OSIF: An Open Source Facebook Information Gathering Tool

About OSIF
   OSIF is an accurate Facebook account information gathering tool, all sensitive information can be easily gathered even though the target converts all of its privacy to (only me), sensitive information about residence, date of birth, occupation, phone number and email address.

For your privacy and security, i don't suggest using your main account!

OSIF Installtion
   For Termux users, you must install python2 and git first:
pkg update upgrade
pkg install git python2

   And then, open your Terminal and enter these commands:   If you're Windows user, follow these steps:

• Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
• Download OSIF-master zip file.
• Then unzip it.
• Open CMD or PowerShell at the OSIF folder you have just unzipped and enter these commands:
pip install -r requirements.txt
python osif.py

Before you use OSIF, make sure that:

• Turn off your VPN before using this tool.
• Do not overuse this tool.
• if you are confused how to use it, please type help to display the help menu or watch the video below.

How to use OSIF?

Download OSIF

Related posts

1. Hacking The System
2. Pentest Training
3. Hackerrank Sql
4. Pentest Active Directory
5. Basic Pentest 1 Walkthrough
6. Pentesting And Ethical Hacking
7. Pentest Report
8. Pentest Owasp Top 10
9. Hacking Books
10. Pentest Wifi
11. Hacker Ethic
12. Pentest Example Report

Spaghetti: A Website Applications Security Scanner

About Spaghetti
   Author: m4ll0k

• Github: m4ll0k
• Twitter: m4ll0k

   Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on Python 2.7 and can run on any platform which has a Python environment.

Spaghetti Installation:

Spaghetti's Features:
   Fingerprints:

• Server:
• Web Frameworks (CakePHP,CherryPy,...)
• Web Application Firewall (Waf)
• Content Management System (CMS)
• Operating System (Linux,Unix,..)
• Language (PHP,Ruby,...)
• Cookie Security

   Discovery:

• Bruteforce:Admin Interface
  Common Backdoors
  Common Backup Directory
  Common Backup File
  Common Directory
  Common FileLog File
• Disclosure: Emails, Private IP, Credit Cards

   Attacks:

• HTML Injection
• SQL Injection
• LDAP Injection
• XPath Injection
• Cross Site Scripting (XSS)
• Remote File Inclusion (RFI)
• PHP Code Injection

   Other:

• HTTP Allow Methods
• HTML Object
• Multiple Index
• Robots Paths
• Web Dav
• Cross Site Tracing (XST)
• PHPINFO
• .Listing

   Vulns:

• ShellShock
• Anonymous Cipher (CVE-2007-1858)
• Crime (SPDY) (CVE-2012-4929)
• Struts-Shock

Spaghetti Example:
python spaghetti --url example.com --scan 0 --random-agent --verbose

Download Spaghetti

More information

1. Pentest Keys
2. Hacking Attack
3. Pentest With Metasploit
4. Pentest Stages
5. Hacker Website
6. Hacker Google
7. Hacking Tutorials
8. Pentest Report
9. Pentest Azure
10. Hacking For Dummies
11. Pentest Example Report
12. Pentest Lab Setup
13. Hacking Jacket
14. Hacker Website

WHY WE DO HACKING?

Purpose of Hacking?
. Just for fun
.Show-off
.Steal important information 
.Damaging the system
.Hampering Privacy
.Money Extortion 
.System Security Testing
.To break policy compliance etc

Read more

1. Pentest Web Application
2. Hacking To The Gate
3. Pentest+ Vs Ceh
4. Pentest Online Course
5. Pentest Distro
6. Pentest Tools Github
7. Pentest+ Vs Oscp
8. Hacker Language
9. Hacking Simulator
10. Is Hacking Illegal
11. Pentest Iso
12. Pentest Practice Sites
13. How To Pentest A Network
14. Hacking With Linux
15. Pentesting And Ethical Hacking

Wirelurker For OSX, iOS (Part I) And Windows (Part II) Samples

PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao

PART I

Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

Sample credit: Claud Xiao

Download

Download Part I
Download Part II

Email me if you need the password

List of files

List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd

apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595

│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg
│
└───WhatsAppMessenger 2.11.7
            libiconv-2_.dll
            libxml2.dll
            libz_.dll
            mfc100u.dll
            msvcr100.dll
            WhatsAppMessenger 2.11.7.exe
            zlib1.dll
            使用说明.txt


Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36

sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases

│       foundation

│

├───dropped

│   ├───version_A

│   │   │   com.apple.globalupdate.plist

│   │   │   com.apple.machook_damon.plist

│   │   │   globalupdate

│   │   │   machook

│   │   │   sfbase.dylib

│   │   │   watch.sh

│   │   │

│   │   ├───dylib

│   │   │       libcrypto.1.0.0.dylib

│   │   │       libiconv.2.dylib

│   │   │       libimobiledevice.4.dylib

│   │   │       liblzma.5.dylib

│   │   │       libplist.2.dylib

│   │   │       libssl.1.0.0.dylib

│   │   │       libusbmuxd.2.dylib

│   │   │       libxml2.2.dylib

│   │   │       libz.1.dylib

│   │   │

│   │   ├───log

│   │   └───update

│   ├───version_B

│   │       com.apple.globalupdate.plist

│   │       com.apple.itunesupdate.plist

│   │       com.apple.machook_damon.plist

│   │       com.apple.watchproc.plist

│   │       globalupdate

│   │       itunesupdate

│   │       machook

│   │       start

│   │       WatchProc

│   │

│   └───version_C

│       │   com.apple.appstore.plughelper.plist

│       │   com.apple.appstore.PluginHelper

│       │   com.apple.MailServiceAgentHelper

│       │   com.apple.MailServiceAgentHelper.plist

│       │   com.apple.periodic-dd-mm-yy.plist

│       │   com.apple.systemkeychain-helper.plist

│       │   periodicdate

│       │   stty5.11.pl

│       │   systemkeychain-helper

│       │

│       └───manpath.d

│               libcrypto.1.0.0.dylib

│               libiconv.2.dylib

│               libimobiledevice.4.dylib

│               libiodb.dylib

│               liblzma.5.dylib

│               libplist.2.dylib

│               libssl.1.0.0.dylib

│               libusbmuxd.2.dylib

│               libxml2.2.dylib

│               libz.1.dylib

│               libzip.2.dylib

│

├───iOS

│       sfbase.dylib

│       sfbase_v4000.dylib

│       sfbase_v4001.dylib

│       start

│       stty5.11.pl

│

├───IPAs

│       7b9e685e89b8c7e11f554b05cdd6819a

│       pphelper

│

├───original

│       BikeBaron

│       CleanApp

│       FontMap1.cfg

│       start.sh

│

└───update

        start.sh

        update

Related news

• Hacker Code
• Hacker Website
• Pentest Ubuntu
• How To Pentest A Network
• Pentest Distro
• Pentest With Metasploit
• Pentest Report
• Hacker0Ne
• Pentest Security
• Hacking Jailbreak
• Hacking Apps
• Hacking Wifi

RenApp: The Ultimate File Renaming App

Download Here

Are you tired of managing your tens of thousands of files like jpgs, pngs, or others and you want a way to manage them as quick as possible then RenApp is solution for all problem.

RenApp lets you change names of many files of a particular type to a common name with added numbering. So no more time wasting in file management just four clicks and your files will be ordered.

Beside that RenApp can clean your folders and subfolders from backup files of .bak or .*~ extension. Removing backup files in order to make space available manually is a tedious work and can take lots of time but why do it that we've got RenApp just locate the folder and click remove it'll remove them all from that folder and its subfolders. 

Some of the features of RenApp are as:

•    Rename files to a common name.
•    Rename files of different extensions to a common name in one shot
•    Remove backup files from folder and subfolders.

R  RenApp is free and Opensource, written in Python with QT interface. Check out the source code at sourceforge.

Related news

1. Pentest Windows
2. Pentest Stages
3. Pentest Open Source
4. Hacking Attack
5. Hackintosh
6. Is Hacking Illegal
7. Is Hacking Illegal
8. Pentest Vs Ceh
9. Pentest Owasp Top 10
10. Hacking Resources
11. Hacking Software
12. Hackerone
13. Pentestmonkey Sql Injection

Exploit-Me

"Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available." read more...

Website: http://securitycompass.com/exploitme.shtml

Read more

1. Hacking Software
2. Hacking The Art Of Exploitation
3. Pentest Training
4. Hacking Jacket
5. Hacking Groups
6. Hacking Language
7. Pentest Cyber Security
8. Pentest Basics
9. Hacker On Computer
10. Hacking Images

PentestBox - Opensource PreConfigured Portable Penetration Testing Environment For The Windows

Related word

1. Pentest Example Report
2. Pentest+ Vs Ceh
3. Pentest Practice Sites
4. Pentesting
5. Hacker Attack
6. Hacking Vpn
7. Hacking Growth
8. Pentest Jobs
9. Hacking Vpn
10. Hacking Link
11. Hacking Box
12. Pentest News
13. Pentest Guide

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

Continue reading

1. Pentest Tools Framework
2. Hacking Attack
3. Hackerx
4. Pentest Dns Server
5. Hacker Typer
6. Pentest Firewall
7. Hacking Language
8. Pentest Wifi

Linux Command Line Hackery Series - Part 4

Welcome back to Linux Command Line Hackery, hope you have enjoyed this series so far. Today we are going to learn new Linux commands and get comfortable with reading text files on Linux.

Suppose that you wanted to view your /etc/passwd file. How will you do that? From what we have learned so far what you'll do is type:

cat /etc/passwd

And there you go, but really did you see all the output in one terminal? No, you just ended up with last few lines and you'll have to cheat (i,e use graphical scroll bar) in order to see all the contents of /etc/passwd file. So is there a command line tool in linux with which we can see all the contents of a file easily without cheating? Yes, there are actually a few of them and in this article we'll look at some common ones.

Command: more
Syntax:  more [options] file...
Function: more is a filter for paging through text one screenful at a time. With more we can parse a file one terminal at a time or line by line. We can also go backward and forward a number of lines using more.

So if we're to use more on /etc/passwd file how will we do that? We'll simply type

more /etc/passwd

now we'll get a screenful output of the file and have a prompt at the bottom of terminal. In order to move forward one line at a time press <Enter Key>. Using enter we can scroll through the file one line at a time. If you want to move one screen at a time, you can press <Space Key> to move one screen at a time. There are more functions of more program, you can know about them by pressing <h key>. To exit out of more program simply type <q key> and you'll get out of more program.

Command: less
Syntax: less [options] file...
Function: less is similar to more but less has more functionality than more. less is particularly useful when reading large files as less does not have to read the entire input file before starting, so it starts up quickly than many other editors.

less command is based on more so what you've done above with more can be done with less as well. Try it out yourself.

Command: head
Syntax: head [OPTION]... [FILE]...
Function: head command prints the head or first part of a file. By default head prints out first 10 lines of a file. If more than one file is specified, head prints first 10 lines of all files as a default behavior.

If we want to see only first 10 lines of /etc/passwd we can type:

head /etc/passwd

We can also specify to head how many lines we want to view by using the -n flag. Suppose you want to see first 15 lines of /etc/passwd file you've to type:

head -n 15 /etc/passwd

Ok you can view the first lines of a file what about last lines, is there a tool for that also? Exactly that's what our next command will be about.

Command: tail
Syntax: tail [OPTION]... [FILE]...
Function: tail is opposite of head. It prints the last 10 lines of a file by default. And if more than one file is specified, tail prints last 10 lines of all files by default.

To view last 10 lines of /etc/passwd file you'll type:

tail /etc/passwd

and as is the case with head -n flag can be used to specify the number of lines

tail -n 15 /etc/passwd

Now one more thing that we're going to learn today is grep.

Command: grep
Syntax: grep [OPTIONS] PATTERN [FILE...]
Function: grep is used to search a file for lines matching the pattern specified in the command.

A PATTERN can simply be a word like "hello" or it can be a regular expression (in geek speak regex). If you aren't familiar with regex, it's ok we'll not dive into that it's a very big topic but if you want to learn about it I'll add a link at the end of this article that will help you get started with regex.

Now back to grep say we want to find a line in /etc/passwd file which contains my user if we'll simply type:

grep myusername /etc/passwd

Wohoo! It gives out just that data that we're looking for. Remember here myusername is your username.
One cool flag of grep is -v which is used to look in file for every line except the line containing the PATTERN specified after -v [it's lowercase v].

Take your time practicing with these commands especially grep and more. We'll learn a lot more about grep in other upcoming articles.

References:
https://en.wikipedia.org/wiki/Regular_expression
http://www.regular-expressions.info/
Awesome website to learn Regular expressions - http://www.regexr.com/

More info

1. Hacker On Computer
2. Hacking Games Online
3. Pentest With Kali
4. Pentest Meaning
5. Hacking With Raspberry Pi
6. Hacking To The Gate
7. Pentestmonkey Cheat Sheet
8. What Hacking Is
9. Pentest Vpn
10. Hacking Games
11. Pentest Blog
12. Pentestmonkey Cheat Sheet
13. Hackerrank