Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Stars: ✭ 3,858 (+1258.45%)

Mutual labels: penetration-testing

ja3box

extract ja3(s) when sniffing or from a pcap.

Stars: ✭ 53 (-81.34%)

Mutual labels: information-security

Subscraper

Subdomain enumeration through various techniques

Stars: ✭ 265 (-6.69%)

Mutual labels: penetration-testing

xss-chef

A web application for generating custom XSS payloads

Stars: ✭ 70 (-75.35%)

Mutual labels: penetration-testing

Deep-Inside

Command line tool that allows you to explore IoT devices by using Shodan API.

Stars: ✭ 22 (-92.25%)

Mutual labels: penetration-testing

ViPER

Web App Pen Tester (Web Interface)

Stars: ✭ 19 (-93.31%)

Mutual labels: penetration-testing

Sitebroker

A cross-platform python based utility for information gathering and penetration testing automation!

Stars: ✭ 281 (-1.06%)

Mutual labels: penetration-testing

View All Similar Projects ➔

novahot

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python.

Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements "virtual commands" that make it possible to upload, download, edit, and view remote files locallly using your preferred applications.

Installation

Install the executable directly from npm:

[sudo] npm install -g novahot

Then seed a config file:

novahot config > ~/.novahotrc

Usage

View the available trojans with novahot trojan list.
Select a trojan in a language that is appropriate for your target, then copy its source to a new file. (Ex: novahot trojan view basic.php > ~/my-trojan.php)
Change the control password in the newly-created trojan.
Upload the trojan to a web-accessible location on the target.
Configure target information in the targets property in ~/.novahotrc.
Run novahot shell <target> to open a shell.

Shell Modes

Internally, novahot uses "modes" and "adapters" to emulate various interactive clients, currently including the mysql, psql (postgres), and sqlite3 clients.

To change novahot's mode, issue the appropriate "dot command":

.mysql { "username" : "mysql-user", "password" : "the-password", "database" : "the-database" }

(Connection parameters may be specified as JSON while changing modes, or alternatively saved as target configuration data in ~/.novahotrc.)

For example, the mysql mode makes it possible to directly run queries like the following:

mysql> SELECT ID, user_login, user_email, user_pass FROM wp_users;

There additionally exists a payload mode that can be used to POST arbitrary data to the trojan. See the wiki for more information.

Virtual Commands

novahot implements four "virtual commands" that utilize payloads built in to the trojans to extend the functionality of the shell:

download

download <remote-filename> [<local-filename>]

Downloads <remote-filename> to --download-dir, and optionally renames it to <local-filename> if specified.

upload

upload <local-filename> [<remote-filename>]

Uploads <local-filename> to the shell's cwd, and optionally renames <local-filename> to <remote-filename> if specified.

view

view <remote-filename> [<local-filename>]

Downloads <remote-filename> to --download-dir, and optionally renames it to <local-filename> After downloading, the file will be opened by the "viewer" application specified in the configs.

edit

edit <remote-filename>

Downloads <remote-filename> to a temporary file, and then opens that file for editing using the "editor" specified in the configs. Afterward, if changes to the file are saved locally, the file will be re-uploaded to the server automatically.

Provisioning a Test Environment

This repository contains a laboratory environment built on Vagrant, Docker, and the Damn Vulnerable Web Application ("DVWA"). Steps for provisioning the environment vary depending on the capabilities of your physical host.

Using docker-compose

If you have docker and docker-compose installed on your physical host, you may simply do the following:

Clone and cd to this repository
Run: docker-compose up

After the docker container starts, the DVWA will be accessible at http://localhost:80.

Using vagrant

If docker is not installed on your physical host, you may use Vagrant/Virtualbox to access a docker-capable virtual-machine:

Clone and cd to this repository
Provision a virtual machine: vagrant up
SSH into the virtual machine: vagrant ssh
Start the docker container: sudo su; cd /vagrant; docker-compose up

The DVWA will be accessible at http://localhost:8000.

Configuring novahot against the laboratory environment

Specify the following connection strings in your ~/.novahotrc file to connect the novahot client to the PHP trojan embedded in the DVWA container:

{

  "targets": {
    "dvwa" : {
      "uri"      : "http://localhost:8000/novahot.php",
      "password" : "the-password",

      "mysql" : {
        "username": "root",
        "password": "vulnerables",
        "database": "dvwa"
      }
    }
  }

}

You may then establish a webshell via:

novahot shell dvwa

Additional Information

Additional information can be found in the wiki:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 284

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (9) 🔗