THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: AFP, Cisco, cisco-enable, CVS, Firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, https-form-get, https-form-post, ICQ, IMAP, IMAP-NTLM, ldap2, ldap3, MySQL, mysql,...
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux,...
Information Gathering / Network PenTest / Password Attacks / Vulnerability Analysis
by do son · Published December 31, 2017 · Last modified October 10, 2021
lyncsmash a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations Note: these tools will not work with Skype/Lync installations hosted at Microsoft. Download git clone https://github.com/nyxgeek/lyncsmash.git scripts lyncsmash.py...
Exploitation / Information Gathering / Metasploit / Network PenTest / Vulnerability Analysis
by do son · Published November 29, 2016 · Last modified October 10, 2021
Description The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key. Solution...
myBFF is a web application brute force framework. Point the framework at a file containing usernames, a host, and give it a password. The framework will determine what type of web application is in...
Password Attacks / Web Maintaining Access / WebApp PenTest
by do son · Published June 10, 2017 · Last modified March 17, 2018
Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey. Cheetah’s working principle is that it can submit a large number of detection passwords based on...
Burp suite has always been used to burst a variety of forms used to submit the login authentication, today I am going guide you how to use the Burp Suite to brute force HTTP...
What is MQTT? MQTT stands for MQ Telemetry Transport. It is a publish/subscribe, extremely simple and lightweight messaging protocol, designed for constrained devices and low-bandwidth, high-latency or unreliable networks. The design principles are to...
Password dictionary is mainly used in conjunction with password cracking software, the password dictionary includes many people habitually set the password. This can improve the password crack software password cracking success rate and hit rate,...
THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: afp, cisco, cisco-enable, cvs, firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, httpsform-get, https-form-post, icq, imap, imap-ntlm, ldap2, ldap3, mssql, mysql,...
