Sandcastle – AWS S3 Bucket Enumeration Tool – 10 minute mail

Sandcastle is a Python-based Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations.

Sandcastle - AWS S3 Bucket Enumeration Tool

Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.), you first create a bucket in one of the AWS Regions. You can then upload any number of objects to the bucket.

In terms of implementation, buckets and objects are resources, and Amazon S3 provides APIs for you to manage them.

Examples of the kinds of bucket names it would look for:

  • -training
  • -bucket
  • -dev
  • -attachments
  • -photos
  • -elasticsearch
  • […]

You can find the example bucket names file here.

Using Sandcastle – AWS S3 Bucket Enumeration Tool

Here’s how to get started:

  • Clone this repo (PyPi distribution temporarily disabled).
  • Run sandcastle.py with a target name and input file (grab an example from this repo)
  • Matching bucket permutations will be identified, and read permissions tested.

Status codes and testing for Sandcastle – AWS S3 Bucket Enumeration Tool

  • 404 – Bucket Not Found – Not a target for analysis (hidden by default)
  • 403 – Access Denied – Potential target for analysis via the CLI
  • 200 – Publicly Accessible – Potential target for analysis via the CLI

You can download Sandcastle here:

sandcastle-1.2.3.zip

Or read more here.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Judas DNS – Nameserver DNS Poisoning Attack Tool – 10 minute mail

Judas DNS – Nameserver DNS Poisoning Attack Tool

Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain.

The magic comes with Judas’s rule configurations which allow you to change DNS responses depending on source IP or DNS query type. This allows an attacker to configure a malicious nameserver to do things like selectively re-route inbound email coming from specified source IP ranges (via modified MX records), set extremely long TTLs to keep poisoned records cached, and more.

Read the rest of Judas DNS – Nameserver DNS Poisoning Attack Tool now! Only available at Darknet.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery – 10 minute mail

OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery

The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.

Information Gathering Techniques Used by OWASP Amass for DNS Enumeration and More

The main functionality of Amass is as follows:

  • DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional)
  • Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo
  • Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT
  • APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML
  • Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback

Usage of Amass for DNS Enumeration, Attack Surface Mapping & External Asset Discovery

The Amass tool has several subcommands shown below for handling your Internet exposure investigation.

Read the rest of OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery now! Only available at Darknet.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Hack RTSP Video Surveillance CCTV Cameras – 10 minute mail

Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.

Cameradar - Hack RTSP Video Surveillance CCTV Cameras

The main features of Cameradar are:

  • Detect open RTSP hosts on any accessible target host
  • Detect which device model is streaming
  • Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
  • Launch automated dictionary attacks to get the username and password of the cameras
  • Retrieve a complete and user-friendly report of the results

Using Cameradar to Hack RTSP Video Cameras

Examples to Hack RTSP Camera

Running cameradar on your own machine to scan for default ports

Running cameradar with an input file, logs enabled on port 8554

Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554

You can download Cameradar here:

cameradar-v4.1.3.zip

Or read more here.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

dSploit APK Download – Hacking & Security Toolkit For Android – 10 minute mail

dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities. It aims to offer to IT security experts the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

dSploit APK Download - Hacking & Security Toolkit For Android

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle (MiTM) attacks such as password sniffing (with common protocols dissection), real-time traffic manipulation and more.

Features from dSploit APK Download Hacking Toolkit for Android

Features available on dSploit to hack using an Android phone:

  • WiFi Cracking – The WiFi scanner will show in green access points with known default key generation algorithms, clicking on them allows you to easily crack the key
  • RouterPWN – Launch the http://routerpwn.com/ service to pwn your router.
  • Trace – Perform a traceroute on the target.
  • Port Scanner – A syn port scanner to find quickly open ports on a single target.
  • Inspector – Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
  • Vulnerability Finder – Search for known vulnerabilities for target running services upon the National Vulnerability Database.
  • Login Cracker – A very fast network logon cracker which supports many different services.
  • Packet Forger – Craft and send a custom TCP or UDP packet to the target, such as Wake On LAN packets.
  • MITM – A set of Man-in-the-Middle (MitM) tools to command & conquer the whole network.
  • Simple Sniff – Redirect target’s traffic through this device and show some stats while dumping it to a pcap file.
  • Password Sniffer – Sniff passwords of many protocols such as HTTP, FTP, IMAP, IMAPS, IRC, MSN, etc from the target.
  • Session Hijacker – Listen for cookies on the network and hijack sessions.
  • Kill Connections – Kills connections preventing the target to reach any website or server.
  • Redirect – Redirect all the HTTP traffic to another address.
  • Replace Images – Replace all images on webpages with the specified one.
  • Replace Videos – Replace all youtube videos on webpages with the specified one.
  • Script Injection – Inject a javascript in every visited webpage.
  • Custom Filter – Replace custom text on webpages with the specified one.

Requirements for dSploit APK Download To Work

For dSploit to work correctly you need:

– An ARM CPU
– Gingerbread Android (at least Android 2.3)
– Root
– A full install of BusyBox (every utility, not a partial install)

You can download dSploit here:

Source: dsploit-master.zip
APK: dsploit_1.0.31b.zip

Password for the APK .zip file is darknet123.

Or read more here.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Github Stargazers Information Gathering Tool – 10 minute mail

Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details.

Stardox - Github Stargazers Information Gathering Tool

GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it’s natural to wonder what’s driving interest. Stargazers attempts to get a handle on who these users are by finding out what else they’ve starred, which other repositories they’ve contributed to, and who’s following them on GitHub.

The Data Collected by Stardox Github Stargazers Information Gathering Tool

  • Total repositories
  • Total stars
  • Total followers
  • Total following
  • Stargazer’s e-mail address

How to Install Stardox Github Stargazers Information Gathering Tool

Using Stardox Github Stargazers Information Gathering Tool

Positional arguments:

Optional arguments:

You can download Stardox here:

Stardox-master.zip

Or read more here.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Proof Of Concept PoC HTTP Botnet Project – 10 minute mail

UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.

UBoat - Proof Of Concept PoC HTTP Botnet Project

Reviews of popular botnets have shown HTTP-based botnets have a set of attributes that make it difficult for them to be detected. On the other hand, the number of studies focusing on the detection of HTTP-based botnets is relatively low (compared to the number of those on IRC-based and P2P botnets) especially in the HTTP-based mobile botnets which operate on the mobile devices and networks.

The main objective behind the creation of UBoat was to aid security researchers and to enhance the understanding of commercial HTTP loader style botnets so effective countermeasures can be developed.

Features of UBoat HTTP Botnet

  • Coded in C++ with no dependencies
  • Encrypted C&C Communications
  • Persistence to prevent your control being lost
  • Connection Redundancy (Uses a fallback server address or domain )
  • DDoS methods (TCP & UDP Flood)
  • Task Creation System ( Altering system HWID,Country,IP,OS.System )
  • Remote Commands
  • Update and Uninstall other malware
  • Download and Execute other malware
  • Active as well as Passive Keylogger
  • Enable Windows RDP
  • Plugin system for easy feature updates

Full Panel setup instructions can be found on the UBoat Github Wiki here.

You can download UBoat here:

Panel: UBoat-Panel.zip
Bot: UBoat-Bot.1.0.zip

Or you can read more here.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Search Git for High Entropy Strings with Commit History – 10 minute mail

usage: trufflehog [h] [json] [regex] [rules RULES]

                  [entropy DO_ENTROPY] [since_commit SINCE_COMMIT]

                  [max_depth MAX_DEPTH]

                  git_url

 

Find secrets hidden in the depths of git.

 

positional arguments:

  git_url               URL for secret searching

 

optional arguments:

  h, help            show this help message and exit

  json                Output in JSON

  regex               Enable high signal regex checks

  rules RULES         Ignore default regexes and source from json list file

  entropy DO_ENTROPY  Enable entropy checks

  since_commit SINCE_COMMIT

                        Only scan from a given commit hash

  max_depth MAX_DEPTH

                        The max commit depth to go back when searching for

                        secrets

  i INCLUDE_PATHS_FILE, include_paths INCLUDE_PATHS_FILE

                        File with regular expressions (one per line), at least

                        one of which must match a Git object path in order for

                        it to be scanned; lines starting with “#” are treated

                        as comments and are ignored. If empty or not provided

                        (default), all Git object paths are included unless

                        otherwise excluded via the exclude_paths option.

  x EXCLUDE_PATHS_FILE, exclude_paths EXCLUDE_PATHS_FILE

                        File with regular expressions (one per line), none of

                        which may match a Git object path in order for it to

                        be scanned; lines starting with “#” are treated as

                        comments and are ignored. If empty or not provided

                        (default), no Git object paths are excluded unless

                        effectively excluded via the include_paths option.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Dumper – Dump WiFi Profiles and Cleartext Passwords – 10 minute mail

WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine. This tool will help you in a Wifi penetration testing and could also be useful when performing red team assessments or internal infrastructure engagements.

WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords

Each option in the tool generates the “.txt” file as an output, if you run the tool multiple times, the output gets appended to the previous results.

Features of WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords

Option 1:Shows the wireless networks available to the system. If the interface name is given, only the networks on the given interface will be listed. Otherwise, all networks visible to the system will be listed.

Option 2: Shows a list of wireless profiles configured on the system.

Option 3: Shows the allowed and blocked the wireless network list.

Option 4: Shows a list of all the wireless LAN interfaces on the system.

Option 5: Generates a detailed report about each wireless access point profile on the system. Group Policy Profiles are read-only. User Profiles are readable and writeable, and the preference order can be changed.

Option 6: Dumps the cleartext passwords of every wireless profile on the system. Make sure to generate the profile file (by selecting option 2) before running this option. Always run this as an administrator user to see the cleartext password. User needs to provide the individual wireless name by reading the profile names (option 7).

Option 7: It opens the list of wireless profiles on the system using notepad.

Option 8: It saves WLAN profiles to XML files.

Option 9: Exit gracefully.

You can download WiFi-Dumper here:

Wifi-Dumper-master.zip

Or read more here.


Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!