hacking Youtube
• Que Es Growth Hacking

Spykey - FUD Win32 Keylogger And Reverse Shell

More info

1. Curso De Hacking Etico Gratis
2. Hacking Programs
3. Hacking Life
4. Mindset Hacking Español
5. Hacking Con Buscadores
6. Capture The Flag Hacking

HaCode - FUD Backdoor Generator / Remote Administration Tool

More articles

1. Hacking Time
2. Hacking Raspberry Pi
3. Hacking Social
4. Ethical Hacking Curso
5. Mindset Hacking Nacho
6. Sean Ellis Hacking Growth
7. Aprender A Ser Hacker
8. Hacking System
9. Hacking Linkedin
10. Que Es Un Hacker
11. Que Es El Hacking Etico

Ethical Hackers Platform: How To Install A bWAPP In Windows 2018

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.

What makes bWAPP so unique? Well, it has over 100 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.  bWAPP is for web application security-testing and educational purposes only.

Have fun with this free and open source project!
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP. Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.

First of all you have need to install a local server over system that may be XAMPP, WAMP or LAMP. These servers are totally free of cost you can freely download from the internet. Mostly XAMPP is used because it has more functionalities than others on the other hand WAMP is also a simple platform for PHP while, LAMP is used over the Linux distributions. After downloading any one of them you have need to install that first after that you'll be able to configure bWAPP over your system.

Why we use the software application for configuring this bWAPP? As we know PHP is a server side language and there must be a server to read the PHP script. Without using any server we can't do programming with PHP. If you have a little piece of code of PHP you must install a server in your system for running that PHP script.