V3n0M – An Open Source Vulnerability Scanner

V3n0M - An Open Source Vulnerability Scanner

V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability.

This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds.

It is very useful for executing:

  • Cloudflare Resolver[Cloudbuster]
  • LFI->RCE and XSS Scanning[LFI->RCE & XSS]
  • SQL Injection Vuln Scanner[SQLi]
  • Extremely Large D0rk Target Lists
  • AdminPage Finding
  • Toxin [Vulnerable FTPs Scanner]
  • DNS BruteForcer
  • Python 3.6 Asyncio based scanning

The official adoption of darkd0rker heavily recoded, updated, expanded and improved upon

  • Brand new, just outta the box!
  • Most efficient Cloudflare resolver around with easy to use interface.
  • Extremely quick “Toxin” Vulnerable IP scanner to scan potentially millions of IPs for known vulnerable services.
  • Largest and most powerful d0rker online, 14k+d0rks searched over ~ Engines at once.
  • Free and Open /src/
  • cross-platform Python-based toolkit
  • Release 425 Released on 18th February 2018
  • Licensed under GPLv3

Tested on: ArchLinux 4.14, Ubuntu, Debian, Kali, MacOS, BlackArch, Manjaro/ArchLinux ARM Ed. Android-Termux.

Note for Ubuntu users: Please make sure you have installed –> sudo apt-get install python3-bs4 and apt-get install python3-setuptools

      Otherwise you may get Syntax Error stopping the program from running.
Note for Kali users: Please make sure you have installed –> apt-get install python3-dev apt-get install python-dev

Install Note:

$ git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner.git
$ cd V3n0M-Scanner/
$ python3 setup.py install --user


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

KillChain – A Unified Console To Perform The “Kill Chain” Stages of Attacks

Kill Chain Setup:

Installing Killchain.py:

sudo apt-get update
sudo apt-get install websploit openvas veil-evasion tor
sudo git clone https://github.com/ruped24/killchain.git
cd killchain
chmod +x killchain.py
sudo ./killchain.py

Once the installation is complete:
Go through the options on the menu:

OpenVas takes a while on first run. Go get a coffee or two. You can launch multi Kill 
Chain sessions. No need to watch paint dry. Once OpenVas setup has completed; Reset 
openvas web interface admin password by running the commands below in an external 
terminal.
sudo openvas-start
sudo openvasmd --user=admin --new-password=
Point your browser to https://localhost:9392

Login Username = admin

Login Password = Your_new_reset_admin_password
Note on Veil-Evasion: Veil will complete the setup upon launch. Accept all the defaults. 
This takes a while. Don't leave the screen tho, there's dialog you will have to click 
through. Once it’s complete, it will auto launch.

Websploit: To exit websploit, type exit.

Metasploit: To exit Metasploit, type exit.

WiFite: It’s for site survey within the framework of this console.

Run wifite in an external terminal to do wireless attacks against the target.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

RootHelper – A Bash Script that Downloads and Unzips Scripts that will Aid with Privilege Escalation on a Linux System

RootHelper - A Bash Script that Downloads and Unzips Scripts that will Aid with Privilege Escalation on a Linux System

Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads five scripts. Two enumeration shellscripts, one information gathering shellscript and two exploit suggesters, one written in perl and the other one in python.

Priv-Esc scripts:

LinEnum

Shellscript that enumerates the system configuration.

unix-privesc-check

Shellscript that enumerates the system configuration and runs some privilege escalation checks as well.

Firmwalker

Shellscript that gathers useful information by searching the mounted firmware filesystem. For things such as SSL and web server related files, config files, passwords, common binaries and more.

linuxprivchecker

A python implementation to suggest exploits particular to the system that’s been compromised.

Linux_Exploit_Suggester

A perl script that that does the same as the one mentioned above.

Usage:

To use the script you will need to get it on the system you’ve compromised with utilities such as git or wget depending on what is available to you on that particular system. From there you need to make it executable with chmod +x roothelper.sh After which run it and it will show you the options available and an informational message regarding the options. For clarity, i have posted it below as well.

The 'Help' option displays this informational message.

The 'Download' option fetches the relevant files and places them in the /tmp/ directory.

The option 'Download and unzip' downloads all files and extracts the contents of zip 
archives to their individual subdirectories respectively, please note; if the 'mkdir' 
command is unavailable however, the operation will not succeed and the 'Download' 
option should be used instead

The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.