DHCP exhaustion attack: DHCPig

DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy >=2.1 library and admin privileges to execute. No configuration necessary, just pass the…

unCAPTCHA Breaks 450 ReCAPTCHAs in Under 6 Seconds

unCAPTCHA is the name of a new automated system designed by a team of four computer science experts from the University of Maryland (UM) that can break Google’s reCAPTCHA challenges with an accuracy of 85%. The system doesn’t target reCAPTCHA’s image-based challenges, but the audio version that Google added so people with disabilities can solve…

Python-based CLI Password Analyser

The ‘pwdlyser’ tool is a Python-based CLI script that automates the arduous process of manually reviewing cracked passwords during password audits following security assessments or penetration tests. There are likely some false positives/negatives, so please use at your own discretion.

PSPunch: Offensive Powershell Console

PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. It’s designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways. It features powerful tab-completion covering commands, parameters and file…

Fake image.jpg (hide known file extensions) to exploit targets

Legal Disclamer: The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. Description: This module takes one existing image.jpg and one payload.exe (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the…

Grep rough audit – source code auditing tool

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

WPForce – WordPress Attack Suite

WPForce is a suite of WordPress Attack tools. Currently this contains 2 scripts – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.