| [-r] | If you specify this option, the top remark lines of the WHOIS record are automatically removed. |
| [-n] | If you specify this option, WhoisCL will get the correct WHOIS server from xx.whois-servers.net, instead of using the internal WHOIS servers list. |
| [-socks4] | Specifies SOCKS4 proxy to use, in IPAddress:Port format |
| [-socks5] | Specifies SOCKS5 proxy to use, in IPAddress:Port format |
| Domain | Domain name. |
Usage: sparty.py [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
Frontpage::
-f FRONTPAGE, --frontpage=FRONTPAGE
-- to check access permissions
on frontpage standard files in vti or bin directory!
Sharepoint::
-s SHAREPOINT, --sharepoint=SHAREPOINT
-- to check
access permissions on sharepoint standard files in
forms or layouts or catalog directory!
Mandatory::
-u URL, --url=URL target url to scan with proper structure
Information Gathering and Exploit::
-v FINGERPRINT, --http_fingerprint=FINGERPRINT
--
fingerprint sharepoint or frontpage based on HTTP
headers!
-d DUMP, --dump=DUMP
-- dump credentials from
default sharepoint and frontpage files (configuration
errors and exposed entries)!
-l DIRECTORY, --list=DIRECTORY
-- check directory listing
and permissions!
-e EXPLOIT, --exploit=EXPLOIT
EXPLOIT = -- exploit vulnerable installations by
checking RPC querying and file uploading
-i SERVICES, --services=SERVICES
SERVICES = -- checking exposed
services !
services !
Authentication [devalias.net]:
-a AUTHENTICATION, --auth-type=AUTHENTICATION
AUTHENTICATION = -- Authenticate with NTLM
user/pass !
General::
-x EXAMPLES, --examples=EXAMPLES
running usage examples !
NOTE: Most DAMM output looks better piped through 'less -S' (upper 'S') as in:
#python damm.py <some DAMM functionality> | less -S (for default output format)
python damm.py -h
usage: damm.py [-h] [-d DIR] [-p PLUGIN [PLUGIN ...]] [-f FILE] [-k KDBG]
[--db DB] [--profile PROFILE] [--debug] [--info] [--tsv]
[--grepable] [--filter FILTER] [--filtertype FILTERTYPE]
[--diff BASELINE] [-u FIELD [FIELD ...]] [--warnings] [-q]
DAMM v1.0 Beta
optional arguments:
-h, --help show this help message and exit
-d DIR Path to additional plugin directory
-p PLUGIN [PLUGIN ...]
Plugin(s) to run. For a list of options use --info
-f FILE Memory image file to run plugin on
-k KDBG KDBG address for the images (in hex)
--db DB SQLite db file, for efficient input/output
--profile PROFILE Volatility profile for the images (e.g. WinXPSP2x86)
--debug Print debugging statements
--info Print available volatility profiles, plugins
--tsv Print screen formatted output.
--grepable Print in grepable text format
--filter FILTER Filter results on name:value pair, e.g., pid:42
--filtertype FILTERTYPE
Filter match type; either "exact" or "partial",
defaults to partial
--diff BASELINE Diff the imageFile|db with this db file as a baseline
-u FIELD [FIELD ...] Use the specified fields to determine uniqueness of
memobjs when diffing
--warnings Look for suspicious objects.
-q Query the supplied db (via --db).
./crunch [min length] [max length] [character set] [options]
./crunch 3 3 ABC\!\@\%
Crunch will now generate the following amount of data: 864 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 216
AAA
AAB
AAC
AA!
AA@
AA%
ABA
...
sudo iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sysctl -w net.ipv4.ip_forward=1sudo apt-get -y install libcap2-bin
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump TEMPLATE_DIRS = (
"templates"
)
For:
TEMPLATE_DIRS = (
("templates"),
)
libpcap, and of course a C compiler.# apt-get install git gcc make libpcap-dev
# git clone https://github.com/robertdavidgraham/isowall
# cd isowall
# makeisowall in the local isowall/bin directory.libpcap.eth0) will be configured as normal, with a TCP/IP stack, so that you can SSH to it.# ./bin/isowall --internal eth1 --external eth2 -c xxxx.confxxxx.conf contains your configuration, which is described below.internal = eth1
internal.target.ip = 10.0.0.129
internal.target.mac = 02:60:8c:37:87:f3
external = eth2
external.router.ip = 10.0.0.1
external.router.mac = 66:55:44:33:22:11
allow = 0.0.0.0/0
block = 192.168.0.0/16
block = 10.0.0.0/8
block = 224.0.0.0-255.255.255.255internal.target.macexternal.router.macinternal.target.ipallow range, but not in a block rangeexternal.router.ipinternal.target.macexternal.router.macinternal.target.ipallow range, but not in a block rangeexternal.router.ip
! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best!
* Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks!
* Found login:password combinations are now printed with the name specified (hostname or IP), not always IP
* Fixed the -M option, works now with many many targets :-)
* -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port"
* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting)
* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks!
* Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks!
* Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev)
* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting)
* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting)
* Updated configure to detect subversion packages on current Cygwin
* Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com)
--verbose
prints a lot of debugging messages to stderr *FIXME*
--undoconly
only prints found instruction if its not element of the standard
instruction list
--fastresults
before iterating through all possible combinates of class and
instruction-number typical class/instruction-values are verified for
availability.
After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first.
--help
prints out the usage
--chv1 pin1
a VERIFY CHV1 instruction with pin1 as argument is executed
--chv2 pin2
a VERIFY CHV2 instruction with pin2 as argument is executed
--brutep1p2
finds valid parameter p1 and p2 combinations for the instruction
the user defined with --cla and --ins .
For parameter p1 the value 0x00 is assumed.
--brutep3
find valid p3 values for given --cla, --ins, --p1 and --p2
--cla CLASS
sets the instruction class to CLASS
--ins INS
sets the instruction-number to INS
--p1 P1
sets parameter p1 to P1
--p2 P2
sets parameter p2 to P2
--p3 P3
sets parameter p3 to P31. ~$ ./thc-smartbrute
run thcsmartbrute without any arguments to brute force for valid instructions
2. ~$ ./thc-smartbrute --undoconly
find valid instructions but only print out non-standard instructions
3. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --brutep1p2
find the first two arguments for the GSM instruction SELECT FILE
4. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --p1 0x00 --p2 0x00 --brutep3
find the 3rd argument for the already found first two arguments
for the GSM instruction SELECT FILE
apk file generation
