رفتن به مطلب

انجمن هک و امنیت گروه امنیتی ایران - Iran Security Group

قوانین و شرایط استفاده از سایت ISG

تمامی فعالیت ها

این جریان به طور خودکار بروزرسانی می شود     

  1. هفته گذشته
  2. فعال ساز همه محصولات 2020 JetBrains : JetBrains RubyMine JetBrains WebStorm JetBrains PhpStorm JetBrains GoLand JetBrains PyCharm JetBrains Rider JetBrains AppCode JetBrains DataGrip JetBrains ReSharper JetBrains IntelliJ IDEA JetBrains CLion JetBrains dotTrace Performance نحوه استفاده از فعال ساز: 1. Run the IDE and evalutate for free. You can reset eval by using: reset_eval script. 2. Drag the jetbrains-agent.jar into the IDE window (Or install it as an IDE plugin). (Actually you can drag jetbrains-agent-latest.zip too) Click "Restart" button to restart your IDE. 3. You will see the JetbrainsAgent Helper dialog. Select license type and click install button. 4. Restart IDE, and all done. x. Support "License server" and "Activation code": 1). Entry license server address: [Hidden Content] (Or http, if failed see no.2 [below]) 2). Active offline with the activation code file: ACTIVATION_CODE.txt License key is in legacy format == Key invalid,check your agent's config again If you need a custom license name, visit: [Hidden Content] 3). Now you can activate jetbrains paid plugin with jetbrains-agent + activation code/license server! Jetbrains paid plugins activation code: [Hidden Content] All paid plugins: [Hidden Content] JetBrains.Agent.v3.2.1.zip
  3. Root SmasheЯ

    Welcome to Pages

    Welcome to Pages! Pages extends your site with custom content management designed especially for communities. Create brand new sections of your community using features like blocks, databases and articles, pulling in data from other areas of your community. Create custom pages in your community using our drag'n'drop, WYSIWYG editor. Build blocks that pull in all kinds of data from throughout your community to create dynamic pages, or use one of the ready-made widgets we include with the Invision Community. View our Pages documentation
  4. Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. Download Burp Suite Pro 2020.4.1 Build 2502 [Hidden Content]
  5. ویدیو ها در YouTube: unbreakable reverse shells - how to spawn unbreakable reverse shells - multiple shells
  6. آموزش نحوه ایجاد یک reverse shell غیرقابل شکستن آموزش نحوه ایجاد چند reverse shell غیرقابل شکستن
  7. Root SmasheЯ

    pwncat-netcat on steroids

    pwncat is a sophisticated bind and reverse shell handler with many features as well as a drop-in replacement or compatible complement to netcat, ncat or socat. pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) . Motivation Ever accidentally hit Ctrl+c on your reverse shell and it was gone for good? Ever waited forever for your client to connect back to you, because the Firewall didn't let it out? Ever had a connection loss because an IPS closed suspicious ports? Ever were in need of a quick port forwarding? Apart from that the current features of nc, ncat or socat just didn't feed my needs and I also wanted to have a single tool that works on older and newer machines (hence Python 2+3 compat). Most importantly I wanted to have it in a language that I can understand and provide my own features with. (Wait for it, binary releases for Linux, MacOS and Windows will come shortly). Download pwncat [Hidden Content]
  8. Root SmasheЯ

    مستند Zero Days

    این مستند محصول ۸ جولای ۲۰۱۶ و ساخته الکس گیبنی است که موضوع آن در رابطه با حمله سایبری ایالات‌متحده آمریکا و اسرائیل علیه برنامه هسته‌ای ایران و آلوده سازی سانتریفیوژ‌های ایران با ویروس استاکس‌نت است. الکس گیبنی مستندساز ۶۲ ساله آمریکایی است که مستند‌های او در جشنواره‌های گوناگون بارها جایزه دریافت کرده است. از جمله آثار مستند او می‌توان به مستند‌های زیر اشاره کرد: We Steal Secrets: The Story of Wikileaks Going Clear: Scientology and the Prison of Belief (برنده سه جایزه Emmy در سال ۲۰۱۵) Mea Maxima Culpa: Silence in the House of God (برنده سه جایزه Emmy) Enron: The Smartest Guys in the Room (نامزد بهترین مستند در جشنواره اسکار ۲۰۰۵) Casino Jack and the United States of Money Client 9: The Rise and Fall of Eliot Spitzer (جز لیست کوتاه شده برای بهترین مستند در جشنواره اسکار ۲۰۱۱) Taxi to the Dark Side (برنده بهترین مستند در اسکار ۲۰۰۷) این مستند روند شکل‌گیری ویروس استاکس‌نت را با جزئیات کامل شرح می‌دهد و چگونگی داخل شدن این ویروس به تجهیزات هسته‌ای نطنز را مورد بررسی قرار می‌دهد. همچنین در این مستند به برنامه سایبری آمریکا با نام Nitro Zeus که برای حمله به زیرساخت‌های حیاتی ایران طراحی شده است اشاره می‌شود که حمله ویروس استاکس‌نت بخشی از این برنامه بوده است. شروع مستند با نمایش تصاویری از شمای شهر تهران و تصاویر مربوط به یک مستند ایرانی در رابطه با ترور دانشمندان هسته‌ای ایران می‌باشد که با صحبت‌های یک مأمور اطلاعاتی موساد همراه است. سپس نمایش صحنه‌هایی از یک مستند ایرانی که به بازسازی صحنه‌های ترور دانشمندان هسته‌ای ایران پرداخته است به همراه سخنرانی رئیس‌جمهور وقت ایران (محمود احمدی‌نژاد) نظر مخاطب را به خود جلب می‌کند. نمایش تصاویر گوناگون از خبرگزاری‌های ایران، مستندات پخش شده در تلویزیون ایران و سخنرانی‌های مختلف رئیس‌جمهور ایران تا انتهای مستند و به زبان فارسی تکرار می‌شود که در کنار بالا بردن جذابیت مستند شبهات زیادی هم در ذهن مخاطب فارسی‌زبان یا غیرفارسی‌زبان به وجود می‌آورد که نیاز به تأمل بیشتری دارد.همان‌طور که در بالا ذکر شد این مستند درباره ویروس استاکس‌نت و نحوه شناسایی آن می‌باشد. نام اصلی این حمله «عملیات بازی‌های المپیک»یا «حمله به نطنز» بوده است که اسم رمز برنامه‌ای مشترک میان آمریکا و اسرائیل است علیه ایران که با تائید جورج بوش و باراک اوباما طراحی و اجرا شده است و این برنامه در نهاد‌های امنیتی سایبری آمریکا و اسرائیل یعنی NSA و بخش ۸۲۰۰ در سازمان اطلاعات سایبری اسرائیل با این نام شناخته می‌شود اما پس از شناسایی آن برای اینکه کد‌نویسان بتوانند در سراسر دنیا با یک نام واحد آن‌ها بشناسند با استفاده از کلماتی که در کد باینری آن آمده است و اتصال آن‌ها به هم نام Stuxnet را برای آن برگزیدند. منبع : usfacts.ir نام مستند : Zero Days سال انتشار: 2016 مدت زمان: 116 دقیقه حجم: 893 مگابایت کیفیت: WEBRip 720p زبان: انگلیسی زیرنویس فارسی : دارد Download [Hidden Content] (www.MihaniDownload.com).mkv زیرنویس فارسی: [Hidden Content]
  9. Root SmasheЯ

    Graffiti-Generate obfuscated one liners

    Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on the list and store the oneliner into a database. Features Graffiti comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques: Xor Base64 Hex ROT13 Raw Some features of Graffiti include: Terminal drop in access, with the ability to run external commands Ability to create your own payload JSON files Ability to view cached payloads inside of the database Ability to run the database in memory for quick deletion Terminal history and saving of terminal history Auto tab completion inside of terminal Ability to securely wipe the history files and database file Multiple encoding techniques as mentioned above DEMO: Download Graffiti [Hidden Content]
  10. Root SmasheЯ

    httpX

    httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Features Simple and modular code base making it easy to contribute. Fast And fully configurable flags to probe mutiple elements. Supports vhost, urls, ports, title, content-length, status-code, response-body probbing. Smart auto fallback from https to http as default. Supports hosts and URLs as input. Handles edge cases doing retries, backoffs etc for handling WAFs. Download httpX [Hidden Content]
  11. Metasploit Payload Generator | Crypter FUD AntiVirus Evasion Download RapidPayload [Hidden Content]
  12. Root SmasheЯ

    XSS-LOADER

    All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER Features *Basic Payload Sets default parameter to :<script>alert(1)</script> *Div Payload Sets default parameter to :<div onpointerover='alert(1)'>MOVE HERE</div *Img Payload Sets default parameter to :<img src=x onerror=alert('1');> *Body Payload Sets default parameter to :<body ontouchstart=alert(1)> *Svg Payload Sets default parameter to :<svg onload=alert('1')> *Enter Your Payload Encodes payload writed by user *Payload Generator Parameter Encodes payload on selected tag *Xss Scanner Initially you'll need to enter url of target Please enter the url like this example==>e.g target -----> [Hidden Content]= Selected for scanning payload list *Xss Dork Finder First enter the dork for searching: e.g---->inurl:"search.php?q=" Results will be saved in "dork.txt" after scanning. Download XSS-LOADER [Hidden Content]
  13. CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. These models can then be used to crack CAPTCHAs with a high degree of accuracy. When used in conjunction with other scripts, CAPTCHA22 gives rise to attack automation; subverting the very control that aims to stop it. Download CAPTCHA22 [Hidden Content]
  14. Inject Macro and DDE code into Excel and Word documents (reverse shell) Features: Inject malicious Macro on formats: docm, dotm, xlsm, xltm Inject malicious DDE code on formats: doc, docx, dot, xls, xlsx, xlt, xltx Python2/Python3 Compatible Tested: Win10 (MS Office 14.0) Requirements: Microsoft Office (Word/Excel) pywin32: python -m pip install -r requirements.txt Download EvilOffice [Hidden Content]
  15. Root SmasheЯ

    Kerbrute-Kerberos pre-auth bruteforcing

    A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. Bruteforcing Windows passwords with Kerberos is much faster than any other approach I know of, and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625. With Kerberos, you can validate a username or test a login by only sending one UDP frame to the KDC (Domain Controller) Download Kerbrute [Hidden Content]
  16. Root SmasheЯ

    PCredz

    This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. Features Extract from a pcap file or from a live interface: Credit card numbers POP SMTP IMAP SNMP community string FTP HTTP NTLMv1/v2 (DCE-RPC,SMBv1/2,LDAP, MSSQL, HTTP, etc) Kerberos (AS-REQ Pre-Auth etype 23) hashes. All hashes are displayed in a hashcat format (use -m 7500 for kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2). Log all credentials to a file (CredentialDump-Session.log). Download PCredz [Hidden Content]
  17. Root SmasheЯ

    NetRipper-Smart traffic sniffing

    NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada. Download NetRipper [Hidden Content]
  18. Root SmasheЯ

    ReconDog

    Reconnaissance Swiss Army Knife Main Features Wizard + CLA interface Can extracts targets from STDIN (piped input) and act upon them All the information is extracted with APIs, no direct contact is made to the target Utilities Censys: Uses censys.io to gather massive amount of information about an IP address. NS Lookup: Does name server lookup Port Scan: Scan most common TCP ports Detect CMS: Can detect 400+ content management systems Whois lookup: Performs a whois lookup Detect honeypot: Uses shodan.io to check if target is a honeypot Find subdomains: Uses findsubdomains.com to find subdomains Reverse IP lookup: Does a reverse IP lookup to find domains associated with an IP address Detect technologies: Uses wappalyzer.com to detect 1000+ technologies All: Runs all utilities against the target Download ReconDog [Hidden Content]
  19. Root SmasheЯ

    Shad0w-Post exploitation framework

    shad0w is a post exploitation framework designed to operate covertly on heavily monitored environments Features C2 Server Secure communication over HTTPS. Clone and live proxy any website, making the C2 fully browseable. Beacons Staged and static beacons Shellcode and powershell formats allow for completely fileless attacks Uses native windows syscalls Bypasses userland API hooking Blocks EDR from loading DLLs into its process Can execute .NET assemblys, EXEs, DLLs, VBS, JS or XSL files completly in memory Common privilage escalation exploits built in Interact with the file system Configurable C2 callback jitter Interface Asynchronous command line Auto complete Up/Down history Reverse command search Syntax highlighing Download Shad0w-Post exploitation framework [Hidden Content]
  20. LES tool is designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine. It provides following functionality: Assessing kernel exposure on publicly known exploits Verifying state of kernel hardening security measures Download LES - Linux privilege escalation auditing tool [Hidden Content]
  21. Root SmasheЯ

    Linux Exploit Suggester 2

    Next-generation exploit suggester based on Linux_Exploit_Suggester Key Improvements Include: More exploits! Option to download exploit code directly from Exploit DB Accurate wildcard matching. This expands the scope of searchable exploits. Output colorization for easy viewing. And more to come! This script is extremely useful for quickly finding privilege escalation vulnerabilities both in on-site and exam environments. Download Linux Exploit Suggester 2 [Hidden Content]
  22. Entynet Hacker Tools (Ehtools Framework) Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize. Download Entynet Hacker Tools [Hidden Content]
  23. Root SmasheЯ

    WAFW00F-Identify and fingerprint WAF

    WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks. Detectable WAF's: WAF Name Manufacturer -------- ------------ ACE XML Gateway Cisco aeSecure aeSecure AireeCDN Airee Airlock Phion/Ergon Alert Logic Alert Logic AliYunDun Alibaba Cloud Computing Anquanbao Anquanbao AnYu AnYu Technologies Approach Approach AppWall Radware Armor Defense Armor ArvanCloud ArvanCloud ASP.NET Generic Microsoft ASPA Firewall ASPA Engineering Co. Astra Czar Securities AWS Elastic Load Balancer Amazon AzionCDN AzionCDN Azure Front Door Microsoft Barikode Ethic Ninja Barracuda Barracuda Networks Bekchy Faydata Technologies Inc. Beluga CDN Beluga BIG-IP Local Traffic Manager F5 Networks BinarySec BinarySec BitNinja BitNinja BlockDoS BlockDoS Bluedon Bluedon IST BulletProof Security Pro AITpro Security CacheWall Varnish CacheFly CDN CacheFly Comodo cWatch Comodo CyberSecurity CdnNS Application Gateway CdnNs/WdidcNet ChinaCache Load Balancer ChinaCache Chuang Yu Shield Yunaq Cloudbric Penta Security Cloudflare Cloudflare Inc. Cloudfloor Cloudfloor DNS Cloudfront Amazon CrawlProtect Jean-Denis Brun DataPower IBM DenyALL Rohde & Schwarz CyberSecurity Distil Distil Networks DOSarrest DOSarrest Internet Security DotDefender Applicure Technologies DynamicWeb Injection Check DynamicWeb Edgecast Verizon Digital Media Eisoo Cloud Firewall Eisoo Expression Engine EllisLab BIG-IP AppSec Manager F5 Networks BIG-IP AP Manager F5 Networks Fastly Fastly CDN FirePass F5 Networks FortiWeb Fortinet GoDaddy Website Protection GoDaddy Greywizard Grey Wizard Huawei Cloud Firewall Huawei HyperGuard Art of Defense Imunify360 CloudLinux Incapsula Imperva Inc. IndusGuard Indusface Instart DX Instart Logic ISA Server Microsoft Janusec Application Gateway Janusec Jiasule Jiasule Kona SiteDefender Akamai KS-WAF KnownSec KeyCDN KeyCDN LimeLight CDN LimeLight LiteSpeed LiteSpeed Technologies Open-Resty Lua Nginx FLOSS Oracle Cloud Oracle Malcare Inactiv MaxCDN MaxCDN Mission Control Shield Mission Control ModSecurity SpiderLabs NAXSI NBS Systems Nemesida PentestIt NevisProxy AdNovum NetContinuum Barracuda Networks NetScaler AppFirewall Citrix Systems Newdefend NewDefend NexusGuard Firewall NexusGuard NinjaFirewall NinTechNet NullDDoS Protection NullDDoS NSFocus NSFocus Global Inc. OnMessage Shield BlackBaud Palo Alto Next Gen Firewall Palo Alto Networks PerimeterX PerimeterX PentaWAF Global Network Services pkSecurity IDS pkSec PT Application Firewall Positive Technologies PowerCDN PowerCDN Profense ArmorLogic Puhui Puhui Qcloud Tencent Cloud Qiniu Qiniu CDN Reblaze Reblaze RSFirewall RSJoomla! RequestValidationMode Microsoft Sabre Firewall Sabre Safe3 Web Firewall Safe3 Safedog SafeDog Safeline Chaitin Tech. SecKing SecKing eEye SecureIIS BeyondTrust SecuPress WP Security SecuPress SecureSphere Imperva Inc. Secure Entry United Security Providers SEnginx Neusoft ServerDefender VP Port80 Software Shield Security One Dollar Plugin Shadow Daemon Zecure SiteGround SiteGround SiteGuard Sakura Inc. Sitelock TrueShield SonicWall Dell UTM Web Protection Sophos Squarespace Squarespace SquidProxy IDS SquidProxy StackPath StackPath Sucuri CloudProxy Sucuri Inc. Tencent Cloud Firewall Tencent Technologies Teros Citrix Systems Trafficshield F5 Networks TransIP Web Firewall TransIP URLMaster SecurityCheck iFinity/DotNetNuke URLScan Microsoft UEWaf UCloud Varnish OWASP Viettel Cloudrity VirusDie VirusDie LLC Wallarm Wallarm Inc. WatchGuard WatchGuard Technologies WebARX WebARX Security Solutions WebKnight AQTRONIX WebLand WebLand RayWAF WebRay Solutions WebSEAL IBM WebTotem WebTotem West263 CDN West263CDN Wordfence Defiant WP Cerber Security Cerber Tech WTS-WAF WTS 360WangZhanBao 360 Technologies XLabs Security WAF XLabs Xuanwudun Xuanwudun Yundun Yundun Yunsuo Yunsuo Yunjiasu Baidu Cloud Computing YXLink YxLink Technologies Zenedge Zenedge ZScaler Accenture Download WAFW00F [Hidden Content]
  24. Root SmasheЯ

    Inshackle-Instagram Tracker

    Instagram hacks: Track unfollowers, Increase your followers, Download Stories, etc Features: Unfollow Tracker Increase Followers Download: Stories, Saved Content, Following/followers list, Profile Info Unfollow all your following Download Inshackle [Hidden Content]
  25. Enumy is an ultra fast portable executable that you drop on target Linux machine during a pentest or CTF in the post exploitation phase. Running enumy will enumerate the box for common security vulnerabilities. Enumy is portable executable that you drop on target Linux machine during a pentest or CTF in the post exploitation phase. Running enumy will enumerate the box for common security vulnerabilities. Who Should Use Enumy Pentester can run on a target machine raisable issues for their reports. CTF players can use it identify things that they might have missed. People who are curious to know how many isues enumy finds on their local machine? Download Enumy [Hidden Content]
  26. Root SmasheЯ

    Offensive Ansible برای Red Team

    لینک ویدیو در YouTube:
  1. نمایش فعالیت های بیشتر
×
×
  • اضافه کردن...